FRIDA SO HOOK Unreported Functions

By Micro Services

Analyze encode first.

frida so hook Unexported function
found It is an export function.
frida so hook Unexported function
ida find it, as shown .
frida so hook Unexported function
Check the reference and find the function that calls it .
frida so hook Unexported function
Get its offset in the file ,as the picture shows.
frida so hook  unexported functions
hook , remember to add 1 to the address.
frida so hook Unexported functions

# -*- coding: UTF-8 -*-
import frida, sys

jsCode = """

Java.perform(function(){
< br /> var soAddr = Module.findBaseAddress("libhello.so");
 send('soAddr: '+ soAddr);
 var MD5FinalAddr = soAddr.add(0x1768 + 1);
 send('MD5FinalAddr: '+ MD5FinalAddr);
 Interceptor.attach(MD5FinalAddr, {
 onEnter: function(args){
 send(args[0]);
 send (args[1]);
 },
 onLeave: function(retval){
 send(retval);
 }
 });
< br />});

""";

def message(message, data):
 if message["type"] =='send' :
 print(u"[*] {0}".format(message['payload']))
 else:
 print(message)

process = frida.get_remote_device().attach("com.xiaojianbang.app")
script= pr ocess.create_script(jsCode)
script.on("message", message)
script.load()
sys.stdin.read()

frida so hook Unexported function

, , , ,

WordPress database error: [Table 'yf99682.wp_s6mz6tyggq_comments' doesn't exist]
SELECT SQL_CALC_FOUND_ROWS wp_s6mz6tyggq_comments.comment_ID FROM wp_s6mz6tyggq_comments WHERE ( comment_approved = '1' ) AND comment_post_ID = 2464 ORDER BY wp_s6mz6tyggq_comments.comment_date_gmt ASC, wp_s6mz6tyggq_comments.comment_ID ASC

Leave a Comment

Your email address will not be published.