forked from lasting-yang/frida_hook_libart
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhook_art.js
171 lines (154 loc) · 6.73 KB
/
hook_art.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
var ishook_libart = false;
function hook_libart() {
if (ishook_libart === true) {
return;
}
var symbols = Module.enumerateSymbolsSync("libart.so");
var addrGetStringUTFChars = undefined;
var addrNewStringUTF = undefined;
var addrFindClass = undefined;
var addrGetMethodID = undefined;
var addrGetStaticMethodID = undefined;
var addrGetFieldID = undefined;
var addrGetStaticFieldID = undefined;
for (i = 0; i < symbols.length; i++) {
var symbol = symbols[i];
if (symbol.name == "_ZN3art3JNI17GetStringUTFCharsEP7_JNIEnvP8_jstringPh") {
addrGetStringUTFChars = symbol.address;
console.log("GetStringUTFChars is at " + addrGetStringUTFChars);
} else if (symbol.name == "_ZN3art3JNI12NewStringUTFEP7_JNIEnvPKc") {
addrNewStringUTF = symbol.address;
console.log("NewStringUTF is at " + addrNewStringUTF);
} else if (symbol.name == "_ZN3art3JNI9FindClassEP7_JNIEnvPKc") {
addrFindClass = symbol.address;
console.log("FindClass is at " + addrFindClass);
} else if (symbol.name == "_ZN3art3JNI11GetMethodIDEP7_JNIEnvP7_jclassPKcS6_") {
addrGetMethodID = symbol.address;
console.log("GetMethodID is at " + addrGetMethodID);
} else if (symbol.name == "_ZN3art3JNI17GetStaticMethodIDEP7_JNIEnvP7_jclassPKcS6_") {
addrGetStaticMethodID = symbol.address;
console.log("GetStaticMethodID is at " + addrGetStaticMethodID);
} else if (symbol.name == "_ZN3art3JNI10GetFieldIDEP7_JNIEnvP7_jclassPKcS6_") {
addrGetFieldID = symbol.address;
console.log("GetFieldID is at " + addrGetFieldID);
} else if (symbol.name == "_ZN3art3JNI16GetStaticFieldIDEP7_JNIEnvP7_jclassPKcS6_") {
addrGetStaticFieldID = symbol.address;
console.log("GetStaticFieldID is at " + addrGetStaticFieldID);
}
}
if (addrGetStringUTFChars != undefined) {
Interceptor.attach(addrGetStringUTFChars, {
onEnter: function(args) {},
onLeave: function(retval) {
if (retval != null) {
var bytes = Memory.readCString(retval);
console.log("[GetStringUTFChars] result:" + bytes);
}
}
});
}
if (addrNewStringUTF != undefined) {
Interceptor.attach(addrNewStringUTF, {
onEnter: function(args) {
if (args[1] != null) {
var string = Memory.readCString(args[1]);
console.log("[NewStringUTF] bytes:" + string);
}
},
onLeave: function(retval) {}
});
}
if (addrFindClass != undefined) {
Interceptor.attach(addrFindClass, {
onEnter: function(args) {
if (args[1] != null) {
var name = Memory.readCString(args[1]);
console.log("[FindClass] name:" + name);
}
},
onLeave: function(retval) {}
});
}
if (addrGetMethodID != undefined) {
Interceptor.attach(addrGetMethodID, {
onEnter: function(args) {
if (args[2] != null) {
var name = Memory.readCString(args[2]);
if (args[3] != null) {
var sig = Memory.readCString(args[3]);
console.log("[GetMethodID] name:" + name + ", sig:" + sig);
} else {
console.log("[GetMethodID] name:" + name);
}
}
},
onLeave: function(retval) {}
});
}
if (addrGetStaticMethodID != undefined) {
Interceptor.attach(addrGetStaticMethodID, {
onEnter: function(args) {
if (args[2] != null) {
var name = Memory.readCString(args[2]);
if (args[3] != null) {
var sig = Memory.readCString(args[3]);
console.log("[GetStaticMethodID] name:" + name + ", sig:" + sig);
} else {
console.log("[GetStaticMethodID] name:" + name);
}
}
},
onLeave: function(retval) {}
});
}
if (addrGetFieldID != undefined) {
Interceptor.attach(addrGetFieldID, {
onEnter: function(args) {
if (args[2] != null) {
var name = Memory.readCString(args[2]);
if (args[3] != null) {
var sig = Memory.readCString(args[3]);
console.log("[GetFieldID] name:" + name + ", sig:" + sig);
} else {
console.log("[GetFieldID] name:" + name);
}
}
},
onLeave: function(retval) {}
});
}
if (addrGetStaticFieldID != undefined) {
Interceptor.attach(addrGetStaticFieldID, {
onEnter: function(args) {
if (args[2] != null) {
var name = Memory.readCString(args[2]);
if (args[3] != null) {
var sig = Memory.readCString(args[3]);
console.log("[GetStaticFieldID] name:" + name + ", sig:" + sig);
} else {
console.log("[GetStaticFieldID] name:" + name);
}
}
},
onLeave: function(retval) {}
});
}
ishook_libart = true;
}
hook_libart();
/*
.text:00297024 ; art::JNI::GetStringUTFChars(_JNIEnv *, _jstring *, unsigned char *)
.text:00297024 _ZN3art3JNI17GetStringUTFCharsEP7_JNIEnvP8_jstringPh
.text:0027D960 ; art::JNI::NewStringUTF(_JNIEnv *, char const*)
.text:0027D960 _ZN3art3JNI12NewStringUTFEP7_JNIEnvPKc
.text:0029D238 ; art::JNI::FindClass(_JNIEnv *, char const*)
.text:0029D238 _ZN3art3JNI9FindClassEP7_JNIEnvPKc
.text:00286B14 ; art::JNI::GetMethodID(_JNIEnv *, _jclass *, char const*, char const*)
.text:00286B14 _ZN3art3JNI11GetMethodIDEP7_JNIEnvP7_jclassPKcS6_
.text:0028EC20 ; art::JNI::GetStaticMethodID(_JNIEnv *, _jclass *, char const*, char const*)
.text:0028EC20 _ZN3art3JNI17GetStaticMethodIDEP7_JNIEnvP7_jclassPKcS6_
.text:0028A7CC ; art::JNI::GetFieldID(_JNIEnv *, _jclass *, char const*, char const*)
.text:0028A7CC _ZN3art3JNI10GetFieldIDEP7_JNIEnvP7_jclassPKcS6_
.text:002889B0 ; art::JNI::GetStaticFieldID(_JNIEnv *, _jclass *, char const*, char const*)
.text:002889B0 _ZN3art3JNI16GetStaticFieldIDEP7_JNIEnvP7_jclassPKcS6_
*/