此文章只为学习而生,请勿干违法违禁之事,本公众号只在技术的学习上做以分享,分享个脚本,所有行为与本公众号无关。
01
Hook某个类所有方法的调用
function showStacks(){
var Exception = Java.use(“java.lang.Exception”);
var ins = Exception.$new(“Exception”);
var straces = ins.getStackTrace();
if(undefined== straces ||null== straces) {
return;
}
console.log(“============================= Stack strat=======================”);
console.log(“”);
for(var i =0; i < straces.length; i++) {
var str =” “+ straces[i].toString();
console.log(str);
}
console.log(“”);
console.log(“============================= Stack end=======================\r\n”);
Exception.$dispose();
}
Java.perform(function() {
var TargetClass = Java.use(‘com.example.TargetClass’);
TargetClass.targetMethod.overload().implementation = function() {
var result = this.targetMethod();
// 使用 WhoCalledMe 函数获取调用栈信息
var callers = WhoCalledMe(this, 5);
console.log("Callers of targetMethod:");
showStacks();
for (var i = 0; i < callers.length; i++) {
console.log(callers[i]);
}
// 返回原始方法的结果
return result;
};});
function WhoCalledMe(instance, amount) {
var Thread = Java.use(‘java.lang.Thread’);
var stack = Thread.currentThread().getStackTrace();
var stackClassNames = stack.map(function(x) { return x.getClassName(); });
var index = stackClassNames.indexOf(instance.$className);
if (index === -1) {
console.log(‘Failed to find calling class in the stacktrace: ‘ + stack + ‘\n class: ‘ + instance.$className);
return;
}
return stackClassNames.slice(index + 1, index + 1 + amount);
}
只要这个类中的方法被调用了就会打印,如上图,然后我上面加入了堆栈,所以会有调用的堆栈信息,此方法用于难以确定类的时候无需每个方法重写,直接hook住。
02
Hook某个类的实例化调用
function showStacks(){
var Exception = Java.use(“java.lang.Exception”);
var ins = Exception.$new(“Exception”);
var straces = ins.getStackTrace();
if(undefined== straces ||null== straces) {
return;
}
console.log(“============================= Stack strat=======================”);
console.log(“”);
for(var i =0; i < straces.length; i++) {
var str =” “+ straces[i].toString();
console.log(str);
}
console.log(“”);
console.log(“============================= Stack end=======================\r\n”);
Exception.$dispose();
}
Java.perform(function() {
var TargetClass = Java.use(‘com.example.TargetClass’);
TargetClass.$init.overload().implementation = function() {
var result = this.$init();
// 使用 WhoCalledMe 函数获取调用栈信息
var callers = WhoCalledMe(this, 5);
console.log("Callers of targetMethod:");
showStacks();
for (var i = 0; i < callers.length; i++) {
console.log(callers[i]);
}
// 返回原始方法的结果
return result;
};});
function WhoCalledMe(instance, amount) {
var Thread = Java.use(‘java.lang.Thread’);
var stack = Thread.currentThread().getStackTrace();
var stackClassNames = stack.map(function(x) { return x.getClassName(); });
var index = stackClassNames.indexOf(instance.$className);
if (index === -1) {
console.log(‘Failed to find calling class in the stacktrace: ‘ + stack + ‘\n class: ‘ + instance.$className);
return;
}
return stackClassNames.slice(index + 1, index + 1 + amount);
}
也加入了堆栈,所以可以直接调用实例化的类方法进行定位。
声明:文中观点不代表本站立场。本文传送门:https://eyangzhen.com/425489.html
