frida实现安卓hook的基本框架
以下为frida hook的框架代码,只需要修改jscode就可以实现自定义的hookimport frida, sys
def on_message(message, data):
if message['type'] == 'send':
print("[*] {0}".format(message['payload']))
else:
print(message)
jscode = """
Java.perform(function () {
// 要hook的类名
var MainActivity = Java.use('org.citra.emu.MainActivity');
// hook按钮点击事件
MainActivity.onClick.implementation = function (v) {
// Show a message to know that the function got called
send('onClick');
// 执行原始方法代码
this.onClick(v);
//修改MainActivity中属性的值
this.m.value = 0;
this.n.value = 1;
this.cnt.value = 999;
//打印日志
console.log('Done:' + JSON.stringify(this.cnt));
};
});
"""
# 设置要注入的进程名或者pid
process = frida.get_usb_device().attach('org.citra.emu')
script = process.create_script(jscode)
script.on('message', on_message)
print('[*] gogo')
script.load()
sys.stdin.read()
页:
[1]