msg=unicorn.UnicornException: Invalid memory read (UC_ERR_READ_UNMAPPED)

See original GitHub issue

调用某个 so 的时候,发生以下异常。代码 main 函数位于附件中的 TujiaNUtils.java,求大佬解答,感谢!🙏 unidbg.zip

/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/bin/java -javaagent:/Applications/IntelliJ IDEA CE.app/Contents/lib/idea_rt.jar=51666:/Applications/IntelliJ IDEA CE.app/Contents/bin -Dfile.encoding=UTF-8 -classpath /Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/charsets.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/deploy.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/cldrdata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/dnsns.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/jaccess.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/jfxrt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/localedata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/nashorn.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/sunec.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/sunjce_provider.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/sunpkcs11.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/zipfs.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/javaws.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/jce.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/jfr.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/jfxswt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/jsse.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/management-agent.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/plugin.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/resources.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/rt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/ant-javafx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/dt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/javafx-mx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/jconsole.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/packager.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/sa-jdi.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/tools.jar:/Users/tiga_liang/workspace/airbnb/unidbg/unidbg-android/target/test-classes:/Users/tiga_liang/workspace/airbnb/unidbg/unidbg-android/target/classes:/Users/tiga_liang/workspace/airbnb/unidbg/unidbg-api/target/classes:/Users/tiga_liang/.m2/repository/com/github/zhkl0228/unicorn/1.0.12/unicorn-1.0.12.jar:/Users/tiga_liang/.m2/repository/org/scijava/native-lib-loader/2.3.5/native-lib-loader-2.3.5.jar:/Users/tiga_liang/.m2/repository/com/github/zhkl0228/capstone/3.0.11/capstone-3.0.11.jar:/Users/tiga_liang/.m2/repository/com/github/zhkl0228/keystone/0.9.5/keystone-0.9.5.jar:/Users/tiga_liang/.m2/repository/com/github/zhkl0228/jna_silicon/4.5.2-1/jna_silicon-4.5.2-1.jar:/Users/tiga_liang/.m2/repository/net/java/dev/jna/jna/4.5.2/jna-4.5.2.jar:/Users/tiga_liang/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar:/Users/tiga_liang/.m2/repository/commons-io/commons-io/2.4/commons-io-2.4.jar:/Users/tiga_liang/.m2/repository/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar:/Users/tiga_liang/.m2/repository/com/alibaba/fastjson/1.2.60/fastjson-1.2.60.jar:/Users/tiga_liang/.m2/repository/com/github/zhkl0228/demumble/1.0.2/demumble-1.0.2.jar:/Users/tiga_liang/workspace/airbnb/unidbg/backend/dynarmic/target/classes:/Users/tiga_liang/workspace/airbnb/unidbg/backend/hypervisor/target/classes:/Users/tiga_liang/workspace/airbnb/unidbg/backend/kvm/target/classes:/Users/tiga_liang/.m2/repository/net/dongliu/apk-parser/2.6.4/apk-parser-2.6.4.jar:/Users/tiga_liang/.m2/repository/log4j/log4j/1.2.17/log4j-1.2.17.jar:/Users/tiga_liang/.m2/repository/junit/junit/4.13.1/junit-4.13.1.jar:/Users/tiga_liang/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar:/Users/tiga_liang/.m2/repository/org/slf4j/slf4j-api/1.7.26/slf4j-api-1.7.26.jar:/Users/tiga_liang/.m2/repository/org/slf4j/slf4j-log4j12/1.7.26/slf4j-log4j12-1.7.26.jar:/Users/tiga_liang/.m2/repository/com/google/protobuf/protobuf-java/3.10.0/protobuf-java-3.10.0.jar com.airspy.tujia.TujiaNUtils
JNIEnv->FindClass(com/qunar/rc/d/j) was called from RX@0x402e301d[libqlisp_v++.so]0xe601d
JNIEnv->RegisterNatives(com/qunar/rc/d/j, unidbg@0xbffff588, 5) was called from RX@0x402e2be1[libqlisp_v++.so]0xe5be1
RegisterNative(com/qunar/rc/d/j, sepa(Ljava/lang/String;)Ljava/lang/String;, RX@0x403373b5[libqlisp_v++.so]0x13a3b5)
RegisterNative(com/qunar/rc/d/j, cd(Ljava/lang/String;I)Ljava/lang/String;, RX@0x40338949[libqlisp_v++.so]0x13b949)
RegisterNative(com/qunar/rc/d/j, sfp(Ljava/lang/String;)V, RX@0x40338ea5[libqlisp_v++.so]0x13bea5)
RegisterNative(com/qunar/rc/d/j, ep()Ljava/lang/String;, RX@0x40339e71[libqlisp_v++.so]0x13ce71)
RegisterNative(com/qunar/rc/d/j, jcd(I)Ljava/lang/String;, RX@0x4033b8e5[libqlisp_v++.so]0x13e8e5)
JNIEnv->FindClass(com/qunar/rc/d/f) was called from RX@0x4025b019[libqlisp_v++.so]0x5e019
JNIEnv->FindClass(com/qunar/rc/d/e) was called from RX@0x4025b0c5[libqlisp_v++.so]0x5e0c5
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x4025b66b[libqlisp_v++.so]0x5e66b
Find native function Java_com_qunar_rc_d_j_cd(Ljava/lang/String;I)Ljava/lang/String; => RX@0x40338949[libqlisp_v++.so]0x13b949
JNIEnv->FindClass(com/qunar/rc/d/f) was called from RX@0x4025b019[libqlisp_v++.so]0x5e019
JNIEnv->FindClass(com/qunar/rc/d/e) was called from RX@0x4025b0c5[libqlisp_v++.so]0x5e0c5
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x4025b66b[libqlisp_v++.so]0x5e66b
JNIEnv->GetStringUtfChars("27fe192ea37047c82d9561defe9ed575") was called from RX@0x40338a11[libqlisp_v++.so]0x13ba11
[22:57:59 613]  INFO [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:1933) - open pathname=/data/misc/zoneinfo/tzdata, oflags=0x20000, mode=0, from=RX@0x40187aa1[libc.so]0x2daa1
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x402a5d99[libqlisp_v++.so]0xa8d99
JNIEnv->GetStaticMethodID(com/qunar/rc/d/d.u()Ljava/lang/String;) was called from RX@0x402a5e8b[libqlisp_v++.so]0xa8e8b
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/d, u()Ljava/lang/String;) was called from RX@0x402a6963[libqlisp_v++.so]0xa9963
JNIEnv->GetStringUtfChars("tj_7b6e0fffffff60ffffffe2430ffffffc50fffffff51f52745e2345110fffffff126") was called from RX@0x402a65a9[libqlisp_v++.so]0xa95a9
JNIEnv->ReleaseStringUTFChars("tj_7b6e0fffffff60ffffffe2430ffffffc50fffffff51f52745e2345110fffffff126") was called from RX@0x402a65c7[libqlisp_v++.so]0xa95c7
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x402a5d99[libqlisp_v++.so]0xa8d99
JNIEnv->GetStaticMethodID(com/qunar/rc/d/d.u()Ljava/lang/String;) was called from RX@0x402a5e8b[libqlisp_v++.so]0xa8e8b
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/d, u()Ljava/lang/String;) was called from RX@0x402a6963[libqlisp_v++.so]0xa9963
JNIEnv->GetStringUtfChars("tj_555e0ffffffa4700ffffffe74f0ffffffce0c220ffffffa00ffffffd10ffffffb3046b0e46") was called from RX@0x402a65a9[libqlisp_v++.so]0xa95a9
JNIEnv->ReleaseStringUTFChars("tj_555e0ffffffa4700ffffffe74f0ffffffce0c220ffffffa00ffffffd10ffffffb3046b0e46") was called from RX@0x402a65c7[libqlisp_v++.so]0xa95c7
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x4029adaf[libqlisp_v++.so]0x9ddaf
JNIEnv->GetStaticMethodID(com/qunar/rc/d/d.g(Ljava/lang/String;)Ljava/lang/String;) was called from RX@0x4029b35b[libqlisp_v++.so]0x9e35b
JNIEnv->NewStringUTF("_flightruid_") was called from RX@0x4029b911[libqlisp_v++.so]0x9e911
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/d, g(Ljava/lang/String;)Ljava/lang/String;) was called from RX@0x4029b927[libqlisp_v++.so]0x9e927
JNIEnv->GetStringUtfChars("ta0pdx12oztj_027e2748ed876acb58d89c5ef8deceb5") was called from RX@0x4029b429[libqlisp_v++.so]0x9e429
JNIEnv->ReleaseStringUTFChars("ta0pdx12oztj_027e2748ed876acb58d89c5ef8deceb5") was called from RX@0x4029bd37[libqlisp_v++.so]0x9ed37
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x4029f4a7[libqlisp_v++.so]0xa24a7
JNIEnv->GetStaticMethodID(com/qunar/rc/d/d.g(Ljava/lang/String;)Ljava/lang/String;) was called from RX@0x402a0427[libqlisp_v++.so]0xa3427
JNIEnv->NewStringUTF("_qfsucode_") was called from RX@0x402a00ab[libqlisp_v++.so]0xa30ab
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/d, g(Ljava/lang/String;)Ljava/lang/String;) was called from RX@0x402a00c1[libqlisp_v++.so]0xa30c1
JNIEnv->GetStringUtfChars("AOKxZXxqiAskfU8wY8aclAd45RpAnkljy2q1w5qdzuFYtj1nxCTY3Ejn8zyh6JBo/3GthXXPL+0MdAv6BOg0szu/2Gt4Sv3Oo3eX8HzbVVNyOia8oUMlHZ4MjH3ZrkGzn/lWuc76Idklr+t+uPQAxw==") was called from RX@0x402a03f7[libqlisp_v++.so]0xa33f7
JNIEnv->ReleaseStringUTFChars("AOKxZXxqiAskfU8wY8aclAd45RpAnkljy2q1w5qdzuFYtj1nxCTY3Ejn8zyh6JBo/3GthXXPL+0MdAv6BOg0szu/2Gt4Sv3Oo3eX8HzbVVNyOia8oUMlHZ4MjH3ZrkGzn/lWuc76Idklr+t+uPQAxw==") was called from RX@0x402a03df[libqlisp_v++.so]0xa33df
JNIEnv->FindClass(com/qunar/rc/d/f) was called from RX@0x402f373d[libqlisp_v++.so]0xf673d
JNIEnv->GetStaticMethodID(com/qunar/rc/d/f.i()Ljava/lang/String;) was called from RX@0x402f3ab3[libqlisp_v++.so]0xf6ab3
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/f, i()Ljava/lang/String;) was called from RX@0x402f381f[libqlisp_v++.so]0xf681f
JNIEnv->GetStringUtfChars("{"uid":"","deviceIds":"299aa6411bea109c","adid":"69021595af9c4bf93","imeis":"768134630004630","meids":"","imsi":"","seriaNo":"","phoneNo":"","simNo":""}") was called from RX@0x402f3ae3[libqlisp_v++.so]0xf6ae3
JNIEnv->ReleaseStringUTFChars("{"uid":"","deviceIds":"299aa6411bea109c","adid":"69021595af9c4bf93","imeis":"768134630004630","meids":"","imsi":"","seriaNo":"","phoneNo":"","simNo":""}") was called from RX@0x402f3b0b[libqlisp_v++.so]0xf6b0b
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x402f373d[libqlisp_v++.so]0xf673d
JNIEnv->GetStaticMethodID(com/qunar/rc/d/d.ef()Ljava/lang/String;) was called from RX@0x402f3ab3[libqlisp_v++.so]0xf6ab3
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/d, ef()Ljava/lang/String;) was called from RX@0x402f381f[libqlisp_v++.so]0xf681f
JNIEnv->GetStringUtfChars("") was called from RX@0x402f3ae3[libqlisp_v++.so]0xf6ae3
JNIEnv->ReleaseStringUTFChars("") was called from RX@0x402f3b0b[libqlisp_v++.so]0xf6b0b
JNIEnv->FindClass(com/qunar/rc/d/f) was called from RX@0x402f373d[libqlisp_v++.so]0xf673d
JNIEnv->GetStaticMethodID(com/qunar/rc/d/f.n()Ljava/lang/String;) was called from RX@0x402f3ab3[libqlisp_v++.so]0xf6ab3
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/f, n()Ljava/lang/String;) was called from RX@0x402f381f[libqlisp_v++.so]0xf681f
JNIEnv->GetStringUtfChars("{"mac":"","bmac":"02:00:00:00:00:00","baseStationId":"","hasIccCard":false,"hasSimCard":true,"simOperator":""}") was called from RX@0x402f3ae3[libqlisp_v++.so]0xf6ae3
JNIEnv->ReleaseStringUTFChars("{"mac":"","bmac":"02:00:00:00:00:00","baseStationId":"","hasIccCard":false,"hasSimCard":true,"simOperator":""}") was called from RX@0x402f3b0b[libqlisp_v++.so]0xf6b0b
[22:57:59 691]  WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:58) - memory failed: address=0xc, size=2, value=0x0, PC=RX@0x4016e544[libc.so]0x14544, LR=RX@0x402aadbd[libqlisp_v++.so]0xaddbd
[22:57:59 692]  WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:388) - emulate RX@0x40338949[libqlisp_v++.so]0x13b949 exception sp=unidbg@0xbfffed40, msg=unicorn.UnicornException: Invalid memory read (UC_ERR_READ_UNMAPPED), offset=91ms
cd result: null

Issue Analytics

  • State:open
  • Created 2 years ago
  • Comments:13 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
Pr0214commented, Sep 14, 2021

你好,这里可以直接hook popen以及system函数,避免陷入底层逻辑

0reactions
SiriusEDcommented, May 17, 2022

@Pr0214 Didn’t find way to hook popen but issue was in other place and I managed to implement my tool without this hook need. So, I guess not relevant for now.

Read more comments on GitHub >

github_iconTop Results From Across the Web

unicorn.UnicornException: Invalid memory read ... - GitHub
UnicornException : Invalid memory read (UC_ERR_READ_UNMAPPED) bytedance 某 ... sp=unidbg@0xbffff760, msg=com/ss/android/tfcc/Tfcc->sError:I, ...
Read more >
exception - Unicorn engine Invalid memory read ...
I'm doing picoCTF exercises and came upon basic RE/assembly one, the purpose was to basically tell the value of EAX at the end...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found