# 



# 安卓逆向笔记

## Frida

#### 打印堆栈：

```javascript
function showStacks() {
        console.log(
            Java.use("android.util.Log")
                .getStackTraceString(
                    Java.use("java.lang.Throwable").$new()
                )
        );
    }
```

#### 枚举加载的所有类：

```javascript
    var e=Java.enumerateLoadedClassesSync();
    for (var i = 0; i < e.length; i++) {
        console.log(e[i]);
    }
```

#### HOOK Intent：

```javascript
var Intent = Java.use("android.content.Intent");

    Intent.$init.overload('android.content.Context', 'java.lang.Class').implementation = function (context, cls) {
        console.log("Intent(context, cls) called with context: " + context + " and class: " + cls);
        return this.$init(context, cls);
    };

    Intent.$init.overload('java.lang.String').implementation = function (action) {
        console.log("Intent(action) called with action: " + action);
        return this.$init(action);
    };

    Intent.$init.overload('java.lang.String', 'android.net.Uri').implementation = function (action, uri) {
        console.log("Intent(action, uri) called with action: " + action + " and uri: " + uri);
        return this.$init(action, uri);
    };
```

#### 基于Trace枚举的关键类定位方式

搜索包含包名的类：

```
android hooking search classes com.cosmos.tools
```

打印出的类粘贴到文本文件中，每条类名前加上`android hooking watch class`