首页 > 基础资料 博客日记
unidbg非反射调用demo(一)
2023-07-24 11:46:36基础资料围观460次
Java资料网推荐unidbg非反射调用demo(一)这篇文章给大家,欢迎收藏Java资料网享受知识的乐趣
记录学习笔记~
package com.dta.lesson2;
import com.github.unidbg.AndroidEmulator;
import com.github.unidbg.Module;
import com.github.unidbg.arm.backend.DynarmicFactory;
import com.github.unidbg.linux.android.AndroidEmulatorBuilder;
import com.github.unidbg.linux.android.AndroidResolver;
import com.github.unidbg.linux.android.dvm.DalvikModule;
import com.github.unidbg.linux.android.dvm.DvmObject;
import com.github.unidbg.linux.android.dvm.StringObject;
import com.github.unidbg.linux.android.dvm.VM;
import com.github.unidbg.linux.android.dvm.jni.ProxyDvmObject;
import com.github.unidbg.memory.Memory;
import com.sun.jna.Pointer;
import net.dongliu.apk.parser.Main;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
public class MainActivity {
private final AndroidEmulator emulator;
private final VM vm;
private final Memory memory;
private final Module module;
public MainActivity(){
emulator = AndroidEmulatorBuilder
.for32Bit()
//.setRootDir(new File("target/rootfs/default"))
//.addBackendFactory(new DynarmicFactory(true))
.build();
memory = emulator.getMemory();
memory.setLibraryResolver(new AndroidResolver(23));
vm = emulator.createDalvikVM(new File("unidbg-android/src/test/java/com/dta/lesson2/app-debug.apk"));
DalvikModule dalvikModule = vm.loadLibrary(new File("unidbg-android/src/test/java/com/dta/lesson2/libnative-lib.so"), true);
module = dalvikModule.getModule();
vm.callJNI_OnLoad(emulator,module);
}
public void callMd5(){
DvmObject obj = ProxyDvmObject.createObject(vm,this);
String data = "dta";
DvmObject dvmObject = obj.callJniMethodObject(emulator, "md5(Ljava/lang/String;)Ljava/lang/String;", data);
String result = (String) dvmObject.getValue();
System.out.println("[symble] Call the so md5 function result is ==> "+ result);
}
private void call_address() {
Pointer jniEnv = vm.getJNIEnv();
DvmObject obj = ProxyDvmObject.createObject(vm,this);
StringObject data = new StringObject(vm,"dta");
List<Object> args = new ArrayList<>();
args.add(jniEnv);
args.add(vm.addLocalObject(obj));
args.add(vm.addLocalObject(data));
Number[] numbers = module.callFunction(emulator, 0x8E81, args.toArray());
DvmObject<?> object = vm.getObject(numbers[0].intValue());
String value = (String) object.getValue();
System.out.println("[addr] Call the so md5 function result is ==> "+ value);
}
public static void main(String[] args) {
long start = System.currentTimeMillis();
MainActivity mainActivity = new MainActivity();
System.out.println("load the vm "+( System.currentTimeMillis() - start )+ "ms");
mainActivity.callMd5();
mainActivity.call_address();
}
}
other
package com.r0ysue;
import com.github.unidbg.AndroidEmulator;
import com.github.unidbg.Module;
import com.github.unidbg.linux.android.AndroidEmulatorBuilder;
import com.github.unidbg.linux.android.AndroidResolver;
import com.github.unidbg.linux.android.dvm.*;
import com.github.unidbg.linux.android.dvm.jni.ProxyDvmObject;
import com.github.unidbg.memory.Memory;
import com.sun.jna.Pointer;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
public class demo1 extends AbstractJni {
private final AndroidEmulator emulator;
private final VM vm;
private final Memory memory;
private final Module module;
public demo1() {
emulator = AndroidEmulatorBuilder
.for32Bit()
//.setRootDir(new File("target/rootfs/default"))
//.addBackendFactory(new DynarmicFactory(true))
.build();
memory = emulator.getMemory();
memory.setLibraryResolver(new AndroidResolver(23));
// vm = emulator.createDalvikVM(new File("unidbg-android/src/test/java/com/dta/lesson2/app-debug.apk"));
vm = emulator.createDalvikVM(new File("unidbg-android/src/test/resources/ro/uuu.apk"));
// vm.setVerbose(true);
vm.setJni(this);
DalvikModule dalvikModule = vm.loadLibrary("native-lib", true);
module = dalvikModule.getModule();
vm.callJNI_OnLoad(emulator, module);
}
public demo1(AndroidEmulator emulator, VM vm, Memory memory, Module module) {
this.emulator = emulator;
this.vm = vm;
this.memory = memory;
this.module = module;
}
public void callMd5() {
// DvmObject obj = ProxyDvmObject.createObject(vm, "com/dta/lesson2/MainActivity");
DvmObject obj = vm.resolveClass("com/dta/lesson2/MainActivity").newObject(null);
String data = "dta";
DvmObject dvmObject = obj.callJniMethodObject(emulator, "md5(Ljava/lang/String;)Ljava/lang/String;", data);
String result = (String) dvmObject.getValue();
System.out.println("[symble] Call the so md5 function result is ==> " + result);
}
private void call_address() {
Pointer jniEnv = vm.getJNIEnv();
DvmObject obj = ProxyDvmObject.createObject(vm, this);
StringObject data = new StringObject(vm, "dta");
List<Object> args = new ArrayList<>();
args.add(jniEnv);
args.add(vm.addLocalObject(obj));
args.add(vm.addLocalObject(data));
Number numbers = module.callFunction(emulator, 0x8E81, args.toArray());
DvmObject<?> object = vm.getObject(numbers.intValue());
String value = (String) object.getValue();
System.out.println("[addr] Call the so md5 function result is ==> " + value);
}
public static void main(String[] args) {
long start = System.currentTimeMillis();
demo1 demo1 = new demo1();
System.out.println("load the vm " + (System.currentTimeMillis() - start) + "ms");
demo1.callMd5();
demo1.call_address();
}
}
文章来源:https://blog.csdn.net/weixin_38927522/article/details/127776656
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若内容造成侵权/违法违规/事实不符,请联系邮箱:jacktools123@163.com进行投诉反馈,一经查实,立即删除!
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若内容造成侵权/违法违规/事实不符,请联系邮箱:jacktools123@163.com进行投诉反馈,一经查实,立即删除!
标签:
相关文章
最新发布
点击排行
本站推荐
