forked from lasting-yang/frida_hook_libart
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhook_artmethod.js
65 lines (56 loc) · 2.19 KB
/
hook_artmethod.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
function hook_native() {
var module_libart = Process.findModuleByName("libart.so");
var symbols = module_libart.enumerateSymbols();
var ArtMethod_Invoke = null;
var ArtMethod_PrettyMethod = null;
for (var i = 0; i < symbols.length; i++) {
var symbol = symbols[i];
var address = symbol.address;
var name = symbol.name;
var indexArtMethod = name.indexOf("ArtMethod");
var indexInvoke = name.indexOf("Invoke");
var indexThread = name.indexOf("Thread");
if (indexArtMethod >= 0
&& indexInvoke >= 0
&& indexThread >= 0
&& indexArtMethod < indexInvoke
&& indexInvoke < indexThread) {
console.log(name);
ArtMethod_Invoke = address;
}
if (indexArtMethod >= 0 && name.indexOf("PrettyMethod") >= 0 && name.indexOf("Eb") >= 0) {
console.log(name);
ArtMethod_PrettyMethod = address;
}
}
var module_libext = null;
if (Process.arch === "arm64") {
module_libext = Module.load("/data/app/libext64.so");
} else if (Process.arch === "arm") {
module_libext = Module.load("/data/app/libext.so");
}
if (module_libext != null) {
var addr_PrettyMethod = module_libext.findExportByName("PrettyMethod");
var PrettyMethod = new NativeFunction(addr_PrettyMethod, "void", ["pointer", "pointer", "pointer", "int"]);
if (ArtMethod_Invoke) {
var foo_ArtMethod_PrettyMethod = new NativeFunction(ArtMethod_PrettyMethod, "pointer", ["pointer", "int"]);
console.log(foo_ArtMethod_PrettyMethod);
Interceptor.attach(ArtMethod_Invoke, {
onEnter: function (args) {
try {
var result = Memory.alloc(0x100);
PrettyMethod(ArtMethod_PrettyMethod, args[0], result, 0x100);
console.log(result.readCString());
} catch (error) {
console.log(error);
}
}, onLeave: function (retval) {
}
});
}
}
}
function main() {
hook_native();
}
setImmediate(main);