Frida是一套面向开发人员、逆向工程师和安全研究人员的动态检测工具包。适用于 Windows、macOS、GNU/Linux、iOS、Android 和 QNX。

我主要用在Android上，本文以调试安卓为例子。

1、下载 python3.7

​​​​​​https://www.python.org/ftp/python/3.7.2/python-3.7.2-amd64.exe
 

2、执行python命令安装frida工具集

python3.7

pip3 -V 
python -m pip install --upgrade pip

pip install wheel
pip install frida
pip install frida-tools

Successfully built frida
Installing collected packages: frida
Successfully installed frida-15.1.17

3、查看frida版本

frida --version
15.1.17

4、下载对应的frida版本15.1.17的安卓arm包

https://github.com/frida/frida/releases

https://github.com/frida/frida/releases/download/15.1.17/frida-server-15.1.17-android-arm.xz
https://github.com/frida/frida/releases/download/15.1.17/frida-server-15.1.17-android-arm64.xz

5、frida测试代码框架，主文件hook.py

import frida,sys

# 获取模拟器或者手机上已连接的设备
device = frida.get_remote_device()
#print(device)


# 获取device上的所有app
#applications = device.enumerate_applications()


#for application in applications:
#   print(application)

   
# 附加到应用  com.target.demo

session = device.attach("demo")


jsScript = """

    console.log('this is inject javascript code')

"""

# 加载Javascript代码

#script = session.create_script(jsScript)

#file = open("hook.js",mode='r',encoding='UTF-8')
#jsScript = file.read()


# 加载Javascript代码
script = session.create_script(jsScript)


# 执行

script.load()

6、hook.py加载外部的hook.js

// 程序入口

Java.perform(function() 
{
    // 获取类
    var clazz = Java.use("com.unity3d.player.UnityPlayerActivity");
    // 获取类中所有函数
    var methods = clazz.class.getDeclaredMethods();

    console.log("have method count:"+methods.length);
	var i=0
    if(methods.length > 0){
        //遍历函数名
        methods.forEach(function(method){
			i = i+1
            console.log(i+":"+method);
        });
    }

});

7、执行命令

adb forward tcp:27042 tcp:27042

adb forward tcp:27043 tcp:27043

python hook.py