Native开发与逆向第三篇 - hook JNI函数NewStringUTF

示例代码参考第一篇

jstring xxaa(JNIEnv *env, jobject instance) {
    std::string hello = "Hello from C++ , 这是动态注册";
    return env->NewStringUTF(hello.c_str());
}

目标是hook NewStringUTF 打印字符串。

hook 代码：

function hook_jni_2(){
    var symbols = Process.getModuleByName("libart.so").enumerateSymbols();
    var addr_GetStringUTFChars = NULL;
    for (var index = 0; index < symbols.length; index++) {
     const symbols_one = symbols[index];
     if (symbols_one.name.indexOf("art") >= 0){
         if (symbols_one.name.indexOf("checkJNI") == -1 && symbols_one.name.indexOf("NewStringUTF")>= 0){
             console.log("NewStringUTF ",JSON.stringify(symbols_one));
             addr_GetStringUTFChars = symbols_one.address;
             console.log("NewStringUTF address = " + addr_GetStringUTFChars); 
             break
         }
     }    
    }
    Interceptor.attach(addr_GetStringUTFChars,{
     onEnter:function(args){
         var env = args[0];
         var param1 = args[1];
         console.log("env :",env,"param1 ", ptr(param1).readCString());
     },onLeave:function (retval) {
         console.log("addr_NewStringUTF retval :", Java.vm.getEnv().getStringUtfChars(retval, null).readCString());
     }
    })
}
setImmediate(hook_jni_2);

运行打印结果：参数和返回值都正常打印出来字符串。
[Pixel 3a::com.mycode.nativehello ]-> env : 0x7d44041250 param1 Hello from C++ , 这是动态注册
addr_NewStringUTF retval : Hello from C++ , 这是动态注册