Frida相关api

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

var money = Java.use("com.Jeremiah.hook.money");
//不需要区分修饰符，也不需要区分静态和实例方法，hook代码的写法都是一样的
//hook实例方法
money.getInfo.implementation = function () {
    var result = this.getInfo();
    console.log("result: ", result)
    return result;
}
//hook静态方法
money.setFlag.implementation = function (a) {
    console.log("param: ", a);
    return this.setFlag(a);
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

var money = Java.use("com.Jeremiah.hook.Money");
var str = Java.use("java.lang.String");
money.getInfo.implementation = function () {
    var result = this.getInfo();
    console.log("money.getInfo result: ", result);
    return str.$new("Jeremiah");
    //上述字符串"Jeremiah"是JS的string，而被hook的Java方法返回值是Java的String
    //因此，可以主动调用Java方法转成Java的String
    //但是为了方便起见，通常会直接直接返回JS的string，这时frida会自动处理，代码类似如下
    //return "Jeremiah";
    //Java的类型可以调用Java的方法，JS的类型可以调用JS的方法
    //区分清楚何时是Java的类型，何时是JS的类型，有助于代码的编写
    //frida在参数传递的处理上也类似
}
money.setFlag.implementation = function (a) {
    console.log("money.setFlag param: ", a);
    return this.setFlag("Jeremiah");
}

1
2
3
4
5

var money = Java.use("com.Jeremiah.hook.Money");
money.$init.implementation = function(a,b){
    console.log("money.$init param: ",a, b);
    return this.$init("dollar",200);
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

var wallet = Java.use("com.Jeremiah.hook.Wallet");
var money = Java.use("com.Jeremiah.hook.Money");
wallet.deposit.implementation = function (a) {
    console.log("wallet.deposit param: ", a.getInfo());
    return this.deposit(money.$new("dollar", 200));
}

var wallet = Java.use("com.Jeremiah.hook.Wallet");
wallet.deposit.implementation = function (a) {
    a.setAmount(2000);
    console.log("wallet.deposit param: ", a.getInfo());
    return this.deposit(a);
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

var utils = Java.use("com.Jeremiah.hook.Utils");
var stringBuilder = Java.use("java.lang.StringBuilder");
utils.shufferMap.implementation = function (a) {
    var key = a.keySet();     //得到所有的key
    var it = key.iterator();  
    var result = stringBuilder.$new();
    while(it.hasNext()){
        var keystr = it.next();
        var valuestr = a.get(keystr);
        result.append(valuestr);
    }
    console.log("utils.shufferMap param: ", result.toString());
    var result = this.shufferMap(a);
    console.log("utils.shufferMap result: ", result);
    return result;
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

var utils = Java.use("com.Jeremiah.hook.Utils");
utils.getCalc.overload('int', 'int').implementation = function (a, b) {
    console.log("utils.getCalc param: ", a, b);
    return this.getCalc(a, b);
}
utils.getCalc.overload('int', 'int', 'int').implementation = function (a, b, c) {
    console.log("utils.getCalc param: ", a, b, c);
    return this.getCalc(a, b, c);
}
utils.getCalc.overload('int', 'int', 'int', 'int').implementation = function (a, b, c, d) {
    console.log("utils.getCalc param: ", a, b, c, d);
    return this.getCalc(a, b, c, d);
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

var utils = Java.use("com.Jeremiah.hook.Utils");
var overloadsArr = utils.getCalc.overloads;  //包含该方法的所有重载函数，overloads返回重载函数的数组
for (var i = 0; i < overloadsArr.length; i++) {
    overloadsArr[i].implementation = function () {
        showStacks();
        var params = "";
        for (var j = 0; j < arguments.length; j++) {   //arguments存储所有传进函数的参数
            params += arguments[j] + " ";
        }
        console.log("utils.getCalc is called! params is: ", params);
        // if(arguments.length == 2){
        //     return this.getCalc(arguments[0], arguments[1]);
        // }else if(arguments.length == 3){
        //     return this.getCalc(arguments[0], arguments[1], arguments[2]);
        // }else if(arguments.length == 4){
        //     return this.getCalc(arguments[0], arguments[1], arguments[2], arguments[3]);
        // }
        console.log(this);
        return this.getCalc.apply(this, arguments); //第一个参数为当前的Java对象实例，第二个参数为一个数组或类数组对象，这里包含了传进函数的参数，此处apply用于调用原来的getCalc方法
    }
}