From 17d00e4d87a3ed7ac422925051d385ac2642d37f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=98=BF=E7=A2=A7?= <zhiximc@foxmail.com>
Date: Wed, 29 Sep 2021 03:00:30 +0800
Subject: [PATCH] =?UTF-8?q?Hooker=E6=A8=A1=E5=9D=97=E5=AE=8C=E6=88=90=20?=
 =?UTF-8?q?=E6=9C=AAdebug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 BridgeScript/BridgeScript.js | 13 ++++++++++++-
 Emulator/dvm/Jni.py          |  3 ---
 Emulator/hooks/Hooker.py     | 18 +++++++++++++++++-
 Emulator/hooks/JniHooks.py   | 10 ++++++++++
 4 files changed, 39 insertions(+), 5 deletions(-)
 delete mode 100644 Emulator/dvm/Jni.py
 create mode 100644 Emulator/hooks/JniHooks.py

diff --git a/BridgeScript/BridgeScript.js b/BridgeScript/BridgeScript.js
index 71b3c53..0dfb14b 100644
--- a/BridgeScript/BridgeScript.js
+++ b/BridgeScript/BridgeScript.js
@@ -1,3 +1,14 @@
 rpc.exports = {
-
+    callNativeFunc(soName, exportName, argsTypeArr, retType, args) {
+        var funcAddr = Module.findExportByName(soName, exportName)
+        var nativeFunc = new NativeFunction(funcAddr, retType, argsTypeArr);
+        return nativeFunc.apply(null, args)
+    },
+    callJniEnvFunc(funcName, args) {
+        return Java.vm.tryGetEnv()[funcName].apply(null, args)
+    },
+    testfunc(soName, exportName) {
+        var funcAddr = Module.findExportByName(soName, exportName)
+        return funcAddr
+    }
 }
\ No newline at end of file
diff --git a/Emulator/dvm/Jni.py b/Emulator/dvm/Jni.py
deleted file mode 100644
index f3b23d9..0000000
--- a/Emulator/dvm/Jni.py
+++ /dev/null
@@ -1,3 +0,0 @@
-class Jni:
-    def __init__(self):
-        pass
diff --git a/Emulator/hooks/Hooker.py b/Emulator/hooks/Hooker.py
index 63cbc5f..c3ff807 100644
--- a/Emulator/hooks/Hooker.py
+++ b/Emulator/hooks/Hooker.py
@@ -14,10 +14,26 @@ def write_function(self, func):
         asm_bytes_list, asm_count = self.emulator.keystone.asm(bytes(asm, encoding='ascii'))
         if asm_count != 2:
             raise ValueError("Expected asm_count to be 2 instead of %u." % asm_count)
+        func_addr = self.hooker_area_base
         self.emulator.mu.mem_write(self.hooker_area_base, bytes(asm_bytes_list))
         self.hooker_area_base += len(asm_bytes_list)
         self.hookMaps[hookId] = func
-        pass
+        return func_addr
+
+    def write_function_table(self, struct_table):
+        PointSize = self.emulator.getPointSize()
+        tab_len = max(struct_table.keys()) + 1
+        struct_table_bytes = b""
+        struct_table_addr = self.hooker_area_base
+        for index in range(0, tab_len):
+            addr = self.write_function(struct_table[index]) if index in struct_table else 0
+            struct_table_bytes += int(addr).to_bytes(PointSize, byteorder='little')
+        self.emulator.mu.mem_write(struct_table_addr, struct_table_bytes)
+        self.hooker_area_base += len(struct_table_bytes)
+        ptr_struct_table_addr = self.hooker_area_base
+        self.emulator.mu.mem_write(ptr_struct_table_addr, struct_table_addr.to_bytes(PointSize, byteorder='little'))
+        self.hooker_area_base += PointSize
+        return ptr_struct_table_addr, struct_table_addr
 
     def findMinHookId(self):
         hookId = 0xFF00
diff --git a/Emulator/hooks/JniHooks.py b/Emulator/hooks/JniHooks.py
new file mode 100644
index 0000000..3d2a30b
--- /dev/null
+++ b/Emulator/hooks/JniHooks.py
@@ -0,0 +1,10 @@
+class JniHooks:
+    # https://docs.oracle.com/javase/7/docs/technotes/guides/jni/spec/jniTOC.html
+    def __init__(self):
+        pass
+
+    def getJniEnv(self):
+        pass
+
+    def getJavaVM(self):
+        pass