IxHook xHook
=
XHookImpl.getInstance(emulator);
/
/
加载xHook,支持Import hook,
xHook.register(
"libttEncrypt.so"
,
"strlen"
, new ReplaceCallback() {
/
/
hook libttEncrypt.so的导入函数strlen
@Override
public HookStatus onCall(Emulator<?> emulator, HookContext context,
long
originFunction) {
Pointer pointer
=
context.getPointerArg(
0
);
String
str
=
pointer.getString(
0
);
System.out.println(
"strlen="
+
str
);
context.push(
str
);
return
HookStatus.RET(emulator, originFunction);
}
@Override
public void postCall(Emulator<?> emulator, HookContext context) {
System.out.println(
"strlen="
+
context.pop()
+
", ret="
+
context.getIntArg(
0
));
}
}, true);
xHook.register(
"libttEncrypt.so"
,
"memmove"
, new ReplaceCallback() {
@Override
public HookStatus onCall(Emulator<?> emulator,
long
originFunction) {
RegisterContext context
=
emulator.getContext();
Pointer dest
=
context.getPointerArg(
0
);
Pointer src
=
context.getPointerArg(
1
);
int
length
=
context.getIntArg(
2
);
Inspector.inspect(src.getByteArray(
0
, length),
"memmove dest="
+
dest);
return
HookStatus.RET(emulator, originFunction);
}
});
xHook.register(
"libttEncrypt.so"
,
"memcpy"
, new ReplaceCallback() {
@Override
public HookStatus onCall(Emulator<?> emulator,
long
originFunction) {
RegisterContext context
=
emulator.getContext();
Pointer dest
=
context.getPointerArg(
0
);
Pointer src
=
context.getPointerArg(
1
);
int
length
=
context.getIntArg(
2
);
Inspector.inspect(src.getByteArray(
0
, length),
"memcpy dest="
+
dest);
return
HookStatus.RET(emulator, originFunction);
}
});
xHook.refresh();
/
/
使Import hook生效