chame1eon / jnitrace Goto Github PK

View Code? Open in Web Editor NEW

1.5K 36.0 245.0 726 KB

A Frida based tool that traces usage of the JNI API in Android apps.

License: MIT License

Python 27.47% TypeScript 72.53%

android jni reverse-engineering sre frida tracer jni-api

jnitrace's Introduction

jnitrace

A Frida based tool to trace use of the JNI API in Android apps.

Native libraries contained within Android Apps often make use of the JNI API to utilize the Android Runtime. Tracking those calls through manual reverse engineering can be a slow and painful process. jnitrace works as a dynamic analysis tracing tool similar to frida-trace or strace but for the JNI.

Installation:

The easiest way to get running with jnitrace is to install using pip:

pip install jnitrace

Dependencies:

arm, arm64, x86, or x64 Android device
Frida installed on the Android device
Frida support > 14
Linux, Mac, or Windows Host with Python 3 and pip

Running:

After a pip install it is easy to run jnitrace:

jnitrace -l libnative-lib.so com.example.myapplication

jnitrace requires a minimum of two parameters to run a trace:

-l libnative-lib.so - is used to specify the libraries to trace. This argument can be used multiple times or * can be used to track all libraries. For example, -l libnative-lib.so -l libanother-lib.so or -l *.
com.example.myapplication - is the Android package to trace. This package must already be installed on the device.

Optional arguments are listed below:

-R <host>:<port> - is used to specify the network location of the remote Frida server. If a : is unspecified, localhost:27042 is used by deafult.
-m <spawn|attach> - is used to specify the Frida attach mechanism to use. It can either be spawn or attach. Spawn is the default and recommended option.
-b <fuzzy|accurate|none> - is used to control backtrace output. By default jnitrace will run the backtracer in accurate mode. This option can be changed to fuzzy mode or used to stop the backtrace by using the none option. See the Frida docs for an explanation on the differences.
-i <regex> - is used to specify the method names that should be traced. This can be helpful for reducing the noise in particularly large JNI apps. The option can be supplied multiple times. For example, -i Get -i RegisterNatives would include only JNI methods that contain Get or RegisterNatives in their name.
-e <regex> - is used to specify the method names that should be ignored in the trace. This can be helpful for reducing the noise in particularly large JNI apps. The option can be supplied multiple times. For example, -e ^Find -e GetEnv would exclude from the results all JNI method names that begin Find or contain GetEnv.
-I <string> - is used to specify the exports from a library that should be traced. This is useful for libraries where you only want to trace a small number of methods. The functions jnitrace considers exported are any functions that are directly callable from the Java side, as such, that includes methods bound using RegisterNatives. The option can be supplied multiple times. For example, -I stringFromJNI -I nativeMethod([B)V could be used to include an export from the library called Java_com_nativetest_MainActivity_stringFromJNI and a method bound using RegisterNames with the signature of nativeMethod([B)V.
-E <string> is used to specify the exports from a library that should not be traced. This is useful for libraries where you have a group of busy native calls that you want to ignore. The functions jnitrace considers exported are any functions that are directly callable from the Java side, as such, that includes methods bound using RegisterNatives. The option can be supplied multiple times. For example, -E JNI_OnLoad -E nativeMethod would exclude from the trace the JNI_OnLoad function call and any methods with the name nativeMethod.
-o path/output.json - is used to specify an output path where jnitrace will store all traced data. The information is stored in JSON format to allow later post-processing of the trace data.
-p path/to/script.js - the path provided is used to load a Frida script into the target process before the jnitrace script has loaded. This can be used for defeating anti-frida or anti-debugging code before jnitrace starts.
-a path/to/script.js - the path provided is used to load Frida script into the target process after jnitrace has been loaded.
--hide-data - used to reduce the quantity of output displayed in the console. This option will hide additional data that is displayed as hexdumps or as string de-references.
--ignore-env - using this option will hide all calls the app is making using the JNIEnv struct.
--ignore-vm - using this option will hide all calls the app is making using the JavaVM struct.
--aux <name=(string|bool|int)value> - used to pass custom parameters when spawning an application. For example --aux='uid=(int)10' will spawn the application for user 10 instead of default user 0.

Note

Remember frida-server must be running before running jnitrace. If the default instructions for installing frida have been followed, the following command will start the server ready for jnitrace:

adb shell /data/local/tmp/frida-server

API:

The engine that powers jnitrace is available as a separate project. That project allows you to import jnitrace to track individual JNI API calls, in a method familiar to using the Frida Interceptor to attach to functions and addresses.

import { JNIInterceptor } from "jnitrace-engine";

JNIInterceptor.attach("FindClass", {
    onEnter(args) {
        console.log("FindClass method called");
        this.className = Memory.readCString(args[1]);
    },
    onLeave(retval) {
        console.log("\tLoading Class:", this.className);
        console.log("\tClass ID:", retval.get());
    }
});

More information: https://github.com/chame1eon/jnitrace-engine

Building:

Building jnitrace from source requires that node first be installed. After installing node, the following commands need to be run:

npm install
npm run watch

npm run watch will run frida-compile in the background compiling the source to the output file, build/jnitrace.js. jnitrace.py loads from build/jnitrace.js by default, so no other changes are required to run the updates.

Output:

Like frida-trace, output is colored based on the API call thread.

Immediately below the thread ID in the display is the JNI API method name. Method names match exactly with those seen in the jni.h header file.

Subsequent lines contain a list of arguments indicated by a |-. After the |- characters are the argument type followed by the argument value. For jmethods, jfields and jclasses the Java type will be displayed in curly braces. This is dependent on jnitrace having seen the original method, field, or class lookup. For any methods passing buffers, jnitrace will extract the buffers from the arguments and display it as a hexdump below the argument value.

Return values are displayed at the bottom of the list as |= and will not be present for void methods.

If the backtrace is enabled, a Frida backtrace will be displayed below the method call. Please be aware, as per the Frida docs, the fuzzy backtrace is not always accurate and the accurate backtrace may provide limited results.

Details:

The goal of this project was to create a tool that could trace JNI API calls efficiently for most Android applications.

Unfortunately, the simplest approach of attaching to all function pointers in the JNIEnv structure overloads the application. It causes a crash based on the sheer number of function calls made by other unrelated libraries also using the same functions in libart.so.

To deal with that performance barrier, jnitrace creates a shadow JNIEnv that it can supply to libraries it wants to track. That JNIEnv contains a series of function trampolines that bounce the JNI API calls through some custom Frida NativeCallbacks to track the input and output of those functions.

The generic Frida API does a great job of providing a platform to build those function trampolines with minimal effort. However, that simple approach does not work for all of the JNIEnv API. The key problem with tracing all of the methods is the use of variadic arguments in the API. It is not possible to create the NativeCallback for these functions ahead of time, as it is not known beforehand all the different combinations of Java methods that will be called.

The solution is to monitor the process for calls to GetMethodID or GetStaticMethodID, used to look up method identifiers from the runtime. Once jnitrace sees a jmethodID lookup it has a known mapping of ID to method signature. Later, when a JNI Java method call is made, an initial NativeCallback is used to extract the method ID in the call. That method signature is then parsed to extract the method arguments. Once jnitrace has extracted the arguments in the method, it can dynamically create a NativeCallback for that method. That new NativeCallback is returned and a little bit of architecture specific shellcode deals with setting up the stack and registers to allow that call to run successfully. Those NativeCallbacks for specific methods are cached to allow the callback to run more efficiently if a method if called multiple times.

The other place where a simple NativeCallback is not sufficient for extracting the arguments from a method call, is for calls using a va_args pointer as the final argument. In this case jnitrace uses some code to extract the arguments from the pointer provided. Again this is architecture specific.

All data traced in these function calls is sent to the python console application that formats and displays it to the user.

Recommendations:

Most testing of this tool has been done on an Android x86_64 emulator running Marshmallow. Any issues experienced running on another device, please file an issue, but also, if possible, it is recommended to try running on a similar emulator.

Issues:

For any issues experienced running jnitrace please create an issue on GitHub. Please include the following information in the filed issue:

Device you were running on
Version of Frida you were using
Application you were running against
Any displayed error messages

jnitrace's People

Contributors

Stargazers

Watchers

Forkers

crackercat lgq2015 radcet wyu0hop sepyeight androlua killvxk aplus123 xixixi0hehehe haidragon skyun1314 hohjgdhsj bigfacecat2017 icew4y yuknight ztony478 jiejiao6 weiunli beyondmark primekun freemanzyq zekn kingking888 monohrom001 jacobi2017 1683942030 frank13810055034 youlor damnya hobama goodday123 pharazone misscoconut bjzz lycfr oujunke xinzeyang playniuniu david8557 litttley dev-bobbie clovin irain1987 bkerler satnglove hanbinglengyue xwangkai jpacg shuixi2013 0x6b7966 n0thing2speak jack51706 p-g-krish tigerwood xtftbwvfp sumerzhang yong718100 dxcyber409 gy02042006 widy28 seraphn thr0wcat sowdust darksand lincolnphu ch0pin lr-zhao jasonxgw asan1148 gyyfifafans forsun23 unverbraucht coperius antichown oleavr deathmemory soon-gz nadersidc xzhao23 iyzwei4666 kaelsun yujintao529 tchigher lucaks hhzkzt daisixuan kingsun0 xiajun325 bill-bil losenineai wangzh7678 tinymagicka kungia09 ramble01 kernelbk hanger23 datougui2020 xxoo2995 baptistapedro brucehe1026

jnitrace's Issues

jnitrace为何无法attach?

要么APP崩掉，要么什么都没有

Error includes of null

i got this error

ERROR: {'type': 'error', 'description': "TypeError: Cannot read property 'includes' of null", 'stack': "TypeError: Cannot read property 'includes' of null
   at jnitrace/src/main.ts:39:22
    at Array.forEach (<anonymous>)
    at Object.onLoaded (jnitrace/src/main.ts:38:26)
    at Object.doCallback (node_modules/jnitrace-engine/dist/index.js:127:13)
    at checkLibrary (node_modules/jnitrace-engine/dist/engine.js:44:9)
    at InvocationContext.<anonymous> (node_modules/jnitrace-engine/dist/engine.js:102:17)", 'fileName': 'jnitrace/src/main.ts', 'lineNumber': 39, 'columnNumber': 22}

Not work / empty response

F:\Temp>jnitrace -l * com.example.oaidtest2
Tracing. Press any key to quit...

Neither emulator(android 12.0) nor real phone (android 8.1)

oaid_sdk_demo_release_20220901.zip

" -m attach" can't trace and " -m spawn" trace error

apk download link:
http://dl.pddpic.com/android_dev/2020-04-28/d6b12f09b516007981b0ae328f700747.apk

Test command line 1:
jnitrace -l libPddSecure.so -i Call.* -m attach com.xunmeng.pinduoduo

There is no output
Tracing. Press any key to quit...

Test command line 2:
jnitrace -l libPddSecure.so -i Call.* com.xunmeng.pinduoduo
Output error

`
39302 ms [+] JNIEnv->CallObjectMethod
39302 ms |- JNIEnv* : 0xd4ed33e0
39302 ms |- jobject : 0x79 { android/util/DisplayMetrics }
39302 ms |- jmethodID : 0x6f7bafc4 { getPublicKey()Ljava/security/PublicKey; }
39302 ms |= jobject : 0x91 { java/security/PublicKey }

`
DisplayMetric has no method named getPublicKey

Tracing. Press any key to quit...

App crashing - Tracing. Press any key to quit...

Hi, I have been experiencing problems with jnitrace. Meanwhile, thank you for developing this great tool 🥇

Workspace:

macbook chip m2
Android Studio AVD Emulator (API 26 to 29 tested)
frida, frida-tools and frida-server 16.1.0
jnitrace 3.3.1

Tested App:
ViewerJNI from Google Drive Folder
You can also find a PoC, youtube video, here

My scenario:
run: jnitrace -l libnative-lib.so com.example.viewerjni and tools reply with: Tracing. Press any key to quit...

In the same time, app open and crash.

Logcat stacktrace info:

[...]
library "/vendor/lib64/egl/libGLESv1_CM_emulation.so" ("/vendor/lib64/egl/libGLESv1_CM_emulation.so") needed or dlopened by "/memfd:frida-agent-64.so (deleted)" is not accessible for the namespace: [name="(default)", ld_library_paths="", default_library_paths="/system/lib64", permitted_paths="/system/lib64/drm:/system/lib64/extractors:/system/lib64/hw:/system/product/lib64:/system/framework:/system/app:/system/priv-app:/vendor/framework:/vendor/app:/vendor/priv-app:/odm/framework:/odm/app:/odm/priv-app:/oem/app:/system/product/framework:/system/product/app:/system/product/priv-app:/data:/mnt/expand"]
[...]
Android/sdk_gphone_arm64/generic_arm64:9/PSR1.210301.009.B6/9767327:userdebug/dev-keys
[...]
channel 'dd8ad63 com.example.viewerjni/com.example.viewerjni.MainActivity (server)' ~ Channel is unrecoverably broken

Error: abort was called

Hello. I am new in studying your toolkit. Thank you for developing such interesting tool.
Together with frida you can do everything you want:)

I've got an error. The log and error below. The app doesn't starts. Is it because of unity libs?
Tried frida 12.8.20 and last 12.9.3.
Thanks. Waiting for reply:)

Also I'd like to suggest to add an argument :)

-el <regex> - is used to specify library names that should be ignored in the trace. 
              This can be helpful for reducing the noise in particularly large JNI apps.
              The option can be supplied multiple times.
              For example, -el testLib1.so -el testLib2.so would exclude from the results all JNI method names that contained in this libs.

jnitrace -l * -m spawn com.boundless.jawaker
(https://play.google.com/store/apps/details?id=com.boundless.jawaker&hl=en)
Tracing. Press any key to quit...

     /* TID 7713 */
124 ms [+] JavaVM->GetEnv
124 ms |- JavaVM*          : 0x7df82c8cc0
124 ms |- void**           : 0x7fceef5190
124 ms |:     0x7df82e8460
124 ms |- jint             : 65542
124 ms |= jint             : 0

124 ms ----------------------------------Backtrace----------------------------------
124 ms |->       0x7dd6112960: JNI_OnLoad+0x3c (libqti_performance.so:0x7dd6111000)


       /* TID 7713 */
199 ms [+] JNIEnv->FindClass
199 ms |- JNIEnv*          : 0x7df82e8460
199 ms |- char*            : 0x7dd6113764
199 ms |:     com/qualcomm/qti/Performance
199 ms |= jclass           : 0x85    { com/qualcomm/qti/Performance }

199 ms ----------------------------------------Backtrace----------------------------------------
199 ms |->       0x7e7cba0484: jniRegisterNativeMethods+0x40 (libnativehelper.so:0x7e7cb9e000)


       /* TID 7713 */
204 ms [+] JNIEnv->RegisterNatives
204 ms |- JNIEnv*          : 0x7df82e8460
204 ms |- jclass           : 0x85    { com/qualcomm/qti/Performance }
204 ms |- JNINativeMethod* : 0x7dd6131008
204 ms |:     0x7dd61129f0 - native_perf_lock_acq(II[I)I
204 ms |:     0x7dd6112abc - native_perf_lock_rel(I)I
204 ms |:     0x7dd6112ad8 - native_perf_hint(ILjava/lang/String;II)I
204 ms |:     0x7dd6112b90 - native_perf_get_feedback(ILjava/lang/String;)I
204 ms |:     0x7dd6112c24 - native_perf_io_prefetch_start(ILjava/lang/String;Ljava/lang/String;)I
204 ms |:     0x7dd6112e58 - native_perf_io_prefetch_stop()I
204 ms |:     0x7dd6112f80 - native_perf_uxEngine_events(IILjava/lang/String;I)I
204 ms |:     0x7dd6113154 - native_perf_uxEngine_trigger(I)Ljava/lang/String;
204 ms |- jint             : 8
204 ms |= jint             : 0

204 ms ----------------------------------------Backtrace----------------------------------------
204 ms |->       0x7e7cba04e0: jniRegisterNativeMethods+0x9c (libnativehelper.so:0x7e7cb9e000)


       /* TID 7713 */
213 ms [+] JNIEnv->DeleteLocalRef
213 ms |- JNIEnv*          : 0x7df82e8460
213 ms |- jobject          : 0x85

213 ms ----------------------------------------Backtrace----------------------------------------
213 ms |->       0x7e7cba0534: jniRegisterNativeMethods+0xf0 (libnativehelper.so:0x7e7cb9e000)


       /* TID 7713 */
432 ms [+] JavaVM->AttachCurrentThread
432 ms |- JavaVM*          : 0x7df82c8cc0
432 ms |- void**           : 0x7fceef4ca8
432 ms |:     0x7df82e8460
432 ms |- void*            : 0x0
432 ms |= jint             : 0

432 ms ----------------------------Backtrace----------------------------
432 ms |->       0x7dd54e1858: JNI_OnLoad+0x1c (libmain.so:0x7dd54e1000)


       /* TID 7713 */
437 ms [+] JNIEnv->FindClass
437 ms |- JNIEnv*          : 0x7df82e8460
437 ms |- char*            : 0x7dd54e1b28
437 ms |:     com/unity3d/player/NativeLoader
437 ms |= jclass           : 0x91    { com/unity3d/player/NativeLoader }

437 ms ----------------------------Backtrace----------------------------
437 ms |->       0x7dd54e1870: JNI_OnLoad+0x34 (libmain.so:0x7dd54e1000)


       /* TID 7713 */
443 ms [+] JNIEnv->RegisterNatives
443 ms |- JNIEnv*          : 0x7df82e8460
443 ms |- jclass           : 0x91    { com/unity3d/player/NativeLoader }
443 ms |- JNINativeMethod* : 0x7dd54f1fa0
443 ms |:     0x7dd54e18cc - load(Ljava/lang/String;)Z
443 ms |:     0x7dd54e1a9c - unload()Z
443 ms |- jint             : 2
443 ms |= jint             : 0

443 ms ----------------------------Backtrace----------------------------
443 ms |->       0x7dd54e1894: JNI_OnLoad+0x58 (libmain.so:0x7dd54e1000)


       /* TID 7713 */
453 ms [+] JNIEnv->GetStringUTFLength
453 ms |- JNIEnv*          : 0x7df82e8460
453 ms |- jstring          : 0x7fceef5668
453 ms |= jsize            : 66

453 ms -----------------------------Backtrace-----------------------------
453 ms |->       0x7dd54e1904: libmain.so!0x904 (libmain.so:0x7dd54e1000)


       /* TID 7713 */
457 ms [+] JNIEnv->GetStringUTFChars
457 ms |- JNIEnv*          : 0x7df82e8460
457 ms |- jstring          : 0x7fceef5668
457 ms |- jboolean*        : 0x0
457 ms |= char*            : 0x7df823b750

457 ms -----------------------------Backtrace-----------------------------
457 ms |->       0x7dd54e1930: libmain.so!0x930 (libmain.so:0x7dd54e1000)


       /* TID 7713 */
462 ms [+] JNIEnv->ReleaseStringUTFChars
462 ms |- JNIEnv*          : 0x7df82e8460
462 ms |- jstring          : 0x7df823b750
462 ms |- char*            : 0x7df823b750
462 ms |:     /data/app/com.boundless.jawaker-h3IBeFROAGcy8xvbmPRpuw==/lib/arm64

462 ms -----------------------------Backtrace-----------------------------
462 ms |->       0x7dd54e195c: libmain.so!0x95c (libmain.so:0x7dd54e1000)


       /* TID 7713 */
466 ms [+] JNIEnv->GetJavaVM
466 ms |- JNIEnv*          : 0x7df82e8460
466 ms |- JavaVM**         : 0x7fceef4a00
466 ms |:     0x7df82c8cc0
466 ms |= jint             : 0

466 ms -----------------------------Backtrace-----------------------------
466 ms |->       0x7dd54e197c: libmain.so!0x97c (libmain.so:0x7dd54e1000)

ERROR: {'type': 'error', 'description': 'Error: abort was called', 'stack': 'Error: abort was called\n at InvocationContext. (node_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js:260:23)', 'fileName': 'node_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js', 'lineNumber': 260, 'columnNumber': 23}

app 直接闪退了，打印输出如下，什么都没有？

Tracing. Press any key to quit...
Stopping application (name=com.xunmeng.pinduoduo, pid=6042)...stopped.
设备：android10 MI8
frida-server:14.2.8
app: 拼多多4.69.0

jnitrace execution error

Hello

I am trying to execute jnitrace with python3.8 environment

it shows below

Traceback (most recent call last):
File "C:\Users\a\AppData\Local\Programs\Python\Python38\Scripts\jnitrace-script.py", line 11, in
load_entry_point('jnitrace==3.0.0', 'console_scripts', 'jnitrace')()
File "C:\Users\a\AppData\Local\Programs\Python\Python38\lib\site-packages\jnitrace-3.0.0-py3.8.egg\jnitrace\jnitrace.py", line 519, in main
File "C:\Users\a\AppData\Local\Programs\Python\Python38\lib\site-packages\pkg_resources_init_.py", line 1156, in resource_string
return get_provider(package_or_requirement).get_resource_string(
File "C:\Users\a\AppData\Local\Programs\Python\Python38\lib\site-packages\pkg_resources_init_.py", line 361, in get_provider
import(moduleOrReq)
ModuleNotFoundError: No module named 'jnitrace.build'

can you take this issue?

jnitrace 怎么打印返回的jstring值

怎么修改jnitrace源码打印返回的jstring值

npm run watch error -> build error

Hi there, When i run "npm run watch" right after "npm install", tons of error show up, and this is one of them.
jnitrace version: 3.3.0
py version: 3.7.7
frida version: 14.2.18
npm version: 6.14.7
OS: Debian based Linux

Attach mode maybe has some bugs

When using attach mode,jnitrace can't find the target process although that target process is running all the time:
Traceback (most recent call last):
File "H:\python\program\Scripts\jnitrace-script.py", line 11, in
load_entry_point('jnitrace==3.3.0', 'console_scripts', 'jnitrace')()
File "h:\python\program\lib\site-packages\jnitrace\jnitrace.py", line 584, in main
pid = device.get_process(args.target).pid
File "h:\python\program\lib\site-packages\frida\core.py", line 26, in wrapper
return f(*args, **kwargs)
File "h:\python\program\lib\site-packages\frida\core.py", line 121, in get_process
raise _frida.ProcessNotFoundError("unable to find process with name '%s'" % process_name)
frida.ProcessNotFoundError: unable to find process with name 'com.hxyh.wxamp3'
Frida 15.1.16 - A world-class dynamic instrumentation toolkit

How to install specific version with frida?

For example I'm using frida 12.8.0 family bucket, which version should I get to use?

frida error

jnitrace -l lib.so application -R 127.0.0.1:21042
frida.NotSupportedError: unable to spawn other apps when embedded

not working on x86 emulator with arm support

I'm tested jnitrace on mumu emulator which support arm libraries

jnitrace don't print anything

tested library is arm

filter not work

-i Get
-e *
-e .*
--ignore-env
--ignore-vm

i had try many option, but none of them work, it would print evething called

frida-server 14.0.8
android 10, pixel QP1A.191005.007.A3

Get error when jnitrace an app packed by 360

Hello, I test jnitrace on an app packed by 360 but got an error message:

command is below:

jnitrace -l \* my.v1rtyoz.helloworld

Nexus 6P - Android 6.0.1
frida - 12.8.1
application: my.v1rtyoz.helloworld .apk
displayed error messages

[Not an Issue] Termux Support

Since Frida now can be run in Android Termux fine , please give an -N option to connect to frida-server running on 127.0.0.1 locally, same as
https://github.com/sensepost/objection
which have -N option to connect on by default 127.0.0.1:27042 . so if jnitrace have -N it can perfectly run on android standalone , no need of pc as host .
Thanks

argument of type 'NoneType' is not iterable

Traceback (most recent call last):
File "/Users/anaconda3/env/lib/python3.6/site-packages/frida-12.6.11-py3.6-macosx-10.6-intel.egg/frida/core.py", line 298, in _on_message
callback(message, data)
File "/Users/anaconda3/envs//lib/python3.6/site-packages/jnitrace/jnitrace.py", line 438, in on_message
self._print_backtrace(payload["backtrace"])
File "/Users/anaconda3/envs/lib/python3.6/site-packages/jnitrace/jnitrace.py", line 288, in _print_backtrace
max_len, max_name, size = self._calculate_backtrace_lengths(backtrace)
File "/Users/anaconda3/envs/lib/python3.6/site-packages/jnitrace/jnitrace.py", line 270, in _calculate_backtrace_lengths
b_t["module"]["name"], b_t["symbol"]["name"]
File "/Users/anaconda3/envs/lib/python3.6/site-packages/jnitrace/jnitrace.py", line 242, in _create_backtrace_symbol
if "+" not in symbol_name:
TypeError: argument of type 'NoneType' is not iterable

Is there an implementation library for C++?

I hope to implement it with C++ & and inlinehook

unable to attach the target

Device: Google Nexus 5
Frida-server:frida-server-12.6.13-android-arm
frida:12.6.13
frida-tools:2.0.2
Application: just a helloworld

Stack Trace:

C:\Users\YueLuo>jnitrace -l * com.yueluo.bkpttest -m attach
Traceback (most recent call last):
  File "c:\users\yueluo\appdata\local\programs\python\python37-32\lib\runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "c:\users\yueluo\appdata\local\programs\python\python37-32\lib\runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "C:\Users\YueLuo\AppData\Local\Programs\Python\Python37-32\Scripts\jnitrace.exe\__main__.py", line 9, in <module>
  File "c:\users\yueluo\appdata\local\programs\python\python37-32\lib\site-packages\jnitrace\jnitrace.py", line 491, in main
    session = device.attach(device.attach(args.target))
  File "c:\users\yueluo\appdata\local\programs\python\python37-32\lib\site-packages\frida\core.py", line 110, in attach
    return Session(self._impl.attach(self._pid_of(target)))
  File "c:\users\yueluo\appdata\local\programs\python\python37-32\lib\site-packages\frida\core.py", line 128, in _pid_of
    return self.get_process(target).pid
  File "c:\users\yueluo\appdata\local\programs\python\python37-32\lib\site-packages\frida\core.py", line 68, in get_process
    process_name_lc = process_name.lower()
AttributeError: 'Session' object has no attribute 'lower'

I have fixed this problem by simply change
jni.py
#487 to

    device = frida.get_usb_device(3)
    pid = device.spawn([args.target])
    
    if args.inject_method == "spawn":
        session = device.attach(pid)
    else:
        session = device.attach(args.target)

the issuse seems like the lastest frida has changed their api, but I know shit about frida, so I'm not sure how to completely fix this problem on all frida versions.

how to use frida to watch va_list

JNI函数中会存在变长参数，大概看了一下应该处理为pointer

但是具体怎么处理，取得这里面的值的，还请大佬科普一下 /xk

'runtime' is an invalid keyword argument

Hi, when I use jnitrace, it told me below errors

frida version:12.2.6
jnitrace version:3.0.7
android version: 4.4.2(kitkat) arm emulator

jnitrace -l xx.so com.xxx
Traceback (most recent call last):
File "/usr/local/bin/jnitrace", line 8, in
sys.exit(main())
File "/usr/local/lib/python3.6/site-packages/jnitrace/jnitrace.py", line 552, in main
script = session.create_script(jscode, runtime="v8")
File "/usr/local/lib/python3.6/site-packages/frida/core.py", line 148, in create_script
return Script(self._impl.create_script(*args, **kwargs))
TypeError: 'runtime' is an invalid keyword argument for this function

Unable to intercept function

Hi, I got an error when using jnitrace :

ERROR: {'type': 'error', 'description': 'Error: unable to intercept function at 0x7a833a1000; please file a bug', 'stack': 'Error: unable to intercept function at 0x7a833a1000; please file a bug\n    at value (frida/runtime/core.js:315)\n    at create (node_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js:39)\n    at <anonymous> (node_modules/jnitrace-engine/dist/jni/java_vm_interceptor.js:45)', 'fileName': 'frida/runtime/core.js', 'lineNumber': 315, 'columnNumber': 1}

And at the same time, the app crashed,

? A/OpenGLRenderer: Failed to choose config, error = EGL_SUCCESS
    
    --------- beginning of crash
? A/libc: Fatal signal 6 (SIGABRT), code -6 in tid 19594 (RenderThread), pid 19492 (on_test.xxx)
? I/crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
? I//system/bin/tombstoned: received crash request for pid 19492
? I/crash_dump64: performing dump of process 19492 (target tid = 19594)
? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
? A/DEBUG: Build fingerprint: 'google/walleye/walleye:8.1.0/OPM4.171019.021.Q1/4820346:user/release-keys'
? A/DEBUG: Revision: 'MP1'
? A/DEBUG: ABI: 'arm64'
? A/DEBUG: pid: 19492, tid: 19594, name: RenderThread  >>> com.xxx.test <<<
? A/DEBUG: signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
? A/DEBUG: Abort message: 'Failed to choose config, error = EGL_SUCCESS'
? A/DEBUG:     x0   0000000000000000  x1   0000000000004c8a  x2   0000000000000006  x3   0000007a6732d770
? A/DEBUG:     x4   0000000000000000  x5   0000000000000000  x6   0000000000000000  x7   7f7f7f7f7f7f7f7f
? A/DEBUG:     x8   00000000000000f0  x9   8f7d662b3a37c327  x10  8f7d662b3a37c327  x11  0000000000000001
? A/DEBUG:     x12  0000007a6732d4b8  x13  0000007b0def1ff0  x14  0000000000000100  x15  0000007a6732d368
? A/DEBUG:     x16  0000000000000000  x17  0000007b0c1ee52c  x18  cf2f6f00bcb045f8  x19  0000007a6732d770
? A/DEBUG:     x20  0000000000004c24  x21  0000007a6732d770  x22  0000000000000000  x23  0000007a6732d4b8
? A/DEBUG:     x24  0000000000004cec  x25  0000000000000062  x26  0000007a6732f588  x27  0000000000000000
? A/DEBUG:     x28  0000000000000001  x29  0000007a6732d3c0  x30  0000007b0df580a0
? A/DEBUG:     sp   0000007a6732d3b0  pc   0000007b0dfcce00  pstate 0000000000000000
? A/DEBUG: backtrace:
? A/DEBUG:     #00 pc 000000000009de00  /system/bin/linker64 (__dl_syscall+32)
? A/DEBUG:     #01 pc 000000000002909c  /system/bin/linker64 (__dl__ZL13resend_signalP7siginfob+96)
? A/DEBUG:     #02 pc 0000000000028f4c  /system/bin/linker64 (__dl__ZL24debuggerd_signal_handleriP7siginfoPv+1180)
? A/DEBUG:     #03 pc 00000000001b1c30  /data/local/tmp/re.frida.server/frida-agent-64.so

Please help me to resolve it, thanks.

How to load jnitrace-engine scripts when running jnitrace

Hello,

I've read through the readme files, but I'm still not sure how to load jnitrace-engine scripts when running jnitrace.
(I'm quite new to frida and jnitrace.)

Initially I thought the jnitrace-engine script would work in the same way as frida scripts, so I tried

jnitrace -l libnative-lib.so com.example.myapplication -a path/to/jnitrace-engine-script.js

but it didn't seem to work. (where the content of jnitrace-engine-script.js is exactly same as the simple usage example in the docs)

Could you give some more details about this?

Thank you :)

filters not working?

host: macosx big sur 11.0.1
remote device: arm64-v8a, android 8.1.0
frida: 14.2.13
jnitrace: 3.2.1

i'm looking to trace one method, yet it looks like it's tracing all of them. Perhaps this native code has inserted it's own hooks you are following?

output:

$jnitrace -l '*' -R 192.168.86.65:6666 -i http_verify_sign com.zhiliaoapp.musically
Tracing. Press any key to quit...
           /* TID 18776 */
    568 ms [+] JavaVM->GetEnv
    568 ms |- JavaVM*          : 0x78258a8200
    568 ms |- void**           : 0x7fee618be0
    568 ms |:     0x78258cb1c0
    568 ms |- jint             : 65542
    568 ms |= jint             : 0

    568 ms ----------------------------Backtrace----------------------------
    568 ms |->       0x78075d8d18: JNI_OnLoad+0x44 (libkeva.so:0x78075cb000)
    568 ms |->       0x78075d8d18: JNI_OnLoad+0x44 (libkeva.so:0x78075cb000)


           /* TID 18776 */
    696 ms [+] JNIEnv->FindClass
    696 ms |- JNIEnv*          : 0x78258cb1c0
    696 ms |- char*            : 0x78075e9e24
    696 ms |:     com/bytedance/keva/KevaImpl
    696 ms |= jclass           : 0x89    { com/bytedance/keva/KevaImpl }

    696 ms ----------------------------Backtrace----------------------------
    696 ms |->       0x78075d8d3c: JNI_OnLoad+0x68 (libkeva.so:0x78075cb000)
    696 ms |->       0x78075d8d3c: JNI_OnLoad+0x68 (libkeva.so:0x78075cb000)


           /* TID 18776 */
    699 ms [+] JNIEnv->GetMethodID
    699 ms |- JNIEnv*          : 0x78258cb1c0
    699 ms |- jclass           : 0x89    { com/bytedance/keva/KevaImpl }
    699 ms |- char*            : 0x78075e9e40
    699 ms |:     addMapIntWhenLoading
    699 ms |- char*            : 0x78075e9e55
    699 ms |:     (Ljava/lang/String;IJ)V
    699 ms |= jmethodID        : 0x9bbc2778    { addMapIntWhenLoading(Ljava/lang/String;IJ)V }

    699 ms ----------------------------Backtrace----------------------------
    699 ms |->       0x78075d8d68: JNI_OnLoad+0x94 (libkeva.so:0x78075cb000)
    699 ms |->       0x78075d8d68: JNI_OnLoad+0x94 (libkeva.so:0x78075cb000)


           /* TID 18776 */
    703 ms [+] JNIEnv->GetMethodID
    703 ms |- JNIEnv*          : 0x78258cb1c0
    703 ms |- jclass           : 0x89    { com/bytedance/keva/KevaImpl }
    703 ms |- char*            : 0x78075e9e6d
    703 ms |:     addMapBoolWhenLoading
    703 ms |- char*            : 0x78075e9e83
    703 ms |:     (Ljava/lang/String;ZJ)V
    703 ms |= jmethodID        : 0x9bbc26e8    { addMapBoolWhenLoading(Ljava/lang/String;ZJ)V }

    703 ms ----------------------------Backtrace----------------------------
    703 ms |->       0x78075d8d9c: JNI_OnLoad+0xc8 (libkeva.so:0x78075cb000)
    703 ms |->       0x78075d8d9c: JNI_OnLoad+0xc8 (libkeva.so:0x78075cb000)


           /* TID 18776 */
    706 ms [+] JNIEnv->GetMethodID
    706 ms |- JNIEnv*          : 0x78258cb1c0
    706 ms |- jclass           : 0x89    { com/bytedance/keva/KevaImpl }
    706 ms |- char*            : 0x78075e9e9b
    706 ms |:     addMapFloatWhenLoading
    706 ms |- char*            : 0x78075e9eb2
    706 ms |:     (Ljava/lang/String;FJ)V
    706 ms |= jmethodID        : 0x9bbc2748    { addMapFloatWhenLoading(Ljava/lang/String;FJ)V }

    706 ms ----------------------------Backtrace----------------------------
    706 ms |->       0x78075d8dc8: JNI_OnLoad+0xf4 (libkeva.so:0x78075cb000)
    706 ms |->       0x78075d8dc8: JNI_OnLoad+0xf4 (libkeva.so:0x78075cb000)


           /* TID 18776 */
    709 ms [+] JNIEnv->GetMethodID
    709 ms |- JNIEnv*          : 0x78258cb1c0
    709 ms |- jclass           : 0x89    { com/bytedance/keva/KevaImpl }
    709 ms |- char*            : 0x78075e9eca
    709 ms |:     addMapDoubleWhenLoading
    709 ms |- char*            : 0x78075e9ee2
    709 ms |:     (Ljava/lang/String;DJ)V
    709 ms |= jmethodID        : 0x9bbc2718    { addMapDoubleWhenLoading(Ljava/lang/String;DJ)V }

    709 ms -----------------------------Backtrace-----------------------------
    709 ms |->       0x78075d8df4: JNI_OnLoad+0x120 (libkeva.so:0x78075cb000)
    709 ms |->       0x78075d8df4: JNI_OnLoad+0x120 (libkeva.so:0x78075cb000)


           /* TID 18776 */
    713 ms [+] JNIEnv->GetMethodID
    713 ms |- JNIEnv*          : 0x78258cb1c0
    713 ms |- jclass           : 0x89    { com/bytedance/keva/KevaImpl }
    713 ms |- char*            : 0x78075e9efa
    713 ms |:     addMapLongWhenLoading
    713 ms |- char*            : 0x78075e9f10
    713 ms |:     (Ljava/lang/String;JJ)V
    713 ms |= jmethodID        : 0x9bbc27a8    { addMapLongWhenLoading(Ljava/lang/String;JJ)V }

    713 ms -----------------------------Backtrace-----------------------------
    713 ms |->       0x78075d8e20: JNI_OnLoad+0x14c (libkeva.so:0x78075cb000)
    713 ms |->       0x78075d8e20: JNI_OnLoad+0x14c (libkeva.so:0x78075cb000)


           /* TID 18776 */
    716 ms [+] JNIEnv->GetMethodID
    716 ms |- JNIEnv*          : 0x78258cb1c0
    716 ms |- jclass           : 0x89    { com/bytedance/keva/KevaImpl }
    716 ms |- char*            : 0x78075e9f28
    716 ms |:     addMapOffsetWhenLoading
    716 ms |- char*            : 0x78075e9f40
    716 ms |:     (Ljava/lang/String;JI)V
    716 ms |= jmethodID        : 0x9bbc27d8    { addMapOffsetWhenLoading(Ljava/lang/String;JI)V }

    716 ms -----------------------------Backtrace-----------------------------
    716 ms |->       0x78075d8e4c: JNI_OnLoad+0x178 (libkeva.so:0x78075cb000)
    716 ms |->       0x78075d8e4c: JNI_OnLoad+0x178 (libkeva.so:0x78075cb000)


           /* TID 18776 */
    719 ms [+] JNIEnv->FindClass
    719 ms |- JNIEnv*          : 0x78258cb1c0
    719 ms |- char*            : 0x78075e9f58
    719 ms |:     java/lang/RuntimeException
    719 ms |= jclass           : 0x91    { java/lang/RuntimeException }

    719 ms -----------------------------Backtrace-----------------------------
    719 ms |->       0x78075d8e6c: JNI_OnLoad+0x198 (libkeva.so:0x78075cb000)
    719 ms |->       0x78075d8e6c: JNI_OnLoad+0x198 (libkeva.so:0x78075cb000)


           /* TID 18776 */
    723 ms [+] JNIEnv->NewGlobalRef
    723 ms |- JNIEnv*          : 0x78258cb1c0
    723 ms |- jobject          : 0x91    { java/lang/RuntimeException }
    723 ms |= jobject          : 0x1e12    { java/lang/RuntimeException }

    723 ms -----------------------------Backtrace-----------------------------
    723 ms |->       0x78075d8e80: JNI_OnLoad+0x1ac (libkeva.so:0x78075cb000)
    723 ms |->       0x78075d8e80: JNI_OnLoad+0x1ac (libkeva.so:0x78075cb000)


           /* TID 18776 */
    728 ms [+] JNIEnv->RegisterNatives
    728 ms |- JNIEnv*          : 0x78258cb1c0
    728 ms |- jclass           : 0x89    { com/bytedance/keva/KevaImpl }
    728 ms |- JNINativeMethod* : 0x78075f2000
    728 ms |:     0x78075d8ee0 - loadRepo(Ljava/lang/String;IZ)J
    728 ms |:     0x78075d9088 - initialize(Ljava/lang/String;)V
    728 ms |:     0x78075d91a0 - delete(Ljava/lang/String;)Z
    728 ms |:     0x78075d9300 - clear(J)V
    728 ms |:     0x78075d93c4 - dump(J)V
    728 ms |:     0x78075d93d4 - checkReportException(J)V
    728 ms |:     0x78075d9488 - storeInt(JLjava/lang/String;JI)J
    728 ms |:     0x78075d9684 - storeBoolean(JLjava/lang/String;JZ)J
    728 ms |:     0x78075d9884 - storeString(JLjava/lang/String;JLjava/lang/String;)J
    728 ms |:     0x78075d9b78 - storeFloat(JLjava/lang/String;JF)J
    728 ms |:     0x78075d9d7c - storeLong(JLjava/lang/String;JJ)J
    728 ms |:     0x78075d9f78 - storeDouble(JLjava/lang/String;JD)J
    728 ms |:     0x78075da17c - storeBytes(JLjava/lang/String;J[BI)J
    728 ms |:     0x78075da40c - storeStringArray(JLjava/lang/String;J[Ljava/lang/String;I)J
    728 ms |:     0x78075da818 - fetchInt(JLjava/lang/String;JI)I
    728 ms |:     0x78075daa5c - fetchBoolean(JLjava/lang/String;JZ)Z
    728 ms |:     0x78075daca0 - fetchLong(JLjava/lang/String;JJ)J
    728 ms |:     0x78075daee4 - fetchFloat(JLjava/lang/String;JF)F
    728 ms |:     0x78075db128 - fetchDouble(JLjava/lang/String;JD)D
    728 ms |:     0x78075db36c - fetchString(JLjava/lang/String;JLjava/lang/String;)Ljava/lang/String;
    728 ms |:     0x78075db65c - fetchBytes(JLjava/lang/String;J[BI)[B
    728 ms |:     0x78075db90c - fetchStringArray(JLjava/lang/String;J[Ljava/lang/String;I)[Ljava/lang/String;
    728 ms |:     0x78075dbdfc - erase(JLjava/lang/String;J)V
    728 ms |:     0x78075dbfe0 - rebuildValueMap(J)V
    728 ms |:     0x78075dc0c4 - contains(JLjava/lang/String;J)Z
    728 ms |:     0x78075dc2bc - eraseUnusedChunk(JJ)V
    728 ms |:     0x78075dc2d0 - protectPortingInterProcess(Ljava/lang/String;ZI)I
    728 ms |- jint             : 27
    728 ms |= jint             : 0

    728 ms -----------------------------Backtrace-----------------------------
    728 ms |->       0x78075d8eac: JNI_OnLoad+0x1d8 (libkeva.so:0x78075cb000)
    728 ms |->       0x78075d8eac: JNI_OnLoad+0x1d8 (libkeva.so:0x78075cb000)


           /* TID 18776 */
   1099 ms [+] JNIEnv->GetStringUTFChars
   1099 ms |- JNIEnv*          : 0x78258cb1c0
   1099 ms |- jstring          : 0x7fee619098
   1099 ms |- jboolean*        : 0x0
   1099 ms |= char*            : 0x781a6c5640

   1099 ms ------------------------------Backtrace------------------------------
   1099 ms |->       0x78075d90cc: libkeva.so!0xe0cc (libkeva.so:0x78075cb000)
   1099 ms |->       0x78075d90cc: libkeva.so!0xe0cc (libkeva.so:0x78075cb000)


           /* TID 18776 */
   1122 ms [+] JNIEnv->ReleaseStringUTFChars
   1122 ms |- JNIEnv*          : 0x78258cb1c0
   1122 ms |- jstring          : 0x781a6c5640
   1122 ms |- char*            : 0x781a6c5640
   1122 ms |:     /data/user/0/com.zhiliaoapp.musically/files/keva

   1122 ms ------------------------------Backtrace------------------------------
   1122 ms |->       0x78075d916c: libkeva.so!0xe16c (libkeva.so:0x78075cb000)
   1122 ms |->       0x78075d916c: libkeva.so!0xe16c (libkeva.so:0x78075cb000)


           /* TID 18776 */
   1144 ms [+] JNIEnv->GetStringUTFChars
   1144 ms |- JNIEnv*          : 0x78258cb1c0
   1144 ms |- jstring          : 0x7fee619b88
   1144 ms |- jboolean*        : 0x0
   1144 ms |= char*            : 0x781a66a520

   1144 ms ------------------------------Backtrace------------------------------
   1144 ms |->       0x78075d8f3c: libkeva.so!0xdf3c (libkeva.so:0x78075cb000)
   1144 ms |->       0x78075d8f3c: libkeva.so!0xdf3c (libkeva.so:0x78075cb000)
...

output not saved to file when remote?

$jnitrace -l libEncryptor.so -l libsscronet.so -l libttcrypto.so -l libttmain.so com.zhiliaoapp.musically -R 192.168.86.65:6666 --output jnitrace.log -b accurate --ignore-vm

$cat jnitrace.log
[]%

However, the trace data is printing to stdout. Am I doing something wrong?

device: arm64-v8a, android 8.1.0
frida: 14.2.13
jnitrace: 3.2.0

Jinitrace with frida gadget

Hi, first thank you for writing this script.

I am trying to run it on unrooted android using frida gadget.

The server has been included correctly in the apk and loaded correctly (confirmed with frida-ps -R).

But can't run it using jnitrace.

I started the app with gadget config set to "wait".
I tried the following code but all failed with error related to target:
jnitrace: error: the following arguments are required: target

The command tested are the following:

jnitrace -l * -R Gadget
jnitrace -l * -R re.frida.Gadget
jnitrace -l * -R localhost
jnitrace -l * -R localhost:27042
jnitrace -l * -R 127.0.0.1:27042
jnitrace -l * -R 127.0.0.1

None are working.

If I tried to run:

frida --codeshare chame1eon/jnitrace -R Gadget

It works but the output is a little messy and prefer using the python wrapper of jnitrace instead.

Any idea how to make it work?
Thank you.

TypeError: cannot read property 'threadId' of undefined"

then app crash....

App stopped when spawn mode

when I use spawn mode，the app will stopped.
the comman is jnitrace -l * com.kanxue.ollvm_ndk_9.

when I use attach mode, It work normally.
the command is jni -m attach -l * com.kanxue.ollvm_ndk_9.

the app is here.
ollvm9.zip

Cannot trace any function calls

C:\Users\cooluser>jnitrace -m attach -l * com.coolpackage.app
Tracing. Press any key to quit...

I am debugging an app which uses JNI to do most of its work. When I use jnitrace, there is no function calls I can see. I can do anything in the app, any movement, but it just keeps being stuck. No function calls. What would be the problem? Thanks!

Error: abort was called

jnitrace -l libsgmainso-6.4.94.so com.alimama.moon
get this error:

ERROR: {'type': 'error', 'description': 'Error: abort was called', 'stack': 'Error: abort was called\n at InvocationContext. (jnitrace/src/jni/java_vm_interceptor.ts:100:40)', 'fileName': 'jnitrace/src/jni/java_vm_interceptor.ts', 'lineNumber': 100, 'columnNumber': 40}

APP has stopped

I used to run with Nox emulator with android 7.1.2
and then APP has stopped. and nothing happens at the console just shows "Tracing. Press any key to quit..."

Error after attach, spawn app crashing

ERROR: {'type': 'error', 'description': 'Error: unable to intercept function at 0x7132f4a6a8; please file a bug', 'stack': 'Error: unable to intercept function at 0x7132f4a6a8; please file a bug\n at value (frida/runtime/core.js:364)\n at I (node_modules/jnitrace-engine/dist/engine.js:33)\n at onLeave (node_modules/jnitrace-engine/dist/engine.js:69)', 'fileName': 'frida/runtime/core.js', 'lineNumber': 364, 'columnNumber': 1}

Android 9.0
Frida version 15.1.14

ERROR: {'type': 'error', 'description': 'Error: unable to intercept function at 0x6cee8446a8; please file a bug', 'stack': 'Error: unable to intercept function at 0x6cee8446a8; please file a bug\n at value (frida/runtime/core.js:364)\n at I (node_modules/jnitrace-engine/dist/engine.js:33)\n at onLeave (node_modules/jnitrace-engine/dist/engine.js:69)', 'fileName': 'frida/runtime/core.js', 'lineNumber': 364, 'columnNumber': 1}

Android 11
Frida version 15.1.14

spawn crash on both devices

the err and break whta happend?

ERROR: {'type': 'error', 'description': "TypeError: cannot read property 'fridaParams' of undefined", 'stack': "TypeError: cannot read property 'fridaParams' of undefined\n at (node_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js:170)", 'fileName': 'node_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js', 'lineNumber': 170, 'columnNumber': 1}

`jnitrace -I` syntax error

jnitrace -I work()V -l libmyjni.so com.gdufs.xman
bash: syntax error near unexpected token `('

why?

frida --version
12.8.0

frida.TimedOutError : ~

Hi, I am using frida 14.2.8 & python 3.6.
my devices is galaxy s9+, so 64bits of frida-server is running on devices.
but when I have try to use, the error occurred .

jnitrace -l libDrm2.so com.appName
------Error----------------------------------------
Traceback (most recent call last):
File "c:\users\des\appdata\local\programs\python\python36\lib\runpy.py", line 193, in _run_module_as_main
"main", mod_spec)
File "c:\users\des\appdata\local\programs\python\python36\lib\runpy.py", line 85, in run_code
exec(code, run_globals)
File "C:\Users\des\AppData\Local\Programs\Python\Python36\Scripts\jnitrace.exe_main.py", line 9, in
File "c:\users\des\appdata\local\programs\python\python36\lib\site-packages\jnitrace\jnitrace.py", line 565, in main
pid = device.spawn([args.target], **aux_kwargs)
File "c:\users\des\appdata\local\programs\python\python36\lib\site-packages\frida\core.py", line 26, in wrapper
return f(*args, **kwargs)
File "c:\users\des\appdata\local\programs\python\python36\lib\site-packages\frida\core.py", line 140, in spawn
return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options)
frida.TimedOutError: unexpectedly timed out while waiting for app to launch

Export the hooking logic as a library

Are there any plans to expose the core hooking logic of this library as a NPM library that other Frida scripts can consume?

I'd love to reuse the code you have already written and a library would probably be more maintainable than copy-pasting functions. :)

Error when running script line 1: expecting '(' at <anonymous> (/frida/repl-2.js:1)

When i run example script showing error. Thank you in advance.

import { JNIInterceptor } from "jnitrace-engine";

// Attach to the JNI FindClass method
JNIInterceptor.attach("FindClass", {
    onEnter(args) {
        // called whenever the FindClass is about to be called
        console.log("FindClass method called");
        this.className = Memory.readCString(args[1]);
    },
    onLeave(retval) {
        // called whenever the FindClass method has finished executing
        console.log("\tLoading Class:", this.className);
        console.log("\tClass ID:", retval.get());
    }
});

frida version:

16.1.3

Device:

Nox Emulator, Android Version 7. x86.

Thanks.