某爹的apk逆向过程中,有个类的私有字段wupBuffer想知道是什么值,它本身有toString方法,但没有输出这个字段的值
ToServiceMsg
tostring.png
不废话,直接上代码:
MS.hookClassLoad("com.tencent.qphone.base.remote.ToServiceMsg", new MS.ClassLoadHook() {
public void classLoaded(final Class<?> _class) {
Log.d("cydiahook", "ToServiceMsg classLoaded");
Method method = null;
try {
method = _class.getDeclaredMethod("readFromParcel", Parcel.class);
} catch (NoSuchMethodException e) {
Log.i("cydiahook","hook 方法失败:"+e.toString());
}
if (method != null) {
MS.hookMethod(_class, method, new MS.MethodAlteration() {
public Object invoked(Object _this, Object... args) throws Throwable {
Object obj = invoke(_this, args);
try {
Field appIdField = _class.getDeclaredField("wupBuffer");
appIdField.setAccessible(true);
//get方法要求传入这个类的对象,_this就是了。
byte[] wupBuffer = (byte[]) appIdField.get(_this);
//把byte[] 转换成hex字符串
String wupBufferHex=bytesToHexString(wupBuffer);
Log.i("cydiahook","_this:"+_this.toString()+" wupBuffer:"+wupBufferHex);
}catch (Exception ex){
Log.i("cydiahook","获取字段出错: "+ex.toString());
}
return obj;
}
});
}
}
});
然后logcat中过滤cydiahook就可以看到输出了:
logcat.png
网友评论