首页 > 基础资料 博客日记

unidbg执行某一段并替换值及断点汇编执行分析

2023-07-24 09:57:10基础资料围观354

文章unidbg执行某一段并替换值及断点汇编执行分析分享给大家,欢迎收藏Java资料网,专注分享技术知识

package com.dta.lesson27;

import com.github.unidbg.AndroidEmulator;
import com.github.unidbg.Module;
import com.github.unidbg.arm.backend.Backend;
import com.github.unidbg.linux.AndroidElfLoader;
import com.github.unidbg.linux.android.AndroidEmulatorBuilder;
import com.github.unidbg.linux.android.AndroidResolver;
import com.github.unidbg.linux.android.dvm.DalvikModule;
import com.github.unidbg.linux.android.dvm.DvmClass;
import com.github.unidbg.linux.android.dvm.DvmObject;
import com.github.unidbg.linux.android.dvm.VM;
import com.github.unidbg.memory.Memory;
import com.github.unidbg.memory.MemoryBlock;
import com.github.unidbg.pointer.UnidbgPointer;
import keystone.Keystone;
import keystone.KeystoneArchitecture;
import keystone.KeystoneEncoded;
import keystone.KeystoneMode;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import unicorn.ArmConst;

import java.io.File;
import java.nio.charset.StandardCharsets;


public class MainActivity {
    private final AndroidEmulator emulator;
    private final VM vm;
    private final Memory memory;
    private final Module module;

    public MainActivity(){
        emulator = AndroidEmulatorBuilder
                .for32Bit()
                //.setRootDir(new File("target/rootfs/default"))
                //.addBackendFactory(new DynarmicFactory(true))
                .build();

        memory = emulator.getMemory();
        memory.setLibraryResolver(new AndroidResolver(23));

        vm = emulator.createDalvikVM();
        vm.setVerbose(true);

        DalvikModule dalvikModule = vm.loadLibrary(new File("unidbg-android/src/test/java/com/dta/lesson27/libcyberpeace.so"), false);
        module = dalvikModule.getModule();

        vm.callJNI_OnLoad(emulator,module);
    }

    static {
        Logger.getLogger(AndroidElfLoader.class).setLevel(Level.INFO);
    }


    public static void main(String[] args) {
        long start = System.currentTimeMillis();
        MainActivity mainActivity = new MainActivity();
        System.out.println("load the vm "+( System.currentTimeMillis() - start )+ "ms");
        mainActivity.debugger();
        //mainActivity.check();
        mainActivity.callAddress();

    }

    //断点
    private void debugger() {
        emulator.attach().addBreakPoint(module,0x10B8);
    }

    private void check() {
        DvmClass obj = vm.resolveClass("com/testjava/jack/pingan2/cyberpeace");
        //public static native int CheckString(String str);
        String input = "123456654321abcdeffedcba4321abcd";
        int i = obj.callStaticJniMethodInt(emulator, "CheckString(Ljava/lang/String;)I", input);
        System.out.println("result  ==> "+ i);
    }

    private void callAddress(){
        emulator.traceCode(); //汇编执行指令
        UnidbgPointer buffer = memory.malloc(32, false).getPointer();
        buffer.setString(0,"f72c5a36569418a20907b55be5bf95ad");

        Backend backend = emulator.getBackend();
        backend.reg_write(ArmConst.UC_ARM_REG_R4,buffer.peer);
        module.callFunction(emulator,0x108B);
    }
}

文章来源:https://blog.csdn.net/weixin_38927522/article/details/127872416
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若内容造成侵权/违法违规/事实不符,请联系邮箱:jacktools123@163.com进行投诉反馈,一经查实,立即删除!

标签:

上一篇:30、JAVA进阶——Socket编程
下一篇:Java支付SDK接口远程调试 - 支付宝沙箱环境【公网地址调试】

相关文章

最新发布

点击排行

本站推荐

标签云