邢台无忧网站建设公司近期热点新闻

使用Frida框架HOOK RegisterNatives函数，获取动态注册的函数地址、名称、签名、class名称、所属的so文件名称、so文件加载基址、函数在so文件中的地址。

废话不多说，上代码：

运行命令：frida -U -f in.****** -l RegisterNatives.js

function hook_native(){var module_libart=Process.findModuleByName("libart.so");console.log("module_libart info:"+module_libart);var symbols=module_libart.enumerateSymbols();var addr_RegisterNatives=null;for(var i=0;i<symbols.length;i++){var name=symbols[i].name;if(name.indexOf("CheckJNI")==-1&&name.indexOf("JNI")>0){if(name.indexOf("RegisterNatives")>0){console.log("RegisterNatives："+name+"\n"+"RegisterNatives_Address："+symbols[i].address);addr_RegisterNatives=symbols[i].address;}}}if(addr_RegisterNatives){Interceptor.attach(addr_RegisterNatives,{onEnter:function(args){var java_class=Java.vm.tryGetEnv().getClassName(args[1]);var methods=args[2];var method_count=parseInt(args[3]);var module = Process.findModuleByAddress(methods.add(Process.pointerSize*3+Process.pointerSize).readPointer());var module_addr=0;if(module){console.log("===========module so name:"+module.name+"===========");//打印所属模块名称module_addr=Process.findModuleByName(module.name).base;console.log(module.name+" address is:"+module_addr);}else{console.log("===========cannot find so name===========");//打印所属模块名称}console.log("addr_RegisterNatives Java Class Name:"+java_class);console.log("addr_RegisterNatives Java Class method count:"+method_count);for(var i=0;i<method_count;i++){var method_name=methods.add(i*Process.pointerSize*3).readPointer().readCString();var method_sign=methods.add(i*Process.pointerSize*3+Process.pointerSize).readPointer().readCString();var method_addr=methods.add(i*Process.pointerSize*3+Process.pointerSize).readPointer();console.log("method name:"+method_name);//打印内存的函数console.log("method sign:"+method_sign);//打印函数签名console.log("method addr:"+method_addr);//打印函数地址if(module_addr>0){var file_method_addr=method_addr.sub(module_addr);console.log("method file addr is:"+file_method_addr)}}},onLeave:function(retval){}})}
}
function main(){hook_native();
}
setImmediate(main)