1.环境
1.手机运行服务端
2. 电脑端运行客户端
3.进行端口转发
adb forward tcp:27042 tcp:27042
adb forward tcp:27043 tcp:27043
2. 测试
λ frida-ps -R
成功的标志:
PID Name
---- ------------------------
717 android.process.acore
9080 cat
1301 com.android.defcontainer
882 com.android.download
557 com.android.ime
647 com.android.launcher2
941 com.android.market
597 com.android.phone
523 com.android.systemui
823 com.android.tools
λ python37 C:\Users\1003441\Desktop\get_front_app.py.py Application(identifier="com.microvirt.launcher2", name="逍遥桌面", pid=647)
get_front_app.py.py
import frida rdev = frida.get_remote_device() front_app = rdev.get_frontmost_application() print (front_app)
λ python37 C:\Users\1003441\Desktop\enum_process.py Process(pid=1, name="init") Process(pid=62, name="ueventd") Process(pid=72, name="flush-8:2") Process(pid=73, name="flush-8:3") Process(pid=74, name="logd") Process(pid=75, name="healthd") Process(pid=76, name="lmkd") Process(pid=77, name="servicemanager") Process(pid=78, name="vold") Process(pid=79, name="surfaceflinger") Process(pid=80, name="flush-8:0") Process(pid=81, name="flush-8:4") Process(pid=82, name="netd") Process(pid=83, name="debuggerd") Process(pid=84, name="rild") Process(pid=85, name="drmserver") Process(pid=86, name="mediaserver") Process(pid=87, name="installd") Process(pid=88, name="keystore")
enum_process.py内容如下:
import frida rdev = frida.get_remote_device() processes = rdev.enumerate_processes() for process in processes: print (process)
import frida rdev = frida.get_remote_device() session = rdev.attach("com.tencent.mm") #如果存在两个一样的进程名可以采用rdev.attach(pid)的方式 modules = session.enumerate_modules() for module in modules: print (module) export_funcs = module.enumerate_exports() print ("\tfunc_name\tRVA") for export_func in export_funcs: print ("\t%s\t%s"%(export_func.name,hex(export_func.relative_address)))
原文:https://www.cnblogs.com/tjp40922/p/11357660.html