Comments (5)
lasting-yang
commented on July 21, 2024
symbol这里有模块名,有地址或符号名,
把你的样本发我看看,
from frida_hook_libart.
Yooi
commented on July 21, 2024
[RegisterNatives] java_class: tv.danmaku.ijk.media.player.cache.WBCacheManager name: nativeCheckCacheExist sig: (Ljava/lang/String;Ljava/lang/String;)I fnPtr: 0xd1e841c4 fnOffset: 0xd1e841c4 callee: 0xb9599579 libhoudini.so!0x212579
[RegisterNatives] java_class: tv.danmaku.ijk.media.player.cache.WBCacheManager name: nativeGetCacheFullPath sig: (Ljava/lang/String;)Ljava/lang/String; fnPtr: 0xd1e8418c fnOffset: 0xd1e8418c callee: 0xb9599579 libhoudini.so!0x212579
[RegisterNatives] java_class: tv.danmaku.ijk.media.player.cache.WBCacheManager name: nativeGetCacheTraceLogString sig: (Ljava/lang/String;)Ljava/lang/String; fnPtr: 0xd1e84154 fnOffset: 0xd1e84154 callee: 0xb9599579 libhoudini.so!0x212579
两个值都是一样的,而且callee没有返回 调用的lib 返回的 libhoudini.so 是系统的
from frida_hook_libart.
lasting-yang
commented on July 21, 2024
[RegisterNatives] java_class: tv.danmaku.ijk.media.player.cache.WBCacheManager name: nativeCheckCacheExist sig: (Ljava/lang/String;Ljava/lang/String;)I fnPtr: 0xd1e841c4 fnOffset: 0xd1e841c4 callee: 0xb9599579 libhoudini.so!0x212579 [RegisterNatives] java_class: tv.danmaku.ijk.media.player.cache.WBCacheManager name: nativeGetCacheFullPath sig: (Ljava/lang/String;)Ljava/lang/String; fnPtr: 0xd1e8418c fnOffset: 0xd1e8418c callee: 0xb9599579 libhoudini.so!0x212579 [RegisterNatives] java_class: tv.danmaku.ijk.media.player.cache.WBCacheManager name: nativeGetCacheTraceLogString sig: (Ljava/lang/String;)Ljava/lang/String; fnPtr: 0xd1e84154 fnOffset: 0xd1e84154 callee: 0xb9599579 libhoudini.so!0x212579
两个值都是一样的,而且callee没有返回 调用的lib 返回的 libhoudini.so 是系统的
libhoudini.so 是模拟器翻译arm的模块,建议换真机
from frida_hook_libart.
ys1231
commented on July 21, 2024
我有两个问题:
- 在查找符号的时候
if (symbol.name.indexOf("art") >= 0 && symbol.name.indexOf("JNI") >= 0 && symbol.name.indexOf("RegisterNatives") >= 0
这样做以ida分析的符号是有的 但是 在frida里面 直接打印出来name的时候 是 没有上面的符号的 . 想请教一下 - 在获取
typedef struct { const char* name; const char* signature; void* fnPtr; } JNINativeMethod;
这些地址的时候 我没有明白 为什么是let name_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3)); let sig_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3 + Process.pointerSize)); let fnPtr_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3 + Process.pointerSize * 2));
- 3 可以帮我解惑吗?
from frida_hook_libart.
lasting-yang
commented on July 21, 2024
- 可能不同手机的符号有一些差异,ida分析出来的符号是经过格式化的函数名,frida里找出来的符号是名称粉碎的
- Process.pointerSize 是为了适配32位和64位so
from frida_hook_libart.
Related Issues (14)
- 建议加个so过滤 HOT 1
- cant work hook_art HOT 2
- 大佬们,那个hook出来的 fnOffset: 0xbc6b4 就是函数的偏移地址吗 HOT 1
- 模拟器无法hook无效 HOT 1
- Process crashed: Trace/BPT trap
- 请问registerNative第一个参数class怎么用frida打印出名字呢。 HOT 1
- 你好, 我使用这个工具hook xhs时出现Error: abort was called at /repl1.js:77 Process crashed: Trace/BPT trap HOT 2
- 对于动态加载的so,无法找到模块 HOT 4
- 建议加个指定so名字的参数
- 您好,麻烦问个问题。我在使用 frida -U --no-pause -f com.xingin.xhs -l ./hook_art.js 命令后 app会启动,但是模拟器会重启,用的是逍遥模拟器。 HOT 3
- hook_RegisterNatives Android11无法正常输出打印 HOT 2
- hook_art.js HOT 1
- cannot read property 'base' of null HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from frida_hook_libart.