首页
社区
课程
招聘
frida脚本python在使用docker虚拟的手机时产生错误,怎么回事?
发表于: 2天前 444

frida脚本python在使用docker虚拟的手机时产生错误,怎么回事?

2天前
444

import frida
import sys

jscode = """
Java.perform(function(){
var str_name_so = "libaaaa.so"; //需要hook的so名
//var n_addr_func_offset = 0x00000680; //需要hook的函数的偏移
//var n_addr_so = Module.findBaseAddress(str_name_so); //加载到内存后 函数地址 = so地址 + 函数偏移
//var n_addr_func = parseInt(n_addr_so, 16) + n_addr_func_offset;
//var ptr_func = new NativePointer(n_addr_func);
var ptr_func = Module.findExportByName(str_name_so,"ffe") //对函数名hook

1
2
3
4
5
6
7
8
9
10
11
12
13
Interceptor.attach(ptr_func,{
    //onEnter:
    onEnter: function(args) {
        //send("Hook start");
        //send("args[2]=" + args[2]); //第一个传入的参数
        //send("args[3]=" + args[3]); //第二个参数
        send(Memory.readCString(this.context.r1))
    },
    onLeave: function(retval){ //onLeave:
        //send("return:"+retval); //返回值
        //retval.replace(100); //替换返回值为100
    }
});

});
"""
def printMessage(message,data):
if message['type'] == 'send':
print('[*] {0}'.format(message['payload']))
with open('./streams.txt', 'a+') as f:
f.write('{0}'.format(message['payload']))
f.write('\n')
else:
print(message)

device=frida.get_remote_device()
print(device)
process = device.attach('aaa') #进程名
print(process)
script = process.create_script(jscode)
script.on('message',printMessage)
script.load()
sys.stdin.read()

用真机没有错误,但是用的是docker虚拟的手机产生在运行到script.load()时
{'type': 'error', 'description': 'Error: invalid instruction', 'stack': 'Error: invalid instruction\n at value (frida/runtime/core.js:470)\n at Tn (frida/node_modules/frida-java-bridge/lib/android.js:1744)\n at <anonymous> (frida/node_modules/frida-java-bridge/lib/android.js:1622)\n at _patchCode (native)\n at value (frida/runtime/core.js:207)\n at In (frida/node_modules/frida-java-bridge/lib/android.js:1623)\n at vt (frida/node_modules/frida-java-bridge/lib/android.js:582)\n at <anonymous> (frida/node_modules/frida-java-bridge/lib/memoize.js:4)\n at bt (frida/node_modules/frida-java-bridge/lib/android.js:577)\n at <anonymous> (frida/node_modules/frida-java-bridge/lib/class-model.js:115)\n at build (frida/node_modules/frida-java-bridge/lib/class-model.js:7)\n at _make (frida/node_modules/frida-java-bridge/lib/class-factory.js:168)\n at use (frida/node_modules/frida-java-bridge/lib/class-factory.js:62)\n at <anonymous> (frida/node_modules/frida-java-bridge/index.js:224)\n at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)\n at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:244)\n at perform (frida/node_modules/frida-java-bridge/index.js:204)\n at <eval> (/script1.js:23)', 'fileName': 'frida/runtime/core.js', 'lineNumber': 470, 'columnNumber': 1}
{'type': 'error', 'description': "TypeError: cannot set property '_code' of null", 'stack': "TypeError: cannot set property '_code' of null\n at In (frida/node_modules/frida-java-bridge/lib/android.js:1623)\n at vt (frida/node_modules/frida-java-bridge/lib/android.js:582)\n at <anonymous> (frida/node_modules/frida-java-bridge/lib/memoize.js:4)\n at bt (frida/node_modules/frida-java-bridge/lib/android.js:577)\n at <anonymous> (frida/node_modules/frida-java-bridge/lib/class-model.js:115)\n at build (frida/node_modules/frida-java-bridge/lib/class-model.js:7)\n at _make (frida/node_modules/frida-java-bridge/lib/class-factory.js:168)\n at use (frida/node_modules/frida-java-bridge/lib/class-factory.js:62)\n at <anonymous> (frida/node_modules/frida-java-bridge/index.js:224)\n at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)\n at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:244)\n at perform (frida/node_modules/frida-java-bridge/index.js:204)\n at <eval> (/script1.js:23)", 'fileName': 'frida/node_modules/frida-java-bridge/lib/android.js', 'lineNumber': 1623, 'columnNumber': 1}


[招生]系统0day安全班,企业级设备固件漏洞挖掘,Linux平台漏洞挖掘!

收藏
免费 0
支持
分享
最新回复 (4)
雪    币: 10
能力值: ( LV1,RANK:0 )
在线值:
发帖
回帖
粉丝
2
docker虚拟的手机是redroid吗
2天前
0
雪    币: 26
活跃值: (1686)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
mb_ldbucrik docker虚拟的手机是redroid吗
是啊。刚才莫名其剥离的不好使,现在又莫名其妙的好使了,也没改啥啊
2天前
0
雪    币: 10
能力值: ( LV1,RANK:0 )
在线值:
发帖
回帖
粉丝
4
可能是frida的bug吧
2天前
0
雪    币: 10
能力值: ( LV1,RANK:0 )
在线值:
发帖
回帖
粉丝
5
大佬试过cuttlefish吗
1天前
0
游客
登录 | 注册 方可回帖
返回
//