ps|grep cn.qssq666.testjni
//第二个数字为进程
根据进程定位so 的相对地址 然后加上so的基地址
cat/proc/pid/maps|grep libmylib.so
//第一个列表的开始就是
xxx
代码
//find app class. frida -U -l hookc2.js cn.qssq666.testjni
//74A1D79470 = ida的基地址+
// cat /proc/23912/maps |grep libmylib.so的地址
setImmediate(function() {
console.log("[*] Starting script");
Java.perform(function () {
//****************************************************************************//
//********************************hook native*********************************//
// public static native String getMagic(Context context, int i);
//hook export function
var nativePointer = Module.findExportByName("libmylib.so" , "Java_cn_qssq666_testjni_MainActivity_calcAdd");
send("method pointer:"+nativePointer);
//create JNIEnv.NewStringUTF Function
//var newStringFunc = new NativeFunction(fun_pointer, 'pointer', ['pointer', 'pointer']);
var envPointer;
Interceptor.attach(nativePointer, {
onEnter: function(args) {
envPointer = args[0];
send("calc add : "+args[0]+", "+args[1]);
},
onLeave:function(retval){
send("gifcore so result value: "+retval);
//var strPointer = Memory.allocUtf8String("XXXXXXX");
//return newStringFunc(envPointer, strPointer);
}
});
function revertHex(hexStr){
var str = "";
str = str + hexStr[6];
str = str + hexStr[7];
str = str + hexStr[4];
str = str + hexStr[5];
str = str + hexStr[2];
str = str + hexStr[3];
str = str + hexStr[0];
str = str + hexStr[1];
return str;
}
});
});
