function call_fun() {
Java.perform(function () {
var main = Java.use('com.kanxue.ollvm_ndk.MainActivity')
// main.UUIDCheckSum.implementation = function(arg1){
// console.log('java input is',arg1);
// return main.UUIDCheckSum(arg1);
// }
var res = main.UUIDCheckSum('vm8MRDk58srS2jDoRAIswzJU0ALS0z2P50lK');
console.log('java res is: ', res);
})
}
针对交叉引用进行hook:
下面是我通过分析后,猜测可能会参数过程的函数,我把他们都hook了。
function hook_native() {
var libBase = Module.getBaseAddress('libnative-lib.so');
var inputStr;
Interceptor.attach(libBase.add(0xFCB4), {
onEnter: function (args) {
// console.log('0xFCB4 Enter');
// console.log(hexdump(args[0]));
// inputStr = args[0];
// console.log(args[1]);
}, onLeave: function () {
// console.log('0xFCB4 onleave');
// console.log(hexdump(inputStr));
}
})
var inputStr2c;
var intpuStrIn;
Interceptor.attach(libBase.add(0x1029C), {
onEnter: function (args) {
inputStr2c = args[0]
// console.log(Memory.readUtf8String(args[1]));
}, onLeave: function (retval) {
// console.log(hexdump(inputStr2c);
// console.log(hexdump(intpuStrIn));
}
})
//nl9LSEj4-rsR3-4nS@-rv{K1-@MR1{3Q412b
Interceptor.attach(libBase.add(0xF9B8), {
onEnter: function (args) {
// console.log(hexdump(args[]));
// console.log(args[2]);
}, onLeave: function (retval) {
// console.log(retval);
}
})
Interceptor.attach(libBase.add(0xF04C), {
onEnter: function (args) {
// console.log(hexdump(args[0]));
// console.log(hexdump(args[]));
// console.log(args[1]);
}, onLeave: function (retval) {
// console.log(hexdump(retval));
}
})
Interceptor.attach(libBase.add(0xF270), {
onEnter: function (args) {
// console.log(hexdump(args[0]));
// console.log(hexdump(args[]));
// console.log(args[1]);
}, onLeave: function (retval) {
// console.log(hexdump(retval));
console.log(Memory.readUtf8String(retval.add(1)));
}
})
}