JNI hook example

2018-05-30 17:59:44 +03:00 · 2018-05-30 17:59:44 +03:00 · fd64827ccc
commit fd64827ccc
parent 29ec3b9e3f
1 changed files with 25 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -58,6 +58,31 @@ TODOs:
            return this(stringArgument);
        };

+* Hook Native (JNI)
+```
+Interceptor.attach(Module.findExportByName(null, "dlopen"), {
+	onEnter: function (args) {
+	    var lib = Memory.readUtf8String(args[0]);
+	    console.log("dlopen called with: " + lib);
+	    this.lib = lib; // pass argument to onLeave
+	},
+	onLeave: function (retval) {
+	    console.log("dlopen called exit with: " + this.lib);
+	    if (this.lib.endsWith("libfoo.so")) {
+		console.log("ret: " + retval);
+		var libtmessages_base = Process.findModuleByName("libfoo.so").base; // Module.findBaseAddress(‘foo.so’).add(0x1234)
+		console.log("libtmessages_base: " + libtmessages_base);
+            // find function address with $ nm -CD libfoo.so | grep "SomeClass::someFunction"
+		var i = Interceptor.attach(libtmessages_base.add(0x0021e5b4), {
+		    onEnter: function(args) {
+		        console.log('initttt ');
+		    }
+		});
+		console.log("i: " + i);
+	    }
+	}
+	});
+```


 References overview: