在没有 JNI GetByteArrayElements 的情况下访问 ByteArray 的内容

Question

我正在研究一种更有效的方法来通过 JNI 访问 ByteArray 的内容，而无需丑陋的 GetByteArrayElements。我正在寻找一些知识渊博的 JNI 专家来解释我所看到的并可能提供解决方案。

我的测试功能

JNIEXPORT void JNICALL Java_analyizer(JNIEnv *env, jclass cls, jbyteArray bytes, jint bytes_len, jlong addr,jint limit) {

    jbyte *elements = (*env)->GetByteArrayElements(env, bytes, false);

    char * e = (void *) elements;
    char * f = (void *) bytes;
    char * o = (void *) (uintptr_t) addr;

    printf("%d %d\n", e,f );

    hexDump(e, (int) bytes_len);
    hexDump(f, (int) 500);
    hexDump(o, (int) limit);

    return;
}

void hexDump(void *addr, int len) {
    printf("hex address: %d len: %d\n", (uintptr_t) addr, len);

    int i;
    unsigned char buff[17];
    unsigned char *pc = (unsigned char*) addr;

    // Process every byte in the data.
    for (i = 0; i < len; i++) {
        // Multiple of 16 means new line (with line offset).

        if ((i % 16) == 0) {
            // Just don't print ASCII for the zeroth line.
            if (i != 0)
                printf("  %s\n", buff);

            // Output the offset.
            printf("%06d ", i);
        }

        // Now the hex code for the specific character.
        printf(" %02x", pc[i]);

        // And store a printable ASCII character for later.
        if ((pc[i] < 0x20) || (pc[i] > 0x7e))
            buff[i % 16] = '.';
        else
            buff[i % 16] = pc[i];
        buff[(i % 16) + 1] = '\0';
    }

    // Pad out last line if not exactly 16 characters.
    while ((i % 16) != 0) {
        printf("   ");
        i++;
    }

    // And print the final ASCII bit.
    printf("  %s\n", buff);
}

我将其设置为从字节引用中转储大量内存，以为我会在其中找到值，但结果并非如此。

hex address: 31519248 len: 4
000000  ff 22 ff 22                                      ."."
hex address: 31519040 len: 500
000000  10 f2 e0 01 00 00 00 00 04 00 00 00 00 00 00 00  ................
000016  60 a4 b4 1d 00 00 00 00 00 00 00 00 00 00 00 00  `...............
000032  36 00 00 00 00 00 00 00 a0 26 4a 1b 00 00 00 00  6........&J.....
000048  18 01 00 00 00 00 00 00 00 d8 e3 01 00 00 00 00  ................
000064  62 5b fa 01 00 00 00 00 88 f1 e0 01 00 00 00 00  b[..............
000080  a0 26 4a 1b 00 00 00 00 10 f2 e0 01 00 00 00 00  .&J.............
000096  c8 41 4a 1b 00 00 00 00 00 00 00 00 00 00 00 00  .AJ.............
000112  a0 26 4a 1b 00 00 00 00 00 00 00 00 00 00 00 00  .&J.............
000128  e8 f1 e0 01 00 00 00 00 58 f2 e0 01 00 00 00 00  ........X.......
000144  30 77 f9 01 00 00 00 00 58 b3 f7 6a 07 00 00 00  0w......X..j....
000160  76 f9 f9 01 00 00 00 00 36 00 00 00 00 00 00 00  v.......6.......
000176  00 00 00 00 00 00 00 00 60 a4 b4 1d 00 00 00 00  ........`.......
000192  70 4a f7 6a 07 00 00 00 04 00 00 00 00 00 00 00  pJ.j............
000208  b8 48 f7 6a 07 00 00 00 18 f2 e0 01 00 00 00 00  .H.j............
000224  5c 27 4a 1b 00 00 00 00 90 f2 e0 01 00 00 00 00  \'J.............
000240  c8 41 4a 1b 00 00 00 00 00 00 00 00 00 00 00 00  .AJ.............
000256  00 28 4a 1b 00 00 00 00 e8 f1 e0 01 00 00 00 00  .(J.............
000272  80 f2 e0 01 00 00 00 00 e0 f2 e0 01 00 00 00 00  ................
000288  30 77 f9 01 00 00 00 00 00 00 00 00 00 00 00 00  0w..............
000304  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000320  36 00 00 00 00 00 00 00 70 4a f7 6a 07 00 00 00  6.......pJ.j....
000336  b8 48 f7 6a 07 00 00 00 60 2e f1 6a 07 00 00 00  .H.j....`..j....
000352  a0 f2 e0 01 00 00 00 00 e8 04 4a 1b 00 00 00 00  ..........J.....
000368  10 f3 e0 01 00 00 00 00 90 05 4a 1b 00 00 00 00  ..........J.....
000384  00 00 00 00 00 00 00 00 38 05 4a 1b 00 00 00 00  ........8.J.....
000400  80 f2 e0 01 00 00 00 00 10 f3 e0 01 00 00 00 00  ................
000416  f0 f3 e0 01 00 00 00 00 da 08 f9 01 00 00 00 00  ................
000432  60 a4 b4 1d 00 00 00 00 00 00 00 00 00 00 00 00  `...............
000448  70 4a f7 6a 07 00 00 00 b8 48 f7 6a 07 00 00 00  pJ.j.....H.j....
000464  28 3a f7 6a 07 00 00 00 be ba fe ca be ba fe ca  (:.j............
000480  be ba fe ca be ba fe ca 00 00 00 00 00 00 00 00  ................
000496  00 00 00 00                                      ....
hex address: 498377824 len: 54
000000  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000016  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000032  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000048  00 00 ff 22 ff 22                                ..."."

我正在对 Unsafe_CopyMemory 的工作原理进行逆向工程，因为它可以将数据从 ByteArray 复制到地址中。

Unsafe.copyMemory

UNSAFE_ENTRY(void, Unsafe_CopyMemory(JNIEnv *env, jobject unsafe, jlong srcAddr, jlong dstAddr, jlong size))
  UnsafeWrapper("Unsafe_CopyMemory");
  if (size == 0) {
    return;
  }
  size_t sz = (size_t)size;
  if (sz != (julong)size || size < 0) {
    THROW(vmSymbols::java_lang_IllegalArgumentException());
  }
  void* src = addr_from_java(srcAddr);
  void* dst = addr_from_java(dstAddr);
  Copy::conjoint_memory_atomic(src, dst, sz);
UNSAFE_END

UNSAFE_ENTRY(void, Unsafe_CopyMemory2(JNIEnv *env, jobject unsafe, jobject srcObj, jlong srcOffset, jobject dstObj, jlong dstOffset, jlong size))
  UnsafeWrapper("Unsafe_CopyMemory");
  if (size == 0) {
    return;
  }
  size_t sz = (size_t)size;
  if (sz != (julong)size || size < 0) {
    THROW(vmSymbols::java_lang_IllegalArgumentException());
  }
  oop srcp = JNIHandles::resolve(srcObj);
  oop dstp = JNIHandles::resolve(dstObj);
  if (dstp != NULL && !dstp->is_typeArray()) {
    // NYI:  This works only for non-oop arrays at present.
    // Generalizing it would be reasonable, but requires card marking.
    // Also, autoboxing a Long from 0L in copyMemory(x,y, 0L,z, n) would be bad.
    THROW(vmSymbols::java_lang_IllegalArgumentException());
  }
  void* src = index_oop_from_field_offset_long(srcp, srcOffset);
  void* dst = index_oop_from_field_offset_long(dstp, dstOffset);
  Copy::conjoint_memory_atomic(src, dst, sz);
UNSAFE_END

Unsafe.java

public native void copyMemory(Object srcBase, long srcOffset,
                                  Object destBase, long destOffset,
                                  long bytes);

JNIHandles::resolve

所有这一切似乎都是使用 *(oop*) 投射 jobject。我不是 C 方面的专家，而且我从未见过这种双指针转换。

inline oop JNIHandles::resolve(jobject handle) {
  oop result = (handle == NULL ? (oop)NULL : *(oop*)handle);
  assert(result != NULL || (handle == NULL || !CheckJNICalls || is_weak_global_handle(handle)), "Invalid value read from jni handle");
  assert(result != badJNIHandle, "Pointing to zapped jni handle area");
  return result;
};

index_oop_from_field_offset_long

byte_offset 可以通过 Bits.unsafe().arrayBaseOffset(byte[].class); 读取/确定对于 byte[]，值为 16。

inline jlong field_offset_to_byte_offset(jlong field_offset) {
  return field_offset;
}

inline void* index_oop_from_field_offset_long(oop p, jlong field_offset) {
  jlong byte_offset = field_offset_to_byte_offset(field_offset);

  if (sizeof(char*) == sizeof(jint))    // (this constant folds!)
    return (address)p + (jint) byte_offset;
  else
    return (address)p +        byte_offset;
}

基本上 jbyteArray 被转换为 *(oop*) 然后转换为 (address) 就是这样。我不明白为什么这样行，但直接转换为 (void *) 不行。

Answer 1

感谢迈克尔的意见。

经过两天的摆弄；这是正确/简单的方法。

JNIEXPORT void JNICALL Java_analyze(
        JNIEnv *env, jclass cls, jobject bytes, jint bytes_len, jlong addr,
        jint pos, jint limit) {

    jbyte *elements = (*env)->GetByteArrayElements(env, (jbyteArray) bytes, false);

    char * e = (void *) elements;
    void * f =  *(jobject *) bytes;
    char * o = (void *) (uintptr_t) addr;

    printf("%d %d\n", e,f );

//  printf("address %d limit %d\n", (long) addr, (int) limit);

    hexDump(e, (int) bytes_len);
    hexDump(f, (int) 500);
    hexDump(o, (int) limit);

    //(*env)->ReleaseByteArrayElements(env, bytes, elements, 0);
}

输出通知 ff 22 ff 22（我们正在寻找的标记）从取消引用的作业的位置 16 开始。

34533184 1794590904
hex address: 34533184 len: 4
000000  ff 22 ff 22                                      ."."
hex address: 1794590904 len: 500
000000  01 00 00 00 00 00 00 00 f5 00 00 f8 04 00 00 00  ................
000016  ff 22 ff 22 00 00 00 00 01 00 00 00 00 00 00 00  ."."............
000032  da 02 00 f8 1d e9 5e ed 00 00 00 00 00 00 00 00  ......^.........
000048  01 00 00 00 00 00 00 00 41 00 00 f8 13 00 00 00  ........A.......
000064  6a 00 61 00 76 00 61 00 2f 00 6e 00 69 00 6f 00  j.a.v.a./.n.i.o.
000080  2f 00 42 00 79 00 74 00 65 00 42 00 75 00 66 00  /.B.y.t.e.B.u.f.
000096  66 00 65 00 72 00 00 00 01 00 00 00 00 00 00 00  f.e.r...........
000112  da 02 00 f8 27 e9 5e ed ee 9c 60 df 00 00 00 00  ....'.^...`.....
000128  01 00 00 00 00 00 00 00 41 00 00 f8 13 00 00 00  ........A.......
000144  6a 00 61 00 76 00 61 00 2e 00 6e 00 69 00 6f 00  j.a.v.a...n.i.o.
000160  2e 00 42 00 79 00 74 00 65 00 42 00 75 00 66 00  ..B.y.t.e.B.u.f.
000176  66 00 65 00 72 00 00 00 01 00 00 00 00 00 00 00  f.e.r...........
000192  e5 01 00 f8 00 00 00 00 01 00 00 00 00 00 00 00  ................
000208  66 66 00 f8 8e 43 60 5f 24 e9 5e ed 2e e9 5e ed  ff...C`_$.^...^.
000224  66 f7 5e ed 00 00 00 00 01 00 00 00 00 00 00 00  f.^.............
000240  da 02 00 f8 37 e9 5e ed 00 00 00 00 00 00 00 00  ....7.^.........
000256  01 00 00 00 00 00 00 00 41 00 00 f8 13 00 00 00  ........A.......
000272  6a 00 61 00 76 00 61 00 2f 00 6e 00 69 00 6f 00  j.a.v.a./.n.i.o.
000288  2f 00 42 00 79 00 74 00 65 00 42 00 75 00 66 00  /.B.y.t.e.B.u.f.
000304  66 00 65 00 72 00 00 00 01 00 00 00 00 00 00 00  f.e.r...........
000320  e5 01 00 f8 00 00 00 00 01 00 00 00 00 00 00 00  ................
000336  66 66 00 f8 8e 43 60 5f 24 e9 5e ed 3e e9 5e ed  ff...C`_$.^.>.^.
000352  76 f7 5e ed 00 00 00 00 01 00 00 00 00 00 00 00  v.^.............
000368  da 02 00 f8 47 e9 5e ed 00 00 00 00 00 00 00 00  ....G.^.........
000384  01 00 00 00 00 00 00 00 41 00 00 f8 13 00 00 00  ........A.......
000400  6a 00 61 00 76 00 61 00 2f 00 6e 00 69 00 6f 00  j.a.v.a./.n.i.o.
000416  2f 00 42 00 79 00 74 00 65 00 42 00 75 00 66 00  /.B.y.t.e.B.u.f.
000432  66 00 65 00 72 00 00 00 01 00 00 00 00 00 00 00  f.e.r...........
000448  84 7e 00 f8 ff ff ff ff 80 ab dc 1d 00 00 00 00  .~..............
000464  00 00 00 00 36 00 00 00 f4 01 00 00 00 00 00 00  ....6...........
000480  00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000496  70 e9 5e ed                                      p.^.
hex address: 501001088 len: 54
000000  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000016  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000032  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000048  00 00 ff 22 ff 22                                ..."."

这意味着您可以通过 JNI 访问原始数组的原始字节，而无需使用 GetByteArrayElements 中荒谬的复制机制；现在请注意，这会绕过各种安全检查。