第一种:
function hook_dyn_dex() {
Java.perform(function () {
//hook 动态加载的dex
Java.enumerateClassLoaders({
onMatch: function (loader) {
try {
if (loader.findClass("com.xxx")) {
console.log(loader);
Java.classFactory.loader = loader; //切换classloader
}
} catch (error) {
}
}, onComplete: function () {
}
});
var DynamicCheck = Java.use("com.xxx");
console.log(DynamicCheck);
DynamicCheck.check.implementation = function () {
console.log("DynamicCheck.check");
return true;
}
});
}
第二种
function hook_dy_dex(){
Java.enumerateClassLoaders({
"onMatch": function(loader) {
if (loader.toString().indexOf("libxxx.so") > 0 ) {
Java.classFactory.loader = loader; // 切换classloader
}
},
"onComplete": function() {
}
});
var dex = Java.classFactory.use('com.xxx');
dex.a.overload('java.util.HashMap').implementation = function(a){
let retval = this.a(a);
console.log("a:" + a.entrySet().toArray());
console.log("retval" + retval.entrySet().toArray());
let stack = threadinstance.currentThread().getStackTrace();
return retval;
}
}
浙公网安备 33010602011771号