function hook_RegisterNatives() {
var symbols
=
Process.getModuleByName(
"libart.so"
).enumerateSymbols();
var RegisterNatives_addr
=
null;
for
(let i
=
0
; i < symbols.length; i
+
+
) {
var symbol
=
symbols[i];
if
(symbol.name.indexOf(
"CheckJNI"
)
=
=
-
1
&&
symbol.name.indexOf(
"RegisterNatives"
) !
=
-
1
) {
RegisterNatives_addr
=
symbol.address;
}
}
console.log(
"RegisterNatives_addr: "
, RegisterNatives_addr);
Interceptor.attach(RegisterNatives_addr, {
onEnter: function (args) {
var env
=
Java.vm.tryGetEnv();
var className
=
env.getClassName(args[
1
]);
var methodCount
=
args[
3
].toInt32();
for
(let i
=
0
; i < methodCount; i
+
+
) {
var methodName
=
args[
2
].add(Process.pointerSize
*
3
*
i).readPointer().readCString();
var signature
=
args[
2
].add(Process.pointerSize
*
3
*
i).add(Process.pointerSize).readPointer().readCString();
var fnPtr
=
args[
2
].add(Process.pointerSize
*
3
*
i).add(Process.pointerSize
*
2
).readPointer();
var module
=
Process.findModuleByAddress(fnPtr);
console.log(className, methodName, signature, fnPtr, module.name, fnPtr.sub(module.base));
}
}, onLeave: function (retval) {}
});
}