Update few things

.gitignore

@@ -281,3 +281,6 @@ $RECYCLE.BIN/
 *.lnk
 
 # End of https://www.gitignore.io/api/venv,macos,python,windows,pycharm+all
+
+!/tests/test_binaries/test_native.so
+*.idb

androidemu/cpu/syscall_hooks.py

@@ -1,5 +1,6 @@
 import logging
 import math
+import os
 import time
 from random import randint
 
@@ -31,13 +32,16 @@ class SyscallHooks:
     def __init__(self, mu, syscall_handler):
         self._mu = mu
         self._syscall_handler = syscall_handler
+        self._syscall_handler.set_handler(0x14, "getpid", 0, self._getpid)
         self._syscall_handler.set_handler(0x4E, "gettimeofday", 2, self._handle_gettimeofday)
         self._syscall_handler.set_handler(0xAC, "prctl", 5, self._handle_prctl)
+        self._syscall_handler.set_handler(0xE0, "gettid", 0, self._gettid)
         self._syscall_handler.set_handler(0xF0, "futex", 6, self._handle_futex)
         self._syscall_handler.set_handler(0x107, "clock_gettime", 2, self._handle_clock_gettime)
         self._syscall_handler.set_handler(0x119, "socket", 3, self._socket)
         self._syscall_handler.set_handler(0x11a, "bind", 3, self._bind)
         self._syscall_handler.set_handler(0x11b, "connect", 3, self._connect)
+        self._syscall_handler.set_handler(0x14e, "faccessat", 4, self._faccessat)
         self._syscall_handler.set_handler(0x159, "getcpu", 3, self._getcpu)
         self._syscall_handler.set_handler(0x14e, "faccessat", 4, self._faccessat)
         self._syscall_handler.set_handler(0x14, "getpid", 0, self._getpid)
@@ -49,15 +53,12 @@ def __init__(self, mu, syscall_handler):
         self._socket_id = 0x100000
         self._sockets = dict()
 
-    def _null(self, mu):
-        return 0
-
-    def _gettid(self, mu):
-        return  0x2211
-
     def _getpid(self, mu):
         return 0x1122
 
+    def _gettid(self, mu):
+        return 0x2211
+
     def _faccessat(self, mu, filename, pathname, mode, flag):
         return 0
 

androidemu/native/hooks.py

@@ -64,7 +64,6 @@ def dladdr(self, uc, addr, info):
                 memory_helpers.write_uints(uc, addr, [dli_fname, mod.base, 0, 0])
                 return 1
 
-
     def nop(self, name):
         @native_method
         def nop_inside(emu):

androidemu/vfs/file_system.py

@@ -166,7 +166,9 @@ def _handle_writev(self, mu, fd, vec, vlen):
             for i in range(0, vlen):
                 addr = memory_helpers.read_ptr(mu, (i * 8) + vec)
                 size = memory_helpers.read_ptr(mu, (i * 8) + vec + 4)
-                sys.stderr.buffer.write(mu.mem_read(addr, size))
+                data = bytes(mu.mem_read(addr, size)).decode(encoding='UTF-8')
+
+                logger.error('Writev %s' % data)
 
             return 0
 

samples/example_douyin.py

@@ -2,15 +2,17 @@
 import posixpath
 import sys
 
-from unicorn import UcError, UC_HOOK_CODE, UC_HOOK_MEM_UNMAPPED
+from unicorn import UcError, UC_HOOK_CODE, UC_HOOK_MEM_UNMAPPED, Uc, UC_PROT_ALL
 from unicorn.arm_const import *
 
 from androidemu.emulator import Emulator
+from androidemu.java.helpers.native_method import native_method
 from androidemu.java.java_class_def import JavaClassDef
 from androidemu.java.java_method_def import java_method_def
 
 from samples import debug_utils
 
+
 class XGorgen(metaclass=JavaClassDef, jvm_name='com/ss/sys/ces/a'):
     def __init__(self):
         pass
@@ -22,6 +24,7 @@ def leviathan(self, mu):
     def test(self):
         pass
 
+
 class secuni_b(metaclass=JavaClassDef, jvm_name='com/ss/sys/secuni/b/c'):
     def __init__(self):
         pass
@@ -41,13 +44,15 @@ def __init__(self):
 
 
 class java_lang_System(metaclass=JavaClassDef, jvm_name='java/lang/System'):
-        def __init__(self):
-            pass
+    def __init__(self):
+        pass
+
+    @java_method_def(name='getProperty', args_list=["jstring"], signature='(Ljava/lang/String;)Ljava/lang/String;',
+                     native=False)
+    def getProperty(self, *args, **kwargs):
+        print(args[0].value)
+        return "2.1.0"
 
-        @java_method_def(name='getProperty', args_list=["jstring"] ,signature='(Ljava/lang/String;)Ljava/lang/String;', native=False)
-        def getProperty(self, *args, **kwargs):
-            print (args[0].value)
-            return "2.1.0"
 
 class java_lang_StackTraceElement(metaclass=JavaClassDef, jvm_name='java/lang/StackTraceElement'):
     def __init__(self, _name):
@@ -68,25 +73,24 @@ def currentThread(self, *args, **kwargs):
 
     @java_method_def(name="getStackTrace", signature='()[Ljava/lang/StackTraceElement;', native=False)
     def getStackTrace(self, *args, **kwargs):
-        return  [java_lang_StackTraceElement("dalvik.system.VMStack"),
-                 java_lang_StackTraceElement("java.lang.Thread"),
-                 java_lang_StackTraceElement("com.ss.sys.ces.a"),
-                 java_lang_StackTraceElement("com.yf.douyintool.MainActivity"),
-                 java_lang_StackTraceElement("java.lang.reflect.Method"),
-                 java_lang_StackTraceElement("java.lang.reflect.Method"),
-                 java_lang_StackTraceElement("android.support.v7.app.AppCompatViewInflater$DeclaredOnClickListener"),
-                 java_lang_StackTraceElement("android.view.View"),
-                 java_lang_StackTraceElement("android.os.Handler"),
-                 java_lang_StackTraceElement("android.os.Handler"),
-                 java_lang_StackTraceElement("android.os.Looper"),
-                 java_lang_StackTraceElement("android.app.ActivityThread"),
-                 java_lang_StackTraceElement("java.lang.reflect.Method"),
-                 java_lang_StackTraceElement("java.lang.reflect.Method"),
-                 java_lang_StackTraceElement("com.android.internal.os.ZygoteInit$MethodAndArgsCaller"),
-                 java_lang_StackTraceElement("com.android.internal.os.ZygoteInit"),
-                 java_lang_StackTraceElement("dalvik.system.NativeStart")
-                 ]
-
+        return [java_lang_StackTraceElement("dalvik.system.VMStack"),
+                java_lang_StackTraceElement("java.lang.Thread"),
+                java_lang_StackTraceElement("com.ss.sys.ces.a"),
+                java_lang_StackTraceElement("com.yf.douyintool.MainActivity"),
+                java_lang_StackTraceElement("java.lang.reflect.Method"),
+                java_lang_StackTraceElement("java.lang.reflect.Method"),
+                java_lang_StackTraceElement("android.support.v7.app.AppCompatViewInflater$DeclaredOnClickListener"),
+                java_lang_StackTraceElement("android.view.View"),
+                java_lang_StackTraceElement("android.os.Handler"),
+                java_lang_StackTraceElement("android.os.Handler"),
+                java_lang_StackTraceElement("android.os.Looper"),
+                java_lang_StackTraceElement("android.app.ActivityThread"),
+                java_lang_StackTraceElement("java.lang.reflect.Method"),
+                java_lang_StackTraceElement("java.lang.reflect.Method"),
+                java_lang_StackTraceElement("com.android.internal.os.ZygoteInit$MethodAndArgsCaller"),
+                java_lang_StackTraceElement("com.android.internal.os.ZygoteInit"),
+                java_lang_StackTraceElement("dalvik.system.NativeStart")
+                ]
 
 
 # Configure logging
@@ -104,6 +108,26 @@ def getStackTrace(self, *args, **kwargs):
     vfs_root=posixpath.join(posixpath.dirname(__file__), "vfs")
 )
 
+# Overwrite some symbols
+@native_method
+def malloc(uc: Uc, size):
+    return emulator.native_memory._heap.malloc(size, UC_PROT_ALL)
+
+
+@native_method
+def free(uc: Uc, ptr):
+    emulator.native_memory._heap.free(ptr)
+
+
+@native_method
+def calloc(uc: Uc, nmemb, size):
+    return emulator.native_memory._heap.malloc(nmemb * size, UC_PROT_ALL)
+
+
+emulator.modules.add_symbol_hook('malloc', emulator.hooker.write_function(malloc) + 1)
+emulator.modules.add_symbol_hook('free', emulator.hooker.write_function(free) + 1)
+emulator.modules.add_symbol_hook('calloc', emulator.hooker.write_function(calloc) + 1)
+
 # Register Java class.
 # emulator.java_classloader.add_class(MainActivity)
 emulator.java_classloader.add_class(XGorgen)
@@ -114,11 +138,11 @@ def getStackTrace(self, *args, **kwargs):
 emulator.java_classloader.add_class(java_lang_StackTraceElement)
 
 # Load all libraries.
-emulator.load_library("samples/example_binaries/libdl.so")
-emulator.load_library("samples/example_binaries/libc.so")
-emulator.load_library("samples/example_binaries/libstdc++.so")
-emulator.load_library("samples/example_binaries/libm.so")
-lib_module = emulator.load_library("samples/example_binaries/libcms.so")
+emulator.load_library("./example_binaries/libdl.so", do_init=True)
+emulator.load_library("./example_binaries/libc.so", do_init=False)
+emulator.load_library("./example_binaries/libstdc++.so", do_init=True)
+emulator.load_library("./example_binaries/libm.so", do_init=True)
+lib_module = emulator.load_library("./example_binaries/libcms.so", do_init=True)
 
 # Show loaded modules.
 logger.info("Loaded modules:")
@@ -137,22 +161,18 @@ def getStackTrace(self, *args, **kwargs):
     #   JNI_OnLoad will call 'RegisterNatives'.
     emulator.call_symbol(lib_module, 'JNI_OnLoad', emulator.java_vm.address_ptr, 0x00)
 
-
     # bypass douyin checks
-    with open("misc/samples/app_process32", 'rb') as ap:
+    with open("./misc/app_process32", 'rb') as ap:
         data = ap.read()
         len1 = len(data) + 1024 - (len(data) % 1024)
         emulator.mu.mem_map(0xab006000, len1)
         emulator.mu.mem_write(0xab006000, data)
 
-
     x = XGorgen()
     data = 'acde74a94e6b493a3399fac83c7c08b35D58B21D9582AF77647FC9902E36AE70f9c001e9334e6e94916682224fbe4e5f00000000000000000000000000000000'
     data = bytearray(bytes.fromhex(data))
     result = x.leviathan(emulator, 1562848170, data)
 
-
-
     print(''.join(['%02x' % b for b in result]))
     # 037d560d0000903e34fb093f1d21e78f3bdf3fbebe00b124becc
     # 036d2a7b000010f4d05395b7df8b0ec2b5ec085b938a473a6a51
@@ -163,9 +183,9 @@ def getStackTrace(self, *args, **kwargs):
     # 0300000000002034d288fe8d6b95b778105cc36eade709d2b500
     # Dump natives found.
 
-  #  for method in MainActivity.jvm_methods.values():
-  #      if method.native:
-   #         logger.info("- [0x%08x] %s - %s" % (method.native_addr, method.name, method.signature))
+#  for method in MainActivity.jvm_methods.values():
+#      if method.native:
+#         logger.info("- [0x%08x] %s - %s" % (method.native_addr, method.name, method.signature))
 except UcError as e:
     print("Exit at %x" % emulator.mu.reg_read(UC_ARM_REG_PC))
     raise

tests/test_native.py

@@ -0,0 +1,40 @@
+import logging
+import posixpath
+import sys
+import unittest
+
+from unicorn import UC_HOOK_MEM_UNMAPPED, UC_HOOK_CODE
+
+from androidemu.emulator import Emulator
+from samples import debug_utils
+
+logging.basicConfig(
+    stream=sys.stdout,
+    level=logging.DEBUG,
+    format="%(asctime)s %(levelname)7s %(name)34s | %(message)s"
+)
+
+dir_samples = posixpath.join(posixpath.dirname(__file__), "..", "samples")
+
+
+class TestNative(unittest.TestCase):
+
+    def test_something(self):
+        # Initialize emulator
+        emulator = Emulator(
+            vfp_inst_set=True,
+            vfs_root=posixpath.join(dir_samples, "vfs")
+        )
+
+        emulator.load_library(posixpath.join(dir_samples, "example_binaries", "libdl.so"), do_init=False)
+        emulator.load_library(posixpath.join(dir_samples, "example_binaries", "libc.so"), do_init=False)
+        emulator.load_library(posixpath.join(dir_samples, "example_binaries", "libstdc++.so"), do_init=False)
+        module = emulator.load_library(posixpath.join(posixpath.dirname(__file__), "test_binaries", "test_native.so"), do_init=False)
+
+        print(module.base)
+
+        emulator.mu.hook_add(UC_HOOK_CODE, debug_utils.hook_code)
+        emulator.mu.hook_add(UC_HOOK_MEM_UNMAPPED, debug_utils.hook_unmapped)
+        res = emulator.call_symbol(module, 'Java_com_aeonlucid_nativetesting_MainActivity_testOneArg', emulator.java_vm.address_ptr, 0x00, 'Hello', 'asd')
+
+        print(res)