Frida04 - 基本API用法
2023-12-15 19:26:03
?参考文档
https://api-caller.com/2019/03/30/frida-note/
https://frida.re/docs/javascript-api/#frida
执行脚本
frida?-U?-f?com.example.demo1?--no-pause?-l?agent/demo1/demo1.js
智能提示
编写脚本时没有智能提示很烦人,如何有智能提示在第一篇已经说过了,再次贴一下链接:
https://github.com/oleavr/frida-agent-example
代码演示
全部上传到了 github 上:https://github.com/aprz512/Android-Crack
hook实例方法/重载方法/静态方法
//?相当于是找到类?Class?对象
var?fridaDemo1Class?=?Java.use("com.example.demo1.FridaDemo1")
//?hook?com.example.demo1.FridaDemo1#func(int,?int)
fridaDemo1Class.func.overload('int',?'int').implementation?=?function?(arg1,?arg2)?{
????//?获取原函数的结果
????var?result?=?this.func(arg1,?arg2);
????//?打印参数与结果
????console.log("arg1,?arg2,?result",?arg1,?arg2,?result)
????//?改变函数的结果
????return?9527;
}
//?hook?com.example.demo1.FridaDemo1#func(java.lang.String)
fridaDemo1Class.func.overload('java.lang.String').implementation?=?function?(arg1)?{
????//?构造一个?String?对象
????var?helloStr?=?Java.use('java.lang.String').$new('Hello')
????//?改变传递的参数,执行原函数
????var?result?=?this.func(helloStr);
????console.log("arg1,?result",?arg1,?result)
????//?返回?world
????return?Java.use('java.lang.String').$new("World");
}
//?hook?com.example.demo1.FridaDemo1#nice
fridaDemo1Class.nice.implementation?=?function?()?{
????//?获取原函数的结果
????var?result?=?this.nice();
????//?打印参数与结果
????console.log("nice?result",?result)
????return?result;
}
调用实例方法
//?找到类的实例对象
Java.choose("com.example.demo1.MainActivity",?{
????onMatch:?function?(instance)?{
????????console.log("found?instance?:",?instance)
????????console.log("found?instance?:",?instance.abc())
????},?onComplete:?function?()?{?}
})
调用静态方法
var?result?=?Java.use("com.example.demo1.MainActivity").sabc();
console.log(result);
定时触发
function?trigger()?{
????Java.perform(function?()?{
????????//?找到类的实例对象
????????Java.choose("com.example.demo1.MainActivity",?{
????????????onMatch:?function?(instance)?{
????????????????console.log("trigger?test?method?...?",?instance.test())
????????????},?onComplete:?function?()?{?}
????????})
????})
}
//?2s后执行trigger函数
setTimeout(trigger,?2000)
立即触发
function?main()?{
????Java.perform(function?()?{
???...
????}
}
//?立即执行?main?函数
setImmediate(main)
测试代码
public?class?FridaDemo1?{
????private?static?final?String?secret?=?"secret";
????private?StringBuilder?builder?=?new?StringBuilder();
????public?static?String?secret2()?{
????????return?secret;
????}
????String?func(String?x)?{
????????String?s?=?x.toLowerCase();
????????builder.append(s);
????????return?s;
????}
????int?func(int?x,?int?y)?{
????????builder.append(x?+?y);
????????return?x?+?y;
????}
????String?secret()?{
????????return?builder.toString();
????}
????static?int?nice()?{
????????return?333;
????}
}
public?class?MainActivity?extends?AppCompatActivity?{
????private?void?test()?{
????????FridaDemo1?demo1?=?new?FridaDemo1();
????????demo1.func(99,?33);
????????String?s?=?FridaDemo1.secret2();
????????demo1.func(s);
????????demo1.secret();
????????FridaDemo1.nice();
????}
????public?String?abc()?{
????????Log.e("MainActivity",?"you?invoked?adc");
????????return?"abc";
????}
????public?static?String?sabc()?{
????????Log.e("MainActivity",?"you?invoked?static?adc");
????????return?"sabc";
????}
}
文章来源:https://blog.csdn.net/a5right/article/details/134987362
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!