enum枚举类
- 概述
- Frida去hook安卓中Java的enum枚举的类
- Frida去hook enum类,就像正常hook java的类一样
- 注意:
- 有个额外的
.values()函数,需要时可以用起来
- 有个额外的
- 注意:
- Frida去hook enum类,就像正常hook java的类一样
- Frida去hook安卓中Java的enum枚举的类
举例
Java的枚举类:
xxx_v250861_JEB/anjp.java
public enum anjp implements fjgu {
BASE_CLIENT_ID(1),
SEARCH_CLIENT_ID(2),
VOICESEARCH_CLIENT_ID(3),
MAPS_CLIENT_ID(4),
YOUTUBE_CLIENT_ID(5),
MARKET_CLIENT_ID(6),
SHOPPER_CLIENT_ID(7),
WALLET_CLIENT_ID(8),
CHROME_CLIENT_ID(9),
PLAYTX_CLIENT_ID(10),
PLAYAX_CLIENT_ID(11),
PROGRAM_CLIENT_ID(12);
public final int m;
private anjp(int v1) {
this.m = v1;
}
@Override // fjgu
public final int a() {
return this.m;
}
@Override
public final String toString() {
return Integer.toString(this.m);
}
}
hook代码:
static anjp() {
var clsName_anjp = "anjp"
// FridaAndroidUtil.printClassAllMethodsFields(clsName_anjp)
var cls_anjp = Java.use(clsName_anjp)
console.log("cls_anjp=" + cls_anjp)
// private anjp(int v1) {
//
var func_anjp_ctor = cls_anjp.$init
console.log("func_anjp_ctor=" + func_anjp_ctor)
if (func_anjp_ctor) {
func_anjp_ctor.implementation = function (v1) {
var funcName = "anjp"
var funcParaDict = {
"v1": v1,
}
FridaAndroidUtil.printFunctionCallAndStack(funcName, funcParaDict)
var newAnjp = this.$init(v1)
console.log(funcName + " => newAnjp=" + newAnjp)
return newAnjp
}
}
...
}
日志:
================================ anjp.toString ================================
anjp.toString:
anjp.toString java Stack:
anjp.toString(Native Method)
at enls.y(Native Method)
at enls.get(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):8)
at enls.get(Native Method)
at ankb.a(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):1064)
at ankb.a(Native Method)
at fosv.d(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):10)
at fosv.d(Native Method)
at fosv.a(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):7)
at fosv.a(Native Method)
at ankf.a(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):67)
at ankf.a(Native Method)
at fosv.d(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):10)
at fosv.d(Native Method)
at fosv.a(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):7)
at fosv.a(Native Method)
at anmg.<init>(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):9)
at anmg.<init>(Native Method)
at anmi.a(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):175)
at anmi.a(Native Method)
at fosv.d(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):10)
at fosv.d(Native Method)
at fosv.a(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):7)
at fosv.a(Native Method)
at anmh.b(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):1)
at anfl.a(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):567)
at anfl.a(Native Method)
at angv.a(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):850)
at angv.a(Native Method)
at com.google.android.xxx.checkin.CheckinIntentOperation.onHandleIntent(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):35)
at com.google.android.chimera.IntentOperation.onHandleIntent(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):2)
at ansx.onHandleIntent(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):8)
at rli.run(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):70)
at rlh.run(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):152)
at eksg.run(:com.google.android.xxx@250861022@25.08.61 (150400-731857739):21)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)
anjp.toString => retString=1
...
然后其中有个额外特殊的情况:
- enum,自带有个函数:
.values()- 此处
public static anjp[] anjp.values()- 可以用于获取值的列表
- 需要时可以去调用
- 可以用于获取值的列表
- 此处