Invalid memory read (UC_ERR_READ_UNMAPPED)报错

[keatonLiu]

报错日志如下：

JNIEnv->FindClass(android/content/Context) was called from RX@0x120f43bc[libpdd_secure.so]0xf43bc
JNIEnv->GetStaticFieldID(android/provider/Settings$Secure.ANDROID_IDLjava/lang/String;) => 0x220f0fee was called from RX@0x120f4d1c[libpdd_secure.so]0xf4d1c
JNIEnv->GetStaticObjectField(class android/provider/Settings$Secure, ANDROID_ID Ljava/lang/String; => "90418e2675ec5592") was called from RX@0x120f4d58[libpdd_secure.so]0xf4d58
JNIEnv->FindClass(android/app/ActivityThread) was called from RX@0x120f43bc[libpdd_secure.so]0xf43bc
JNIEnv->GetStaticMethodID(android/app/ActivityThread.currentActivityThread()Landroid/app/ActivityThread;) => 0xf7e11563 was called from RX@0x120f4800[libpdd_secure.so]0xf4800
JNIEnv->CallStaticObjectMethodV(class android/app/ActivityThread, currentActivityThread() => android.app.ActivityThread@23fe1d71) was called from RX@0x120f487c[libpdd_secure.so]0xf487c
JNIEnv->GetMethodID(android/app/ActivityThread.getApplication()Landroid/app/Application;) => 0x130a9b92 was called from RX@0x120f4e68[libpdd_secure.so]0xf4e68
JNIEnv->CallObjectMethodV(android.app.ActivityThread@23fe1d71, getApplication() => android.app.Application@28ac3dc3) was called from RX@0x120f4ee4[libpdd_secure.so]0xf4ee4
com.github.unidbg.arm.backend.BackendException: unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED)
	at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:378)
	at com.github.unidbg.AbstractEmulator.emulate(AbstractEmulator.java:378)
	at com.github.unidbg.thread.Function64.run(Function64.java:39)
	at com.github.unidbg.thread.MainTask.dispatch(MainTask.java:19)
	at com.github.unidbg.thread.UniThreadDispatcher.run(UniThreadDispatcher.java:165)
	at com.github.unidbg.thread.UniThreadDispatcher.runMainForResult(UniThreadDispatcher.java:97)
	at com.github.unidbg.AbstractEmulator.runMainForResult(AbstractEmulator.java:341)
	at com.github.unidbg.arm.AbstractARM64Emulator.eFunc(AbstractARM64Emulator.java:262)
	at com.github.unidbg.Module.emulateFunction(Module.java:163)
	at com.github.unidbg.linux.LinuxModule.callFunction(LinuxModule.java:256)
	at pdd.Pddmain.callGetEnv(Pddmain.java:92)
	at pdd.Pddmain.create(Pddmain.java:63)
	at pdd.Pddmain.main(Pddmain.java:34)
Caused by: unicorn.UnicornException: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED)
	at unicorn.Unicorn.emu_start(Native Method)
	at com.github.unidbg.arm.backend.UnicornBackend.emu_start(UnicornBackend.java:376)
	... 12 more
debugger break at: 0x5bc0 @ Runnable|Function64 address=0x1200bab8, arguments=[212921632]
>>> x0=0x12565050 x1=0xe4fffc00 x2=0x8 x3=0x18 x4=0x3 x5=0x4b x6=0x4c x7=0x123e6000 x8=0x3739c5a9 x9=0x0 x10=0x120f46f0 x11=0x0 x12=0x50 x13=0x38 x14=0x0
>>> x15=0x12418000 x16=0x121ecc78 x17=0x5bc0 x18=0x12429f50 x19=0x12565050 x20=0x12565050 x21=0x0 x22=0xe4fff310 x23=0x120d98f0 x24=0x12565018 x25=0xe4fff430 x26=0xed4e260 x27=0x0 x28=0x0 fp=0xe4fff270
>>> q0=0x100000000e4fff0b8(1.8981896146E-314, 4.9E-324) q1=0xe4fff0b000000000e4fff100(1.89818965E-314, 1.8981896106E-314) q2=0x0(0.0) q3=0x50000000000000004(2.0E-323, 2.5E-323) q4=0x10000000000000001(4.9E-324, 4.9E-324) q5=0x40000000000000004(2.0E-323, 2.0E-323) q6=0x20000000000000002(9.9E-324, 9.9E-324) q7=0x510000000000000051(4.0E-322, 4.0E-322) q8=0x0(0.0) q9=0x0(0.0) q10=0x0(0.0) q11=0x0(0.0) q12=0x0(0.0) q13=0x0(0.0) q14=0x0(0.0) q15=0x0(0.0)
>>> q16=0x30510000000000002051(4.0874E-320, 6.111E-320) q17=0x0(0.0) q18=0x30510000000000002051(4.0874E-320, 6.111E-320) q19=0x0(0.0) q20=0x0(0.0) q21=0x0(0.0) q22=0x0(0.0) q23=0x0(0.0) q24=0x0(0.0) q25=0x0(0.0) q26=0x0(0.0) q27=0x0(0.0) q28=0x0(0.0) q29=0x0(0.0) q30=0x0(0.0) q31=0x0(0.0)
LR=RX@0x12152d64[libpdd_secure.so]0x152d64
SP=0xe4fff180
PC=unidbg@0x5bc0
nzcv: N=1, Z=0, C=0, V=0, EL0, use SP_EL0

之前有个issue是和JNI函数没实现有关，但这个报错日志中没有看到任何有关JNI函数的，0x5bc0这个地址IDA看是个JUMPOUT(0)，但单步调试情况下并没有跳转到这个地址，而是执行到一个ADD x29, SP, #10的位置直接报错了