How to use Angr to analyze JNI functions in shared libraries?

Question

I'm new to the binary analysis field. What I want to do is to analyze the JNI native interface functions (e.g., RegisterNatives or other functions listed here by using the SimProcedures provided by Angr. The shared libraries (*.so files) suppose to be part of Android apps. However, I noticed that these JNI native interface functions do not show as symbols in the shared libraries. So my questions are:

1. Why these JNI native interface functions do not have corresponding symbols in the shared libraries? Did I do something wrong or they suppose like this?
2. In Angr, SimProcedures can only bind to symbols if I did not miss anything. So if there are no such symbols, what should I do to make it work?

Answer 1

The various functions are exposed by the JVM as table of function pointers. See here, for example.

A call to env->FindClass would be represented in assembly as something like (C pseudocode):

fp = env + 6 * sizeof(void *);
fp(env, ...)

Perhaps you can teach this angr thing about this function pointer table?