SeeFlowerX · November 23, 2021 03:33
diff --git a/calltest.js b/calltest.js
 let gettid_ptr = Module.getExportByName(null, 'gettid');
 let my_gettid = new NativeFunction(gettid_ptr, 'int', []);
 Interceptor.attach(gettid_ptr, {
    onEnter: function (args) {
        console.log(`ddddhm`);
    }
 });

 let jnienv_addr = Java.vm.getEnv().handle.readPointer();
 let findclass_addr = jnienv_addr.add(6 * Process.pointerSize).readPointer();

 Interceptor.attach(findclass_addr, {
    onEnter: function(args){
        let name = args[1].readUtf8String();
        console.log(`/* TID ${my_gettid()} */ JNIENv->FindClass ${name}`);
        setTimeout(() => {
            Java.vm.tryGetEnv().findClass(name);
        }, 1000);
    }
 });

 setTimeout(() => {
    my_gettid();
 }, 500);

 setTimeout(() => {
    Java.vm.tryGetEnv().findClass("java/lang/String");
 }, 1000);

 // frida -U -n com.android.settings -l calltest.js
	let gettid_ptr = Module.getExportByName(null, 'gettid');
	let my_gettid = new NativeFunction(gettid_ptr, 'int', []);
	Interceptor.attach(gettid_ptr, {
	onEnter: function (args) {
	console.log(`ddddhm`);
	}
	});

	let jnienv_addr = Java.vm.getEnv().handle.readPointer();
	let findclass_addr = jnienv_addr.add(6 * Process.pointerSize).readPointer();

	Interceptor.attach(findclass_addr, {
	onEnter: function(args){
	let name = args[1].readUtf8String();
	console.log(`/* TID ${my_gettid()} */ JNIENv->FindClass ${name}`);
	setTimeout(() => {
	Java.vm.tryGetEnv().findClass(name);
	}, 1000);
	}
	});

	setTimeout(() => {
	my_gettid();
	}, 500);

	setTimeout(() => {
	Java.vm.tryGetEnv().findClass("java/lang/String");
	}, 1000);

	// frida -U -n com.android.settings -l calltest.js