frida hook strcmp

https://bbs.kanxue.com/thread-260550.htm

function hookstrcmp(){
    Java.perform(function() {
        console.log("I am a Hook function");
        var strcmp = Module.findExportByName("libc.so","strcmp");//这里发现无论“libnative-lib.so”还是“libc.so”都是一样的地址
        console.log("find strcmp:",strcmp);
        Interceptor.attach(strcmp, {
            onEnter: function (args) {
                    //hook住后打印strcmp的第一个参数和第二个参数的内容
                    if(ptr(args[1]).readCString().indexOf("REJECT")>=0){
                        console.log("[*] strcmp (" + ptr(args[0]).readCString() + "," + ptr(args[1]).readCString()+")");
                        this.isREJECT = true;
                    }
             
            },onLeave:function(retval){
                if(this.isREJECT){
                    console.log("the REJECT's result :",retval);
                }
            }
        });
    })
}

posted @ 2025-01-25 16:19 AngDH 阅读(35) 评论(0) 收藏举报

刷新页面返回顶部

AngDH

frida hook strcmp

公告