一 目标
目标:了解一下frida ios下函数调用栈的打印
阅读时间:1分钟
二 打印堆栈
var getSecurityFactors = ObjC.classes.TBSDkSignUtility['+ getSecurityFactors:withApiName:withApiVersion:withProtocolParam:withBizParam:withHttpHeader:withUseWua:withRequestId:withInstanceId:'];
console.log('=>',getSecurityFactors)
var getSecurityFactors = getSecurityFactors.implementation
console.log('内存地址=>',getSecurityFactors)
Interceptor.attach(getSecurityFactors,{
onEnter:function (args){
// 这里FUZZY和ACCURAT可以切换着使用,在不同场景下,打印堆栈各有千秋
// ACCURATE更准一些,但是FUZZY可以在任意二进制文件中打印
console.log('Thread.backtrace = >',Thread.backtrace(this.context,Backtracer.ACCURATE))
// 会把调用地址输出
// 0x104ce793c,0x104ce6e48,0x104ce6a84,0x104cd8618,0x18e555298,0x18e556280,0x18e508254,0x18e5088e4,0x1d4200568,0x1d4203874,0x18e508868
// 我们可以利用DebugSymbol.fromAddress 来获取符号信息
console.log('DebugSymbol.fromAddress = >',DebugSymbol.fromAddress(ptr('0x1d4200568')))
console.log('DebugSymbol.fromAddress = >',DebugSymbol.fromAddress(ptr('0x1d4203874')))
// 连起来用就是
console.log(Thread.backtrace(this.context,Backtracer.FUZZY).map(DebugSymbol.fromAddress).join('\n')+'\n')
},
onLeave:function (retval){
console.log("hook onLeave")
}
})