frida hook android system_server 报告错误:期望一个指针

Posted

技术标签:

【中文标题】frida hook android system_server 报告错误:期望一个指针【英文标题】:frida hook android system_server report Error: expected a pointer 【发布时间】:2021-06-18 00:08:53 【问题描述】:

我正在尝试在 linux 上挂接 android11 system_server。 frida 版本是 14.2.13。

脚本如下:

Java.perform(function () 
    var clazz = Java.use("com.android.server.policy.PhoneWindowManager")
    var func = "powerPress"
    console.log(func)
    clazz[func].implementation = function (arg1,arg2,arg3) 
        console.log("Enter " + func + " " + arg1,arg2,arg3)
        this[func](arg1,arg2,arg3)
    
  
)

启动frida的命令:

$ frida -U -l script.js -p $(adb shell pidof system_server)
     ____
    / _  |   Frida 14.2.13 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://www.frida.re/docs/home/
Attaching...                                                            
powerPress
Error: expected a pointer
    at value (frida/runtime/core.js:170)
    at yt (frida/node_modules/frida-java-bridge/lib/android.js:889)
    at activate (frida/node_modules/frida-java-bridge/lib/android.js:970)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/android.js:745)
    at forEach (native)
    at St (frida/node_modules/frida-java-bridge/lib/android.js:746)
    at Et (frida/node_modules/frida-java-bridge/lib/android.js:737)
    at vt (frida/node_modules/frida-java-bridge/lib/android.js:696)
    at replace (frida/node_modules/frida-java-bridge/lib/android.js:1021)
    at set (frida/node_modules/frida-java-bridge/lib/class-factory.js:1010)
    at set (frida/node_modules/frida-java-bridge/lib/class-factory.js:925)
    at <anonymous> (/script.js:4)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:16)
    at _performPendingVmOps (frida/node_modules/frida-java-bridge/index.js:238)
    at <anonymous> (frida/node_modules/frida-java-bridge/index.js:213)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:16)
    at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:232)
    at perform (frida/node_modules/frida-java-bridge/index.js:192)
    at <eval> (/script.js:10)
[device]-> Enter powerPress 44442 true 1
Enter powerPress 46290 true 1
Enter powerPress 52580 true 1
Enter powerPress 53910 true 1

钩子看起来像工作,但发生异常!

【问题讨论】:

我以前从未见过您在 Frida 中访问像数组这样的方法。通常,您将clazz.func.implementation 用于非重载方法。对于调用原始方法,我也更喜欢clazz.func.call(this,arg1,arg2,arg3)。不确定这对问题有影响。 @Robert 谢谢,试试看还是一样! 【参考方案1】:

这不是通常挂钩函数的方式,请查看官方文档 https://frida.re/docs/android/ 试试这个

Java.perform(function () 
    Java.Use("com.android.server.policy.PhoneWindowManager").powerPress.overload().implementation = function(arg1, arg2, arg3)
        console.log("Enter Powerpress :" + arg1,arg2,arg3);
        Java.Use("com.android.server.policy.PhoneWindowManager").powerPress.overload().call(this, arg1,arg2,arg3);
    
  
)

猜测您正在传递参数,您需要指定每个参数的类型并将其传递给重载函数启动脚本它会给您一个错误并在调用行和实现上复制粘贴正确的函数重载线

【讨论】:

谢谢,你的建议还是不行! @lucky1928 抱歉弄错了,我已经修复了,现在应该可以使用了

以上是关于frida hook android system_server 报告错误:期望一个指针的主要内容,如果未能解决你的问题,请参考以下文章

Android Hook工具之Frida 安装配置教程

Android Hook工具之Frida 安装配置教程

Android hook神器frida

安装使用Frida在Android上进行hook

frida 微信 hook 示例

frida 如何hook 多进程