frida hook android system_server 报告错误：期望一个指针答案

【问题标题】：frida hook android system_server report Error: expected a pointerfrida hook android system_server 报告错误：期望一个指针
【发布时间】：2021-06-18 00:08:53
【问题描述】：

我正在尝试在 linux 上挂接 android11 system_server。 frida 版本是 14.2.13。

脚本如下：

Java.perform(function () {
    var clazz = Java.use("com.android.server.policy.PhoneWindowManager")
    var func = "powerPress"
    console.log(func)
    clazz[func].implementation = function (arg1,arg2,arg3) {
        console.log("Enter " + func + " " + arg1,arg2,arg3)
        this[func](arg1,arg2,arg3)
    }
  }
)

启动frida的命令：

$ frida -U -l script.js -p $(adb shell pidof system_server)
     ____
    / _  |   Frida 14.2.13 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://www.frida.re/docs/home/
Attaching...                                                            
powerPress
Error: expected a pointer
    at value (frida/runtime/core.js:170)
    at yt (frida/node_modules/frida-java-bridge/lib/android.js:889)
    at activate (frida/node_modules/frida-java-bridge/lib/android.js:970)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/android.js:745)
    at forEach (native)
    at St (frida/node_modules/frida-java-bridge/lib/android.js:746)
    at Et (frida/node_modules/frida-java-bridge/lib/android.js:737)
    at vt (frida/node_modules/frida-java-bridge/lib/android.js:696)
    at replace (frida/node_modules/frida-java-bridge/lib/android.js:1021)
    at set (frida/node_modules/frida-java-bridge/lib/class-factory.js:1010)
    at set (frida/node_modules/frida-java-bridge/lib/class-factory.js:925)
    at <anonymous> (/script.js:4)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:16)
    at _performPendingVmOps (frida/node_modules/frida-java-bridge/index.js:238)
    at <anonymous> (frida/node_modules/frida-java-bridge/index.js:213)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:16)
    at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:232)
    at perform (frida/node_modules/frida-java-bridge/index.js:192)
    at <eval> (/script.js:10)
[device]-> Enter powerPress 44442 true 1
Enter powerPress 46290 true 1
Enter powerPress 52580 true 1
Enter powerPress 53910 true 1

钩子看起来像工作，但发生异常！

【问题讨论】：

我以前从未见过您在 Frida 中访问像数组这样的方法。通常，您将clazz.func.implementation 用于非重载方法。对于调用原始方法，我也更喜欢clazz.func.call(this,arg1,arg2,arg3)。不确定这对问题有影响。
@Robert 谢谢，试试看还是一样！

标签： android frida

【解决方案1】：

这不是通常挂钩函数的方式，请查看官方文档 https://frida.re/docs/android/ 试试这个

Java.perform(function () {
    Java.Use("com.android.server.policy.PhoneWindowManager").powerPress.overload().implementation = function(arg1, arg2, arg3){
        console.log("Enter Powerpress :" + arg1,arg2,arg3);
        Java.Use("com.android.server.policy.PhoneWindowManager").powerPress.overload().call(this, arg1,arg2,arg3);
    
  }
)

猜测您正在传递参数，您需要指定每个参数的类型并将其传递给重载函数启动脚本它会给您一个错误并在调用行和实现上复制粘贴正确的函数重载线

【讨论】：

谢谢，你的建议还是不行！
@lucky1928 抱歉弄错了，我已经修复了，现在应该可以使用了