Frida 打印 class 中的所有变量
Frida print all variables in class
嗨
我的教授问你如何在 class 中打印变量的内容
他为我们提供了一个 apk,可以用 frida 启动和分析:
package com.test_uni_apk.lib.proftest;
public class ProfApi{
public static class StateReady
extends ProfApi.CallState
{
public CallStateReady() {}
public CallStateReady(ProfApi.CallProc paramCallProc,
ProfApi.CallConnection[] paramArrayOfCallConnection, String
paramString, byte[] paramArrayOfByte, String[] paramArrayOfString)
{
this.printthis = paramArrayOfCallConnection;
}
}
}
我读到你可以使用 frida 挂钩 class 但我不明白如何打印 printthis 的值。
我假设 CallStateReady
是 com.test_uni_apk.lib.proftest.ProfApi
的内部 class 并且您想挂钩 c'tor 并打印第二个参数 #PleaseSubmitElegantCode
function printParamArrayOfCallConnection() {
var ArrayList = Java.use("java.util.ArrayList");
var CallConnection = Java.use("com.test_uni_apk.lib.proftest.ProfApi$CallConnection");
Java.use("com.test_uni_apk.lib.proftest.ProfApi$CallStateReady") // dollar sign for inner class
.$init // init represent the constructor
// list of arguments are passed in byte code style, [B represents byte array
// when you try to hook Frida will provide an informative error with all the possible arguments for overloading
// copy & paste the right one which will look like this:
.overload("Lcom..ProfApi.CallProc;", "Lcom...ProfApi.CallConnection;", "java.lang.String", "[B", "Ljava.lang.String;")
.implementation = function(paramCallProc, paramArrayOfCallConnection, paramString, paramArrayOfByte, paramArrayOfString) {
// first we cast to list
var list = Java.cast(paramArrayOfCallConnection, ArrayList);
// iterating the list
for (var i = 0, l = list.size(); i < l; i++) {
// casting each element to the object we created earlier
var currentElement = Java.cast(list.get(i), CallConnection);
// printing to terminal
console.log(i, currentElement);
}
// executing original c'tor
this.$init(paramCallProc, paramArrayOfCallConnection, paramString, paramArrayOfByte, paramArrayOfString);
}
}
Java.perform(printParamArrayOfCallConnection);
嗨 我的教授问你如何在 class 中打印变量的内容 他为我们提供了一个 apk,可以用 frida 启动和分析:
package com.test_uni_apk.lib.proftest;
public class ProfApi{
public static class StateReady
extends ProfApi.CallState
{
public CallStateReady() {}
public CallStateReady(ProfApi.CallProc paramCallProc,
ProfApi.CallConnection[] paramArrayOfCallConnection, String
paramString, byte[] paramArrayOfByte, String[] paramArrayOfString)
{
this.printthis = paramArrayOfCallConnection;
}
}
}
我读到你可以使用 frida 挂钩 class 但我不明白如何打印 printthis 的值。
我假设 CallStateReady
是 com.test_uni_apk.lib.proftest.ProfApi
的内部 class 并且您想挂钩 c'tor 并打印第二个参数 #PleaseSubmitElegantCode
function printParamArrayOfCallConnection() {
var ArrayList = Java.use("java.util.ArrayList");
var CallConnection = Java.use("com.test_uni_apk.lib.proftest.ProfApi$CallConnection");
Java.use("com.test_uni_apk.lib.proftest.ProfApi$CallStateReady") // dollar sign for inner class
.$init // init represent the constructor
// list of arguments are passed in byte code style, [B represents byte array
// when you try to hook Frida will provide an informative error with all the possible arguments for overloading
// copy & paste the right one which will look like this:
.overload("Lcom..ProfApi.CallProc;", "Lcom...ProfApi.CallConnection;", "java.lang.String", "[B", "Ljava.lang.String;")
.implementation = function(paramCallProc, paramArrayOfCallConnection, paramString, paramArrayOfByte, paramArrayOfString) {
// first we cast to list
var list = Java.cast(paramArrayOfCallConnection, ArrayList);
// iterating the list
for (var i = 0, l = list.size(); i < l; i++) {
// casting each element to the object we created earlier
var currentElement = Java.cast(list.get(i), CallConnection);
// printing to terminal
console.log(i, currentElement);
}
// executing original c'tor
this.$init(paramCallProc, paramArrayOfCallConnection, paramString, paramArrayOfByte, paramArrayOfString);
}
}
Java.perform(printParamArrayOfCallConnection);