0
点赞
收藏
分享

微信扫一扫

frida hook native 地址的计算


ps|grep cn.qssq666.testjni 
//第二个数字为进程



根据进程定位so 的相对地址 然后加上so的基地址



cat/proc/pid/maps|grep libmylib.so
//第一个列表的开始就是




frida hook native 地址的计算_java


xxx


代码


//find app class. frida -U -l hookc2.js cn.qssq666.testjni
//74A1D79470 = ida的基地址+
// cat /proc/23912/maps |grep libmylib.so的地址

setImmediate(function() {
console.log("[*] Starting script");
Java.perform(function () {


//****************************************************************************//

//********************************hook native*********************************//
// public static native String getMagic(Context context, int i);
//hook export function
var nativePointer = Module.findExportByName("libmylib.so" , "Java_cn_qssq666_testjni_MainActivity_calcAdd");
send("method pointer:"+nativePointer);
//create JNIEnv.NewStringUTF Function
//var newStringFunc = new NativeFunction(fun_pointer, 'pointer', ['pointer', 'pointer']);
var envPointer;
Interceptor.attach(nativePointer, {
onEnter: function(args) {
envPointer = args[0];
send("calc add : "+args[0]+", "+args[1]);
},
onLeave:function(retval){

send("gifcore so result value: "+retval);
//var strPointer = Memory.allocUtf8String("XXXXXXX");
//return newStringFunc(envPointer, strPointer);
}
});


function revertHex(hexStr){
var str = "";
str = str + hexStr[6];
str = str + hexStr[7];
str = str + hexStr[4];
str = str + hexStr[5];
str = str + hexStr[2];
str = str + hexStr[3];
str = str + hexStr[0];
str = str + hexStr[1];
return str;
}


});
});

举报

相关推荐

0 条评论