好友
阅读权限10
听众
最后登录1970-1-1
|
问题:
使用frIDA进行hook安卓的appliation,无法实现请指教
准备材料:
1:迅雷安装包
2:frida
3 : 雷电模拟器启动
执行步骤:
1:启动frida_server
2: pc的cmd窗口执行名利>frida -U -f com.xunlei.downloadprovider
3 : 启动脚本.脚本见下文。
4: 第二步的窗口上输入>%resume
报错:
[Android Emulator 5554::com.xunlei.downloadprovider]-> Process crashed: Bad access due to invalid address
***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/android_x86/x86:7.1.2/N2G47H/N975FXXU1ASGO:/release-keys'
Revision: '0'
ABI: 'x86'
pid: 3500, tid: 3500, name: re-initialized> >>> <pre-initialized> <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x10
eax 00000000 ebx 00000dac ecx 00000dac edx 0000000b
esi cfff9bcc edi cfff9960
xcs 00000073 xds 0000007b xes 0000007b xfs 0000003b xss 0000007b
eip c7f29c10 ebp cfff99e0 esp cfff98f8 flags 00000296
backtrace:
#00 pc 00000c10 [vdso:c7f29000] (__kernel_vsyscall+16)
#01 pc 0007fc08 /system/bin/linker (__dl_syscall+40)
#02 pc 000046d1 /system/bin/linker (__dl__ZL24debuggerd_signal_handleriP7siginfoPv+1201)
#03 pc 0000b7fd /system/bin/app_process32_xposed (InvokeUserSignalHandler+317)
#04 pc 000ff441 /system/lib/libart.so (offset 0x10a000)
***
解决方案:
暂无,求指教
本地调试脚本:
[Python] 纯文本查看 复制代码 # -*- coding: utf-8 -*-import os
import sys
import frida
def connect_device(timeout=15):
try:
device = frida.get_usb_device(timeout=timeout)
except:
device = frida.get_remote_device()
return device
def forward_frida():
os.system("adb forward tcp:27042 tcp:27042")
os.system("adb forward tcp:27043 tcp:27043")
jscodev2 = """
if (Java.available) {
console.log("1111");
console.log("hello-log");
console.warn("hello-warn");
console.error("hello-error");
Java.perform(function(){
var application = Java.use('com.xunlei.downloadprovider.MyWrapperProxyApplication');
application.initProxyApplication.implementation = function(context){
console.log("开始执行initProxyApplication方法");
console.log("调用方法 context.getApplicationInfo().sourceDir");
//var instance = application.$new();
var sourceDir= context.getApplicationInfo().sourceDir
console.log("调用方法 sourceDir="+sourceDir);
this.initProxyApplication(context);
console.log("执行initProxyApplication方法结束");
}
var cName = WrapperProxyApplication.className;
send("cName="+cName)
console.log("cName="+cName);
});
}else{
console.log("Java 不可用");
}
"""
if __name__ == "__main__":
try:
device = connect_device()
if not device:
raise Exception("Unable to connect.")
except:
forward_frida()
device = connect_device()
if not device:
print("[Except] - Unable to connect to device.", bg='red')
exit()
session = device.attach('com.xunlei.downloadprovider')
script = session.create_script(jscodev2)
script.load()
print('[*]附着成功')
# 等待人工输入
sys.stdin.read() |
|
发帖前要善用【论坛搜索】功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。 |
|
|
|
|
|
|
发表于 2021-7-20 20:29
