iOS安全-Frida 通过模块+偏移hook 与调用类方法新手学习

function get_func_addr(module, offset) {
var base_addr = Module.findBaseAddress(module);
console.log("base_addr: " + base_addr);
var func_addr = base_addr.add(offset);
if (Process.arch == 'arm')
return func_addr.add(1);
else
return func_addr;
}

var func_addr = get_func_addr('zfT516FIC291.dylib', 0x875C); //0x875C 函数偏移地址
console.log('func_addr: ' + func_addr);

if (ptr(func_addr).isNull()) {
console.log('Function address is null or invalid!');
} else {
Interceptor.attach(ptr(func_addr), {
onEnter: function(args) {
console.log("====onEnter=====");
console.log("arg0: " + args[0]);
console.log(hexdump(ptr(args[0]), { length: 64, header: false, ansi: false }));
console.log("arg1: " + args[1]);
console.log("arg2: " + args[2]);
},
onLeave: function(retval) {
console.log("====onLeave=====");
if (retval) {
console.log("retval: " + retval);
//console.log(hexdump(ptr(retval), { length: 64, header: true, ansi: true }));
} else {
console.log("retval is undefined!");
}
}
});

Interceptor.replace(ptr(func_addr), new NativeCallback(function () {
    console.log("Function HOOK!");
    return;
}, 'void', []));

}

//通过类名调用方法
setTimeout(() => {
const myAlertClass = ObjC.classes.MyAlert;
if (myAlertClass) {
const getTimeMethod = myAlertClass['- getTime'];
if (getTimeMethod) {
const myAlertInstance = myAlertClass.alloc().init();
getTimeMethod.call(myAlertInstance);
console.log('getTime called successfully!');
} else {
console.log('getTime method not found!');
}
} else {
console.log('MyAlert class not found!');
}
},);

更多【iOS安全-Frida 通过模块+偏移hook 与调用类方法新手学习】相关视频教程：www.yxfzedu.com

iOS安全-Frida 通过模块+偏移hook 与调用类方法新手学习

相关文章推荐

友情链接

课程目录

技术交流QQ群

iOS安全-Frida 通过模块+偏移hook 与调用类方法 新手学习

相关文章推荐

友情链接

课程目录

技术交流QQ群

iOS安全-Frida 通过模块+偏移hook 与调用类方法新手学习