打印調(diào)用RegisterNativeMethods動(dòng)態(tài)注冊(cè)的函數(shù)地址

第一種方法編譯Android源碼

編譯Android源碼,修改libart,打印動(dòng)態(tài)注冊(cè)doCommandNative時(shí)的地址
修改如下

  static jint RegisterNativeMethods(JNIEnv* env, jclass java_class, const JNINativeMethod* methods,
                                    jint method_count, bool return_errors) {
    if (UNLIKELY(method_count < 0)) {
      JavaVmExtFromEnv(env)->JniAbortF("RegisterNatives", "negative method count: %d",
                                       method_count);
      return JNI_ERR;  // Not reached except in unit tests.
    }
    CHECK_NON_NULL_ARGUMENT_FN_NAME("RegisterNatives", java_class, JNI_ERR);
    ScopedObjectAccess soa(env);
    mirror::Class* c = soa.Decode<mirror::Class*>(java_class);
    if (UNLIKELY(method_count == 0)) {
      LOG(WARNING) << "JNI RegisterNativeMethods: attempt to register 0 native methods for "
          << PrettyDescriptor(c);
      return JNI_OK;
    }
    CHECK_NON_NULL_ARGUMENT_FN_NAME("RegisterNatives", methods, JNI_ERR);
    for (jint i = 0; i < method_count; ++i) {
      const char* name = methods[i].name;
      const char* sig = methods[i].signature;
      const void* fnPtr = methods[i].fnPtr;
+     LOG(WARNING) << "JNI RegisterNativeMethods name:" << name << " sig:" << sig << " fnPtr:" << fnPtr;
      if (UNLIKELY(name == nullptr)) {
        ReportInvalidJNINativeMethod(soa, c, "method name", i, return_errors);
        return JNI_ERR;
      } else if (UNLIKELY(sig == nullptr)) {
        ReportInvalidJNINativeMethod(soa, c, "method signature", i, return_errors);
        return JNI_ERR;
      } else if (UNLIKELY(fnPtr == nullptr)) {
        ReportInvalidJNINativeMethod(soa, c, "native function", i, return_errors);
        return JNI_ERR;
      }
      bool is_fast = false;

對(duì)應(yīng)的源碼地址
http://androidxref.com/6.0.1_r10/xref/art/runtime/jni_internal.cc#2080

第二種方法使用frida hook libart.so

https://github.com/lasting-yang/frida_hook_libart

Interceptor.attach(addrRegisterNativeMethods, {
    onEnter: function(args) {
        console.log("[RegisterNativeMethods] method_count:", args[3]);
        var methods_ptr = ptr(args[2]);

        var method_count = parseInt(args[3]);
        for (var i = 0; i < method_count; i++) {
            var name_ptr = Memory.readPointer(methods_ptr.add(i*12));
            var sig_ptr = Memory.readPointer(methods_ptr.add(i*12 + 4));
            var fnPtr_ptr = Memory.readPointer(methods_ptr.add(i*12 + 8));

            var name = Memory.readCString(name_ptr);
            var sig  = Memory.readCString(sig_ptr);
            console.log("[RegisterNativeMethods] name:", name, "sig", sig, "fnPtr", fnPtr_ptr);

        }
    },
    onLeave: function(retval) {}
});
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容