我正在研究一种通过JNI访问ByteArray内容的更有效方法,而不需要丑陋的GetByteArrayElements。我正在寻找一些知识渊博的JNI专家来解释我所看到的并可能有助于解决方案。
我的测试功能
JNIEXPORT void JNICALL Java_analyizer(JNIEnv *env, jclass cls, jbyteArray bytes, jint bytes_len, jlong addr,jint limit) {
jbyte *elements = (*env)->GetByteArrayElements(env, bytes, false);
char * e = (void *) elements;
char * f = (void *) bytes;
char * o = (void *) (uintptr_t) addr;
printf("%d %d\n", e,f );
hexDump(e, (int) bytes_len);
hexDump(f, (int) 500);
hexDump(o, (int) limit);
return;
}
void hexDump(void *addr, int len) {
printf("hex address: %d len: %d\n", (uintptr_t) addr, len);
int i;
unsigned char buff[17];
unsigned char *pc = (unsigned char*) addr;
// Process every byte in the data.
for (i = 0; i < len; i++) {
// Multiple of 16 means new line (with line offset).
if ((i % 16) == 0) {
// Just don't print ASCII for the zeroth line.
if (i != 0)
printf(" %s\n", buff);
// Output the offset.
printf("%06d ", i);
}
// Now the hex code for the specific character.
printf(" %02x", pc[i]);
// And store a printable ASCII character for later.
if ((pc[i] < 0x20) || (pc[i] > 0x7e))
buff[i % 16] = '.';
else
buff[i % 16] = pc[i];
buff[(i % 16) + 1] = '\0';
}
// Pad out last line if not exactly 16 characters.
while ((i % 16) != 0) {
printf(" ");
i++;
}
// And print the final ASCII bit.
printf(" %s\n", buff);
}
我将它设置为从字节引用中转储大量内存,以为我会在其中找到值,但它不会那样。
hex address: 31519248 len: 4
000000 ff 22 ff 22 ."."
hex address: 31519040 len: 500
000000 10 f2 e0 01 00 00 00 00 04 00 00 00 00 00 00 00 ................
000016 60 a4 b4 1d 00 00 00 00 00 00 00 00 00 00 00 00 `...............
000032 36 00 00 00 00 00 00 00 a0 26 4a 1b 00 00 00 00 6........&J.....
000048 18 01 00 00 00 00 00 00 00 d8 e3 01 00 00 00 00 ................
000064 62 5b fa 01 00 00 00 00 88 f1 e0 01 00 00 00 00 b[..............
000080 a0 26 4a 1b 00 00 00 00 10 f2 e0 01 00 00 00 00 .&J.............
000096 c8 41 4a 1b 00 00 00 00 00 00 00 00 00 00 00 00 .AJ.............
000112 a0 26 4a 1b 00 00 00 00 00 00 00 00 00 00 00 00 .&J.............
000128 e8 f1 e0 01 00 00 00 00 58 f2 e0 01 00 00 00 00 ........X.......
000144 30 77 f9 01 00 00 00 00 58 b3 f7 6a 07 00 00 00 0w......X..j....
000160 76 f9 f9 01 00 00 00 00 36 00 00 00 00 00 00 00 v.......6.......
000176 00 00 00 00 00 00 00 00 60 a4 b4 1d 00 00 00 00 ........`.......
000192 70 4a f7 6a 07 00 00 00 04 00 00 00 00 00 00 00 pJ.j............
000208 b8 48 f7 6a 07 00 00 00 18 f2 e0 01 00 00 00 00 .H.j............
000224 5c 27 4a 1b 00 00 00 00 90 f2 e0 01 00 00 00 00 \'J.............
000240 c8 41 4a 1b 00 00 00 00 00 00 00 00 00 00 00 00 .AJ.............
000256 00 28 4a 1b 00 00 00 00 e8 f1 e0 01 00 00 00 00 .(J.............
000272 80 f2 e0 01 00 00 00 00 e0 f2 e0 01 00 00 00 00 ................
000288 30 77 f9 01 00 00 00 00 00 00 00 00 00 00 00 00 0w..............
000304 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000320 36 00 00 00 00 00 00 00 70 4a f7 6a 07 00 00 00 6.......pJ.j....
000336 b8 48 f7 6a 07 00 00 00 60 2e f1 6a 07 00 00 00 .H.j....`..j....
000352 a0 f2 e0 01 00 00 00 00 e8 04 4a 1b 00 00 00 00 ..........J.....
000368 10 f3 e0 01 00 00 00 00 90 05 4a 1b 00 00 00 00 ..........J.....
000384 00 00 00 00 00 00 00 00 38 05 4a 1b 00 00 00 00 ........8.J.....
000400 80 f2 e0 01 00 00 00 00 10 f3 e0 01 00 00 00 00 ................
000416 f0 f3 e0 01 00 00 00 00 da 08 f9 01 00 00 00 00 ................
000432 60 a4 b4 1d 00 00 00 00 00 00 00 00 00 00 00 00 `...............
000448 70 4a f7 6a 07 00 00 00 b8 48 f7 6a 07 00 00 00 pJ.j.....H.j....
000464 28 3a f7 6a 07 00 00 00 be ba fe ca be ba fe ca (:.j............
000480 be ba fe ca be ba fe ca 00 00 00 00 00 00 00 00 ................
000496 00 00 00 00 ....
hex address: 498377824 len: 54
000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000016 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000032 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000048 00 00 ff 22 ff 22 ..."."
我正在逆向工程Unsafe_CopyMemory如何工作,因为它可以将ByteArray中的数据复制到地址中。
Unsafe.copyMemory
UNSAFE_ENTRY(void, Unsafe_CopyMemory(JNIEnv *env, jobject unsafe, jlong srcAddr, jlong dstAddr, jlong size))
UnsafeWrapper("Unsafe_CopyMemory");
if (size == 0) {
return;
}
size_t sz = (size_t)size;
if (sz != (julong)size || size < 0) {
THROW(vmSymbols::java_lang_IllegalArgumentException());
}
void* src = addr_from_java(srcAddr);
void* dst = addr_from_java(dstAddr);
Copy::conjoint_memory_atomic(src, dst, sz);
UNSAFE_END
UNSAFE_ENTRY(void, Unsafe_CopyMemory2(JNIEnv *env, jobject unsafe, jobject srcObj, jlong srcOffset, jobject dstObj, jlong dstOffset, jlong size))
UnsafeWrapper("Unsafe_CopyMemory");
if (size == 0) {
return;
}
size_t sz = (size_t)size;
if (sz != (julong)size || size < 0) {
THROW(vmSymbols::java_lang_IllegalArgumentException());
}
oop srcp = JNIHandles::resolve(srcObj);
oop dstp = JNIHandles::resolve(dstObj);
if (dstp != NULL && !dstp->is_typeArray()) {
// NYI: This works only for non-oop arrays at present.
// Generalizing it would be reasonable, but requires card marking.
// Also, autoboxing a Long from 0L in copyMemory(x,y, 0L,z, n) would be bad.
THROW(vmSymbols::java_lang_IllegalArgumentException());
}
void* src = index_oop_from_field_offset_long(srcp, srcOffset);
void* dst = index_oop_from_field_offset_long(dstp, dstOffset);
Copy::conjoint_memory_atomic(src, dst, sz);
UNSAFE_END
Unsafe.java
public native void copyMemory(Object srcBase, long srcOffset,
Object destBase, long destOffset,
long bytes);
JNIHandles ::决心
所有这些似乎都是使用*(oop *)演员。我不是C的专家,我从来没有见过那种双指针。
inline oop JNIHandles::resolve(jobject handle) {
oop result = (handle == NULL ? (oop)NULL : *(oop*)handle);
assert(result != NULL || (handle == NULL || !CheckJNICalls || is_weak_global_handle(handle)), "Invalid value read from jni handle");
assert(result != badJNIHandle, "Pointing to zapped jni handle area");
return result;
};
index_oop_from_field_offset_long
byte_offset可以由Bits.unsafe()读取/确定.arrayBaseOffset(byte [] .class);对于byte [],该值为16.
inline jlong field_offset_to_byte_offset(jlong field_offset) {
return field_offset;
}
inline void* index_oop_from_field_offset_long(oop p, jlong field_offset) {
jlong byte_offset = field_offset_to_byte_offset(field_offset);
if (sizeof(char*) == sizeof(jint)) // (this constant folds!)
return (address)p + (jint) byte_offset;
else
return (address)p + byte_offset;
}
基本上jbyteArray被强制转换为*(oop *)然后转换为(地址),就是这样。我不明白为什么这样有效但直接转换为(void *)却没有。
答案 0 :(得分:0)
感谢Michael的意见。
经过两天的摆弄;这是正确/简单的方法。
JNIEXPORT void JNICALL Java_analyze(
JNIEnv *env, jclass cls, jobject bytes, jint bytes_len, jlong addr,
jint pos, jint limit) {
jbyte *elements = (*env)->GetByteArrayElements(env, (jbyteArray) bytes, false);
char * e = (void *) elements;
void * f = *(jobject *) bytes;
char * o = (void *) (uintptr_t) addr;
printf("%d %d\n", e,f );
// printf("address %d limit %d\n", (long) addr, (int) limit);
hexDump(e, (int) bytes_len);
hexDump(f, (int) 500);
hexDump(o, (int) limit);
//(*env)->ReleaseByteArrayElements(env, bytes, elements, 0);
}
输出通知,ff 22 ff 22(我们正在寻找的标记)从取消引用的作业开始于第16位。
34533184 1794590904
hex address: 34533184 len: 4
000000 ff 22 ff 22 ."."
hex address: 1794590904 len: 500
000000 01 00 00 00 00 00 00 00 f5 00 00 f8 04 00 00 00 ................
000016 ff 22 ff 22 00 00 00 00 01 00 00 00 00 00 00 00 ."."............
000032 da 02 00 f8 1d e9 5e ed 00 00 00 00 00 00 00 00 ......^.........
000048 01 00 00 00 00 00 00 00 41 00 00 f8 13 00 00 00 ........A.......
000064 6a 00 61 00 76 00 61 00 2f 00 6e 00 69 00 6f 00 j.a.v.a./.n.i.o.
000080 2f 00 42 00 79 00 74 00 65 00 42 00 75 00 66 00 /.B.y.t.e.B.u.f.
000096 66 00 65 00 72 00 00 00 01 00 00 00 00 00 00 00 f.e.r...........
000112 da 02 00 f8 27 e9 5e ed ee 9c 60 df 00 00 00 00 ....'.^...`.....
000128 01 00 00 00 00 00 00 00 41 00 00 f8 13 00 00 00 ........A.......
000144 6a 00 61 00 76 00 61 00 2e 00 6e 00 69 00 6f 00 j.a.v.a...n.i.o.
000160 2e 00 42 00 79 00 74 00 65 00 42 00 75 00 66 00 ..B.y.t.e.B.u.f.
000176 66 00 65 00 72 00 00 00 01 00 00 00 00 00 00 00 f.e.r...........
000192 e5 01 00 f8 00 00 00 00 01 00 00 00 00 00 00 00 ................
000208 66 66 00 f8 8e 43 60 5f 24 e9 5e ed 2e e9 5e ed ff...C`_$.^...^.
000224 66 f7 5e ed 00 00 00 00 01 00 00 00 00 00 00 00 f.^.............
000240 da 02 00 f8 37 e9 5e ed 00 00 00 00 00 00 00 00 ....7.^.........
000256 01 00 00 00 00 00 00 00 41 00 00 f8 13 00 00 00 ........A.......
000272 6a 00 61 00 76 00 61 00 2f 00 6e 00 69 00 6f 00 j.a.v.a./.n.i.o.
000288 2f 00 42 00 79 00 74 00 65 00 42 00 75 00 66 00 /.B.y.t.e.B.u.f.
000304 66 00 65 00 72 00 00 00 01 00 00 00 00 00 00 00 f.e.r...........
000320 e5 01 00 f8 00 00 00 00 01 00 00 00 00 00 00 00 ................
000336 66 66 00 f8 8e 43 60 5f 24 e9 5e ed 3e e9 5e ed ff...C`_$.^.>.^.
000352 76 f7 5e ed 00 00 00 00 01 00 00 00 00 00 00 00 v.^.............
000368 da 02 00 f8 47 e9 5e ed 00 00 00 00 00 00 00 00 ....G.^.........
000384 01 00 00 00 00 00 00 00 41 00 00 f8 13 00 00 00 ........A.......
000400 6a 00 61 00 76 00 61 00 2f 00 6e 00 69 00 6f 00 j.a.v.a./.n.i.o.
000416 2f 00 42 00 79 00 74 00 65 00 42 00 75 00 66 00 /.B.y.t.e.B.u.f.
000432 66 00 65 00 72 00 00 00 01 00 00 00 00 00 00 00 f.e.r...........
000448 84 7e 00 f8 ff ff ff ff 80 ab dc 1d 00 00 00 00 .~..............
000464 00 00 00 00 36 00 00 00 f4 01 00 00 00 00 00 00 ....6...........
000480 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000496 70 e9 5e ed p.^.
hex address: 501001088 len: 54
000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000016 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000032 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000048 00 00 ff 22 ff 22 ..."."
这意味着您可以通过JNI访问基本数组的原始字节,而无需使用GetByteArrayElements中的荒谬复制机制;现在请注意,这会绕过各种安全检查。