Frida JAVA API 文檔

Java

Java.available:

a boolean specifying whether the current process has the a Java VM loaded, i.e. Dalvik or ART. Do not invoke any other Java properties or methods unless this is the case.

Java.enumerateLoadedClasses(callbacks)

enumerate classes loaded right now, where callbacks is an object specifying:
onMatch: function (className): called for each loaded class with className that may be passed to use() to get a JavaScript wrapper.

onComplete: function (): called when all classes have been enumerated.

Java.enumerateLoadedClassesSync(): synchronous version of enumerateLoadedClasses() that returns the class names in an array.

Java.perform(fn): ensure that the current thread is attached to the VM and call fn. (This isn’t necessary in callbacks from Java.)

Java.perform(function () {
    var Activity = Java.use("android.app.Activity");
    Activity.onResume.implementation = function () {
        send("onResume() got called! Let's call the original implementation");
        this.onResume();
    };
});

Java.use(className)

dynamically get a JavaScript wrapper for className that you can instantiate objects from by calling $new() on it to invoke a constructor. Call $dispose() on an instance to clean it up explicitly (or wait for the JavaScript object to get garbage-collected, or script to get unloaded). Static and non-static methods are available, and you can even replace a method implementation and throw an exception from it:

Java.perform(function () {
    var Activity = Java.use("android.app.Activity");
    var Exception = Java.use("java.lang.Exception");
    Activity.onResume.implementation = function () {
        throw Exception.$new("Oh noes!");
    };
});

Java.scheduleOnMainThread(fn):

run fn on the main thread of the VM.

Java.choose(className, callbacks):

enumerate live instances of the className class by scanning the Java heap, where callbacks is an object specifying:

onMatch: function (instance): called once for each live instance found with a ready-to-use instance just as if you would have called Java.cast() with a raw handle to this particular instance.

This function may return the string stop to cancel the enumeration early.

onComplete: function (): called when all instances have been enumerated

Java.cast(handle, klass):

create a JavaScript wrapper given the existing instance at handle of given class klass (as returned from Java.use()). Such a wrapper also has a class property for getting a wrapper for its class, and a $className property for getting a string representation of its class-name.

var Activity = Java.use("android.app.Activity");
var activity = Java.cast(ptr("0x1234"), Activity);

WeakRef

WeakRef.bind(value, fn): monitor value and call the fn callback as soon as value has been garbage-collected, or the script is about to get unloaded. Returns an id that you can pass to WeakRef.unbind() for explicit cleanup.
This API is useful if you’re building a language-binding, where you need to free native resources when a JS value is no longer needed.
WeakRef.unbind(id): stop monitoring the value passed to WeakRef.bind(value, fn), and call the fn callback immediately.

最后編輯于
?著作權歸作者所有,轉載或內容合作請聯系作者
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發布,文章內容僅代表作者本人觀點,簡書系信息發布平臺,僅提供信息存儲服務。

推薦閱讀更多精彩內容

  • rljs by sennchi Timeline of History Part One The Cognitiv...
    sennchi閱讀 7,449評論 0 10
  • 眼睛?
    唔不曉得閱讀 163評論 0 0
  • 世間所有的愛都有一個期限,所以現實中如果如果一段愛情不幸夭折,總要有人去將原本的期限給續上。你信嗎? 1. 如果你...
    靈魂早已不見閱讀 281評論 0 1
  • 過去之所以成為過去是因為過不去 未來之所以稱作未來是因為沒有來 回不去,來不了
    忘川清淺閱讀 847評論 0 7
  • 你有愛過一個人愛到差點要瘋掉嗎?那是怎樣的一種迷亂而不自知的狀態,隨時走在崩潰的邊緣。終究還是沒有瘋掉。回望時,頓...
    木頭不懂閱讀 199評論 0 0