-
-
il2cpp api偏移查找
-
发表于: 2024-7-31 17:39
-
打开 libunity.so 搜索字符串:Could not load symbol %s : %s
查找引用,进入任意一处
F5显示伪代码:
frida hook代码:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 | /*用法:frida -U -l hook_dlopen.js -f packageName --no-pause*/var soName = "libunity.so"function myfun(){ var moduleBaseAddress = Module.getBaseAddress(soName); console.log(soName + "_address:", moduleBaseAddress); var nativePointer = moduleBaseAddress.add(0x6139C0);//加上偏移地址 Interceptor.attach(nativePointer, { onEnter: function (args) { console.log("\n"); console.log("==参数0:" + this.context.x0); console.log("==参数1:" + this.context.x1.readCString()) console.log("==参数2:" + this.context.x2) }, onLeave: function (retval) { console.log("retval",retval,retval.sub(Module.getBaseAddress("libil2cpp.so"))); } } );}function hook_dlopen(){ var is_can_hook = false; Interceptor.attach(Module.findExportByName(null, "dlopen"), { onEnter: function (args) { var pathptr = args[0]; if (pathptr !== undefined && pathptr != null) { var path = ptr(pathptr).readCString(); if (path.indexOf(soName) >= 0) { this.is_can_hook = true; console.log("\n"+soName+"_path:", path); } } }, onLeave: function (retval) { if (this.is_can_hook) { myfun(); console.log("dlopen finish..."); } } } ); Interceptor.attach(Module.findExportByName(null, "android_dlopen_ext"), { onEnter: function (args) { var pathptr = args[0]; if (pathptr !== undefined && pathptr != null) { var path = ptr(pathptr).readCString(); if (path.indexOf(soName) >= 0) { this.is_can_hook = true; console.log("\n"+soName+"_path:", path); } } }, onLeave: function (retval) { if (this.is_can_hook) { myfun(); console.log("android_dlopen_ext finish..."); } } } );}setImmediate(hook_dlopen); |
输出:
总结:
多找找特征,找旧版本对比
欢迎加入QQ群:812701781,542863693,欢迎分享一些骚操作(备注看的什么文章)
微信公众号:MoneyHoneyCome
[培训]Windows内核深度攻防:从Hook技术到Rootkit实战!
