Hooker模块完成未debug

Abbbbbi · Sep 28, 2021 · 17d00e4 · 17d00e4
1 parent 0dfefb0
commit 17d00e4
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 5 deletions.
diff --git a/BridgeScript/BridgeScript.js b/BridgeScript/BridgeScript.js
@@ -1,3 +1,14 @@
 rpc.exports = {
-
+    callNativeFunc(soName, exportName, argsTypeArr, retType, args) {
+        var funcAddr = Module.findExportByName(soName, exportName)
+        var nativeFunc = new NativeFunction(funcAddr, retType, argsTypeArr);
+        return nativeFunc.apply(null, args)
+    },
+    callJniEnvFunc(funcName, args) {
+        return Java.vm.tryGetEnv()[funcName].apply(null, args)
+    },
+    testfunc(soName, exportName) {
+        var funcAddr = Module.findExportByName(soName, exportName)
+        return funcAddr
+    }
 }
diff --git a/Emulator/dvm/Jni.py b/Emulator/dvm/Jni.py
diff --git a/Emulator/hooks/Hooker.py b/Emulator/hooks/Hooker.py
@@ -14,10 +14,26 @@ def write_function(self, func):
         asm_bytes_list, asm_count = self.emulator.keystone.asm(bytes(asm, encoding='ascii'))
         if asm_count != 2:
             raise ValueError("Expected asm_count to be 2 instead of %u." % asm_count)
+        func_addr = self.hooker_area_base
         self.emulator.mu.mem_write(self.hooker_area_base, bytes(asm_bytes_list))
         self.hooker_area_base += len(asm_bytes_list)
         self.hookMaps[hookId] = func
-        pass
+        return func_addr
+
+    def write_function_table(self, struct_table):
+        PointSize = self.emulator.getPointSize()
+        tab_len = max(struct_table.keys()) + 1
+        struct_table_bytes = b""
+        struct_table_addr = self.hooker_area_base
+        for index in range(0, tab_len):
+            addr = self.write_function(struct_table[index]) if index in struct_table else 0
+            struct_table_bytes += int(addr).to_bytes(PointSize, byteorder='little')
+        self.emulator.mu.mem_write(struct_table_addr, struct_table_bytes)
+        self.hooker_area_base += len(struct_table_bytes)
+        ptr_struct_table_addr = self.hooker_area_base
+        self.emulator.mu.mem_write(ptr_struct_table_addr, struct_table_addr.to_bytes(PointSize, byteorder='little'))
+        self.hooker_area_base += PointSize
+        return ptr_struct_table_addr, struct_table_addr
 
     def findMinHookId(self):
         hookId = 0xFF00

diff --git a/Emulator/hooks/JniHooks.py b/Emulator/hooks/JniHooks.py
@@ -0,0 +1,10 @@
+class JniHooks:
+    # https://docs.oracle.com/javase/7/docs/technotes/guides/jni/spec/jniTOC.html
+    def __init__(self):
+        pass
+
+    def getJniEnv(self):
+        pass
+
+    def getJavaVM(self):
+        pass