如题,动态注册的jni函数调用了一个用来加密的c函数(encrypt),希望hook这个encrypt函数,尝试用inline hook的方式,Interceptor.attach进行hook,但似乎hook不到,个人感觉应该不是地址的问题
以下是我的hook代码
function call(){
Java.perform(function(){
var offset=0xEE59
var so_name="libtest5.so"
var so_addr=Module.getBaseAddress(so_name)
console.log("so addr is "+so_addr)
var fun_addr=parseInt(so_addr,16)+offset
console.log("fun addr is "+fun_addr)
var ptr_fun=new NativePointer(fun_addr)
console.log("ptr fun is "+ptr_fun)
Interceptor.attach(ptr_fun,{
onEnter:function(args){
console.log("arg1: "+hexdump(args[0]))
console.log("arg2: "+hexdump(args[1]))
// console.log('RegisterNatives called from:\n' +
// Thread.backtrace(this.context, Backtracer.ACCURATE)
// .map(DebugSymbol.fromAddress).join('\n') + '\n');
},onLeave:function(retval){
console.log("ret is "+retval)
}
})
})
}
附件包括apk、cpp源码,麻烦大佬指点
链接:https://pan.baidu.com/s/1TjGpvaxtQQ_mQMdCGCgzxQ
提取码:3389
--来自百度网盘超级会员V5的分享
发表于 2023-4-20 14:19
|
发表于 2023-4-23 00:20
