package com.dta.lesson33;import com.github.unidbg.AndroidEmulator;import com.github.unidbg.Module;import com.github.unidbg.linux.android.AndroidEmulatorBuilder;import com.github.unidbg.linux.android.AndroidResolver;import com.github.unidbg.linux.android.dvm.*;import com.github.unidbg.linux.android.dvm.array.ArrayObject;import com.github.unidbg.linux.android.dvm.array.ByteArray;import com.github.unidbg.memory.Memory;import java.io.File;import java.io.IOException;import java.io.InputStream;import java.security.MessageDigest;import java.util.zip.ZipEntry;import java.util.zip.ZipFile;public class MainActivity extends AbstractJni { private final AndroidEmulator emulator; private final VM vm; private final Memory memory; private final Module module; public MainActivity(){ emulator = AndroidEmulatorBuilder .for32Bit() //.setRootDir(new File("target/rootfs/default")) //.addBackendFactory(new DynarmicFactory(true)) .build(); memory = emulator.getMemory(); memory.setLibraryResolver(new AndroidResolver(23)); vm = emulator.createDalvikVM(new File("unidbg-android/src/test/java/com/dta/lesson33/boss_last.apk")); vm.setVerbose(true); vm.setJni(this); DalvikModule dalvikModule = vm.loadLibrary(new File("unidbg-android/src/test/java/com/dta/lesson33/libyzwg.so"), false); module = dalvikModule.getModule(); vm.callJNI_OnLoad(emulator,module); } public static void main(String[] args) { long start = System.currentTimeMillis(); MainActivity mainActivity = new MainActivity(); System.out.println("load the vm "+( System.currentTimeMillis() - start )+ "ms"); } @Override public DvmObject> getStaticObjectField(BaseVM vm, DvmClass dvmClass, String signature) { if (signature.equals("com/twl/signer/YZWG->gContext:Landroid/content/Context;")){ return vm.resolveClass("android/content/Context").newObject(null); } return super.getStaticObjectField(vm, dvmClass, signature); } @Override public DvmObject> callObjectMethod(BaseVM vm, DvmObject> dvmObject, String signature, VarArg varArg) { if (signature.equals("android/content/pm/PackageManager->getPackagesForUid(I)[Ljava/lang/String;")){ int uid = varArg.getIntArg(0); System.err.println("uid:"+uid); return new ArrayObject(new StringObject(vm, vm.getPackageName())); } return super.callObjectMethod(vm, dvmObject, signature, varArg); } @Override public int callIntMethod(BaseVM vm, DvmObject> dvmObject, String signature, VarArg varArg) { if (signature.equals("java/lang/String->hashCode()I")){ String s = dvmObject.getValue().toString(); int hash = s.hashCode(); return hash; } return super.callIntMethod(vm, dvmObject, signature, varArg); }}
来源地址:https://blog.csdn.net/weixin_38927522/article/details/128079810