| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- function find_RegisterNatives(params) {
- var symbols = Module.enumerateSymbolsSync("libart.so");
- var addrRegisterNatives = null;
- for (var i = 0; i < symbols.length; i++) {
- var symbol = symbols[i];
- //_ZN3art3JNI15RegisterNativesEP7_JNIEnvP7_jclassPK15JNINativeMethodi
- if (symbol.name.indexOf("art") >= 0 &&
- symbol.name.indexOf("JNI") >= 0 &&
- symbol.name.indexOf("RegisterNatives") >= 0 &&
- symbol.name.indexOf("CheckJNI") < 0) {
- addrRegisterNatives = symbol.address;
- console.log("RegisterNatives is at ", symbol.address, symbol.name);
- hook_RegisterNatives(addrRegisterNatives)
- }
- }
- }
- function hook_RegisterNatives(addrRegisterNatives) {
- if (addrRegisterNatives != null) {
- Interceptor.attach(addrRegisterNatives, {
- onEnter: function (args) {
- console.log("[RegisterNatives] method_count:", args[3]);
- var env = args[0];
- var java_class = args[1];
- var class_name = Java.vm.tryGetEnv().getClassName(java_class);
- //console.log(class_name);
- var methods_ptr = ptr(args[2]);
- var method_count = parseInt(args[3]);
- for (var i = 0; i < method_count; i++) {
- var name_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3));
- var sig_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3 + Process.pointerSize));
- var fnPtr_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3 + Process.pointerSize * 2));
- var name = Memory.readCString(name_ptr);
- var sig = Memory.readCString(sig_ptr);
- var find_module = Process.findModuleByAddress(fnPtr_ptr);
- console.log("[RegisterNatives] java_class:", class_name, "name:", name, "sig:", sig, "fnPtr:", fnPtr_ptr, " fnOffset:", ptr(fnPtr_ptr).sub(find_module.base), " callee:", DebugSymbol.fromAddress(this.returnAddress));
- }
- }
- });
- }
- }
- setImmediate(find_RegisterNatives);
|
