案例、批改即用
import frida, sysdef on_message(message, data): if message['type'] == 'send': print("[*] {0}".format(message['payload'])) else: print(message)jscode2 = """Java.perform(function(){ var 类名 = Java.use('找到须要hook的类名/门路') 类名.须要hook的办法名.implementation = function(参数1,参数2){ send(参数1) send(参数2) var a = this.须要hook的办法名(参数1,参数2) send('I am here'); //printHashMap(a) //HashMap类型应用此打印形式 send(a); return a; };})function printHashMap(param_hm){ //打印HashMap类型参数 var HashMap = Java.use('java.util.HashMap'); var args_map = Java.cast(param_hm, HashMap); send('args_map:'+args_map.toString());}"""process = frida.get_usb_device(timeout=1000).attach('增加要hook的包名')script = process.create_script(jscode2) # 须要hook的函数script.on('message', on_message) # 固定格局,打印print('[*] Running CTF')script.load() # 加载sys.stdin.read() # 使程序始终运行,不完结