海
我的教授问你如何在类里面打印变量的内容
他为我们提供了一个 apk,要与 frida 一起启动和分析:
package com.test_uni_apk.lib.proftest;
public class ProfApi{
public static class StateReady
extends ProfApi.CallState
{
public CallStateReady() {}
public CallStateReady(ProfApi.CallProc paramCallProc,
ProfApi.CallConnection[] paramArrayOfCallConnection, String
paramString, byte[] paramArrayOfByte, String[] paramArrayOfString)
{
this.printthis = paramArrayOfCallConnection;
}
}
}
我读到用 frida 你可以 Hook 一个类,但我不明白如何打印 printthis 的值。
最佳答案
我假设 CallStateReady是 com.test_uni_apk.lib.proftest.ProfApi 的内部类你想钩住c'tor并打印第二个参数#PleaseSubmitElegantCode
function printParamArrayOfCallConnection() {
var ArrayList = Java.use("java.util.ArrayList");
var CallConnection = Java.use("com.test_uni_apk.lib.proftest.ProfApi$CallConnection");
Java.use("com.test_uni_apk.lib.proftest.ProfApi$CallStateReady") // dollar sign for inner class
.$init // init represent the constructor
// list of arguments are passed in byte code style, [B represents byte array
// when you try to hook Frida will provide an informative error with all the possible arguments for overloading
// copy & paste the right one which will look like this:
.overload("Lcom..ProfApi.CallProc;", "Lcom...ProfApi.CallConnection;", "java.lang.String", "[B", "Ljava.lang.String;")
.implementation = function(paramCallProc, paramArrayOfCallConnection, paramString, paramArrayOfByte, paramArrayOfString) {
// first we cast to list
var list = Java.cast(paramArrayOfCallConnection, ArrayList);
// iterating the list
for (var i = 0, l = list.size(); i < l; i++) {
// casting each element to the object we created earlier
var currentElement = Java.cast(list.get(i), CallConnection);
// printing to terminal
console.log(i, currentElement);
}
// executing original c'tor
this.$init(paramCallProc, paramArrayOfCallConnection, paramString, paramArrayOfByte, paramArrayOfString);
}
}
Java.perform(printParamArrayOfCallConnection);
关于android - Frida 打印类中的所有变量,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52384073/