alex-frida/agent/HookImpl.js

import {logHHex} from "./logger";
import {SoName} from "./config";


export let HookImpl = {

    start: function () {
        let module = Process.findModuleByName(SoName);
        // Interceptor.attach(module.base.add(0x6A65EC), {
        //     onEnter: function (args) {
        //         var pointer = args[0];
        //
        //         pointer.add(0x18).writeU32(100);
        //         //101
        //         console.log("pointer " + pointer)
        //         logHHex(pointer)
        //         this.ptr =pointer;
        //     },
        //     onLeave: function (ret) {
        //         console.log("level");
        //         logHHex(this.ptr)
        //         return ret;
        //     }
        //     //32
        // })
       setTimeout(function (){

           let globalHead = module.base.add(0x9AD338).readPointer();
           logHHex(globalHead);
           let metadataReg = module.base.add(0x9AD308).readPointer();
           let injectso = Module.load("/data/data/com.DefaultCompany.Demo1/files/libil2cppdumper.so");
           let nativePointer1 = injectso.findExportByName("_ZN12Il2CppDumper5startEPvS0_S0_S0_");
           console.log("my so inject addr "+nativePointer1)
           let startFun =
               new NativeFunction(nativePointer1,"void",['pointer','pointer','pointer','pointer']);
           let il2cpp = Process.findModuleByName(SoName);
           startFun(il2cpp.base,globalHead,metadataReg,ptr(0x0));

       },2000);
    }
}