Unidbg
- Calling Functions
- Complete Example
- Emulator Setup
- Hooks and Tracing
- JNI Implementation
- Loading Libraries
- Memory and Pointers
- Overview
unidbg Documentation Index
Source: LunFengChen/unidbg (fork of zhkl0228/unidbg) Fetched: 2026-04-23 Files: 8
unidbg is a Java-based ARM/ARM64 emulator for running Android and iOS native libraries (.so, .dylib) on the JVM without a real device. Supports JNI interception, function hooking, syscall handling, and multiple CPU backends (Dynarmic, Unicorn2, Hypervisor, KVM).
Maven: com.github.zhkl0228:unidbg-android:0.9.10-SNAPSHOT
Quick Start Pattern
1. AndroidEmulatorBuilder.for32Bit/64Bit().build()
2. memory.setLibraryResolver(new AndroidResolver(api))
3. vm = emulator.createDalvikVM(apkFile)
4. vm.setJni(new MyJni()) ← extend AbstractJni
5. vm.loadLibrary(soFile, true) → dm.callJNI_OnLoad(emulator)
6. dvmClass.callStaticJniMethodObject(emulator, "method(...)T", args...)
Table of Contents
| File | Summary |
|---|---|
| content/overview.md | Module structure, Maven coordinates, key source paths, and backend options |
| content/emulator-setup.md | Create Android/iOS emulator instances with builder pattern and backend selection |
| content/loading-libraries.md | Load SO/APK/DEX files, initialize DalvikVM, resolve Java classes |
| content/calling-functions.md | Call native functions by address/symbol and Java methods via DVM, with JNI signature reference |
| content/jni-implementation.md | Implement AbstractJni to handle JNI callbacks: fields, methods, objects, VarArg, type wrappers |
| content/hooks-and-tracing.md | Hook functions with XHook/HookZz/Whale; trace code execution and memory access |
| content/memory-and-pointers.md | Read/write emulator memory, allocate buffers, use UnidbgPointer, access registers |
| content/complete-example.md | End-to-end examples: minimal SO call, full Android JNI workflow, hook+call, trace+call |