Rewritten sentence: The principle is to use unicorn's "mem hook" function to dump the pure data after so is loaded into memory. There are two methods:
Method 1: Use getBackend()
to copy Unicorn’s memory hook method.
Method 2: Use traceCode()
to trace the specified memory segment and hook the memory data.
Note that getBackend
is driven by Unicorn
, so it can only be used on the unicorn engine of dbg
WithgetBackend
For example
emulator.getBackend().hook_add_new(new WriteHook() { @Override public void hook(Backend backend, long address, int size, long value, Object user) { System.out.println(Long.toHexString(address) + "----" + size + "----" + value); byte[] bytes = long2Bytes(value, size); modifyMap.put(address, bytes); } }, 0, Long.MAX_VALUE, null);
Java
_ Copy_
This way you can hook the memory data at the specified time.
Of course, it can be encapsulated into a GUI so that the work can be completed with just a click of the mouse
The above is the detailed content of java unidbg Ollvm string encryption and parsing method. For more information, please follow other related articles on the PHP Chinese website!