简要说明:
将定义为std::string ArtMethod::PrettyMethod(ArtMethod* m, bool with_signature)的方法
通过NativeFunction绑定,将返回值设为单个pointer,尝试读取对应的string内容
发现对返回的pointer分步读取(即打印readPointer结果)的值会产生变化
伪代码示意
可以正常获取function_name,解构方式
let std_results: NativePointer = PrettyMethod_func(art_method_ptr, 1);
let PrettyMethod_func = new NativeFunction(PrettyMethod_ptr, "pointer", ["pointer", "bool"]);
let [ptr1, ptr2, ptr3] = [std_results.readU64(), std_results.add(Process.pointerSize).readU64(), std_results.add(Process.pointerSize * 2).readU64()]
let std_string_ptr = Memory.alloc(Process.pointerSize * 3);
std_string_ptr.writeU64(ptr1);
std_string_ptr.add(Process.pointerSize * 1).writeU64(ptr2);
std_string_ptr.add(Process.pointerSize * 2).writeU64(ptr3);
let function_name = readStdString(std_string_ptr);无法正常获取function_name,直接获取方式
let std_results: NativePointer = PrettyMethod_func(art_method_ptr, 1);
let PrettyMethod_func = new NativeFunction(PrettyMethod_ptr, "pointer", ["pointer", "bool"]);
let std_string_ptr = Memory.alloc(Process.pointerSize * 3);
std_string_ptr.writeU64(std_results.readU64());
std_string_ptr.add(Process.pointerSize * 1).writeU64(std_results.add(Process.pointerSize).readU64());
std_string_ptr.add(Process.pointerSize * 2).writeU64(std_results.add(Process.pointerSize * 2).readU64());
let function_name = readStdString(std_string_ptr);经过测试发现,如果分步对std_results进行了readxx/readPointer的操作,那么其结果会变化