-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathtest2.js
117 lines (106 loc) · 4.21 KB
/
test2.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
Java.perform(function () {
var ThreadWrapper = Java.use("java.lang.Thread");
//var f4Wrapper = Java.use("com.illuminate.texaspoker.net.a.f$4");
var f4Wrapper = Java.use("com.illuminate.texaspoker.e.b.f$5");
var f5Methods = f4Wrapper.class.getDeclaredMethods();
for (var i in f5Methods) {
f5Methods[i].setAccessible(true);
console.log(i + ": " + f5Methods[i]);
}
var f5Methods = f4Wrapper.class.getMethods();
for (var i in f5Methods) {
f5Methods[i].setAccessible(true);
console.log(i + ": " + f5Methods[i]);
}
f4Wrapper.call.implementation = function() {
console.log("--------------")
var stackTrace = ThreadWrapper.currentThread().getStackTrace();
for (var i in stackTrace) {
console.log(i + ": " + stackTrace[i]);
}
var ret = this.call();
console.log(ret);
return ret;
}
//var fWrapper = Java.use("com.illuminate.texaspoker.net.a.f");
var fWrapper = Java.use("com.illuminate.texaspoker.e.b.f");
var PackageWrapper = Java.use("com.texaspoker.moment.TexasPokerCommon$Package");
var ExecutorServiceWrapper = Java.use("java.util.concurrent.ExecutorService");
var ExecutorsMethods = ExecutorServiceWrapper.class.getDeclaredMethods();
console.log(ExecutorServiceWrapper.class);
for (var i in ExecutorsMethods) {
ExecutorsMethods[i].setAccessible(true);
console.log(i + ": " + ExecutorsMethods[i].getName());
}
var ExecutorsMethods = ExecutorServiceWrapper.class.getMethods();
console.log(ExecutorServiceWrapper.class);
for (var i in ExecutorsMethods) {
ExecutorsMethods[i].setAccessible(true);
console.log(i + ": " + ExecutorsMethods[i].getName());
}
fWrapper.a.overload('com.texaspoker.moment.TexasPokerCommon$Package').implementation = function(arg1) {
//var resolver = new ApiResolver('module');
//resolver.enumerateMatches('exports:*!*call*', {
// onMatch: function (match) {
// /*
// * Where `match` contains an object like this one:
// *
// * {
// * name: '/usr/lib/libSystem.B.dylib!opendir$INODE64',
// * address: ptr('0x7fff870135c9')
// * }
// */
// console.log(match.name);
// },
// onComplete: function () {
// }
//});
console.log("--------------")
console.log(arg1)
var stackTrace = ThreadWrapper.currentThread().getStackTrace();
for (var i in stackTrace) {
console.log(i + ": " + stackTrace[i]);
}
var ret = this.a.overload('com.texaspoker.moment.TexasPokerCommon$Package').call(this, arg1);
console.log(ret);
//return ret;
return true;
}
//
//
//var ClassLoaderWrapper = Java.use("java.lang.ClassLoader");
//var ClassLoaderClass = ClassLoaderWrapper.class;
//var ClassLoaderMethods = ClassLoaderClass.getDeclaredMethods();
//for (var i in ClassLoaderMethods) {
// ClassLoaderMethods[i].setAccessible(true);
// //console.log(i + ": " + ClassLoaderMethods[i]);
//}
//console.log("---------");
//
//var URLClassLoaderWrapper = Java.use("java.net.URLClassLoader");
//var URLClassLoaderClass = URLClassLoaderWrapper.class;
//var URLClassLoaderMethods = URLClassLoaderClass.getDeclaredMethods();
//for (var i in URLClassLoaderMethods) {
// URLClassLoaderMethods[i].setAccessible(true);
// //console.log(i + ": " + URLClassLoaderMethods[i].getName());
//}
//URLClassLoaderMethods = URLClassLoaderClass.getMethods();
//for (var i in URLClassLoaderMethods) {
// URLClassLoaderMethods[i].setAccessible(true);
// //console.log(i + ": " + URLClassLoaderMethods[i].getName());
//}
//console.log(URLClassLoaderMethods[15]);
//console.log("---------");
//
//
//var URLWrapper = Java.use("java.net.URL");
//
//// 对于 $new 是不需要 .overload 去选择重载的,Frida会根据 参数类型 和 参数数量 自动选择一个合适的重载。
//// 在这里,自动选用 .overload('java.lang.String')
//var URLObject = URLWrapper.$new('file:/data/local/tmp/reflections-0.9.11.jar');
//
//// 在这里,自动选用 .overload('[java.net.URL')
////var URLClassLoaderObject = URLClassLoaderWrapper.$new([URLObject]);
////URLClassLoaderMethods[15].invoke(URLClassLoaderObject, ["org.reflections.util.ClasspathHelper"]);
//
});