如何访问对象的字段
[英]How to access object's fields
问题描述
I am able to hook method on android app using frida:
我可以使用 frida 在 android 应用程序上挂钩方法:
Java.perform(function () {
var targetClass = Java.use("X.0kI");
targetClass.getDoneValue.overload('java.lang.Object').implementation = function (object) {
var retval = this.getDoneValue(object);
console.log('return: ' + retval);
console.log('return: classname: ' + retval.$className);
console.log('return: success: ' + retval.success);
console.log('return: resultDataBundle: ' + retval.resultDataBundle);
console.log('return: toString(): ' + retval.toString());
};
})
This code prvides following log:此代码提供以下日志:
return: OperationResult success=true, resultDataString=, resultDataBundle=Bundle[{result=com.testapp.account.recovery.common.protocol.TestMethod$Result@a0a6954, resultType=1}], errorCode=NO_ERROR, errorDescription=, exception=
return: classname: com.testapp.service.OperationResult
return: success: undefined
return: resultDataBundle: undefined
return: toString(): OperationResult success=true, resultDataString=, resultDataBundle=Bundle[{result=com.testapp.account.recovery.common.protocol.TestMethod$Result@a0a6954, resultType=1}], errorCode=NO_ERROR, errorDescription=, exception=
Why retval.success and retval.resultDataBundle are undefined despite the log from first and last lines?尽管有第一行和最后一行的日志,为什么retval.success和retval.resultDataBundle是undefined的?
Or maybe there is another way to access those fields?或者也许有另一种方法来访问这些字段?
I also tried using Java.cast :我也尝试使用Java.cast :
var OperationResult = Java.use('com.testapp.service.OperationResult');
if (retval.$className === 'com.testapp.service.OperationResult') {
var result = Java.cast(retval, OperationResult);
console.log('result: success: ' + result.success);
console.log('result: resultDataBundle: ' + result.resultDataBundle);
}
with log:与日志:
result: success: [object Object]
result: resultDataBundle: [object Object]
JSON.stringify() gives {} instead of [object Object] JSON.stringify()给出{}而不是[object Object]
Also tired Java.choose() with pretty much same undefined results.也累了Java.choose()几乎相同的undefined结果。
How should I properly access Java objects's fields using Frida?我应该如何使用 Frida 正确访问 Java 对象的字段?
*EDIT *编辑
Class description using Object.getOwnPropertyNames(jClass.__proto__) :使用Object.getOwnPropertyNames(jClass.__proto__)类描述:
_name: com.testapp.service.OperationResult
_fields:
public android.os.Bundle com.testapp.service.OperationResult.resultDataBundle
public boolean com.testapp.service.OperationResult.success
1 个解决方案
解决方案1
2 已采纳 2020-02-21 11:26:18
转换后使用.value访问成员的值。
console.log(success.value)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.