• JNI 反射

    #include <jni.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <android/log.h>
#include <sys/stat.h>
#include <unistd.h>
#include <sys/types.h>
#include <elf.h>
#include <sys/mman.h>
#include <assert.h>


/***************************************************************************************
*
* 宏定义
*
****************************************************************************************/
//输出调试信息到logcat
#define   DEBUG
#define   LOG_TAG    "LOG_ANDROID_SHELL"
#define   LOGI(...)  __android_log_print(ANDROID_LOG_INFO,LOG_TAG,__VA_ARGS__)
#define   LOGE(...)  __android_log_print(ANDROID_LOG_ERROR,LOG_TAG,__VA_ARGS__)

//求一维数组元素个数
# define NELEM(x) ((int) (sizeof(x) / sizeof((x)[0])))

//Application类,壳入口
#define JNIREG_CLASS "com/lzy/androidshell/MainApplication"


/***************************************************************************************
*
* 范例代码
*
****************************************************************************************/
//解密dex
JNIEXPORT
void
JNICALL
sub_1111(JNIEnv* env, jobject thiz, jobject context)
{
    jclass native_clazz = env->GetObjectClass(context);
    jmethodID methodID_func = env->GetMethodID(native_clazz, "getPackageName",
            "()Ljava/lang/String;");
    jstring packagename = (jstring) (env->CallObjectMethod(context,
            methodID_func));
    const char *str = env->GetStringUTFChars(packagename, 0);
    char destination[128];
    const char *blank = "/data/data/", *c = "/.cache/";
    strcpy(destination, blank);
    strcat(destination, str);
    strcat(destination, c);
    LOGI("stringcccccccccccccccc %s", destination);

    env->ReleaseStringUTFChars(packagename, str);
    jint a = mkdir(destination, 777);

    LOGI("Created a file in android! %d", a);
    const char *pre = "chmod 755 ";
    char cmd[128];
    strcpy(cmd, pre);
    strcat(cmd, destination);
    LOGI("cmd %s", cmd);
    jstring jcmd = CharTojstring(env, cmd);

    //exec
    jclass Runtime = env->FindClass("java/lang/Runtime");
    jmethodID Runtime_func = env->GetStaticMethodID(Runtime, "getRuntime",
            "()Ljava/lang/Runtime;");
    jobject class_obj = env->CallStaticObjectMethod(Runtime, Runtime_func);
    jclass class_java = env->GetObjectClass(class_obj);

    jmethodID exec_func = env->GetMethodID(class_java, "exec",
            "(Ljava/lang/String;)Ljava/lang/Process;");
    jobject method_obj = env->CallObjectMethod(class_obj, exec_func, jcmd);
    jclass class_method_obj = env->GetObjectClass(method_obj);

    jmethodID waitfor_func = env->GetMethodID(class_method_obj, "waitFor",
            "()I");
    jint result = env->CallIntMethod(method_obj, waitfor_func);

    LOGI("CallIntMethod %d", result);
    jclass native_clazz2 = env->GetObjectClass(context);
    jmethodID methodID_func2 = env->GetMethodID(native_clazz2, "getPackageName",
            "()Ljava/lang/String;");
    jstring packagename2 = (jstring) (env->CallObjectMethod(context,
            methodID_func2));
    const char *str2 = env->GetStringUTFChars(packagename2, 0);
    char destination2[128];
    const char *blank2 = "/data/data/", *c2 = "/.cache/classdex.jar";
    strcpy(destination2, blank2);
    strcat(destination2, str2);
    strcat(destination2, c2);
    LOGI("string %s", destination2);
    LOGI("log test ok ");
    env->ReleaseStringUTFChars(packagename2, str2);
    jstring jdestination = CharTojstring(env, destination2);

    jmethodID methodID_getApplicationInfo = env->GetMethodID(native_clazz2,
            "getApplicationInfo", "()Landroid/content/pm/ApplicationInfo;");
    jobject ApplicationInfo = env->CallObjectMethod(context,
            methodID_getApplicationInfo);
    jclass cls_ApplicationInfo = env->GetObjectClass(ApplicationInfo);

    jfieldID JarFieldId = env->GetFieldID(cls_ApplicationInfo,
            "publicSourceDir", "Ljava/lang/String;");

    jstring SourceDir = (jstring) (env->GetObjectField(ApplicationInfo,
            JarFieldId));
    const char *strs = env->GetStringUTFChars(SourceDir, 0);
    char destinations[128];
    strcpy(destinations, strs);
    jbyteArray bytes = env->NewByteArray(65536);
    LOGI("HAHAHAHHAHAHAHA %s", destinations);

    env->ReleaseStringUTFChars(SourceDir, strs);

    LOGI("HAHAHAHHAHAHAHA222222222222222");
    char *classdex_jar2 = "assets/ErickyProtect.so";
    jstring jclassdex_jar = CharTojstring(env, classdex_jar2);
    jclass cls_JarFile = env->FindClass("java/util/jar/JarFile");
    jmethodID methodID_JarFile = env->GetMethodID(cls_JarFile, "<init>",
            "(Ljava/lang/String;)V");
    jobject localJarFile = env->NewObject(cls_JarFile, methodID_JarFile,
            SourceDir);

    //localjarFile getEntry method
    jmethodID methodID_getentry = env->GetMethodID(cls_JarFile, "getEntry",
            "(Ljava/lang/String;)Ljava/util/zip/ZipEntry;");
    jobject LocalZipEntry = env->CallObjectMethod(localJarFile,
            methodID_getentry, jclassdex_jar);
    //localjarFile getInputStream method
    jmethodID methodID_getInputStream = env->GetMethodID(cls_JarFile,
            "getInputStream",
            "(Ljava/util/zip/ZipEntry;)Ljava/io/InputStream;");
    jobject BufferinputstreamParam = env->CallObjectMethod(localJarFile,
            methodID_getInputStream, LocalZipEntry);

    //new a File class
    jclass cls_File = env->FindClass("java/io/File");
    jmethodID methodID_File = env->GetMethodID(cls_File, "<init>",
            "(Ljava/lang/String;)V");
    jobject localFile = env->NewObject(cls_File, methodID_File, jdestination);

    //new  BufferedInputStream
    jclass cls_BufferedInputStream = env->FindClass(
            "java/io/BufferedInputStream");
    jmethodID methodID_BufferedInputStream = env->GetMethodID(
            cls_BufferedInputStream, "<init>", "(Ljava/io/InputStream;)V");
    jobject localBufferedInputStream = env->NewObject(cls_BufferedInputStream,
            methodID_BufferedInputStream, BufferinputstreamParam);
    //new FileoutputStream

    jclass cls_FileOutputStream = env->FindClass("java/io/FileOutputStream");
    jmethodID methodID_FileOutputStream = env->GetMethodID(cls_FileOutputStream,
            "<init>", "(Ljava/io/File;)V");
    jobject BufferoutputstreamParam = env->NewObject(cls_FileOutputStream,
            methodID_FileOutputStream, localFile);

    //new BufferedOutputStream
    jclass cls_BufferedOutputStream = env->FindClass(
            "java/io/BufferedOutputStream");
    jmethodID methodID_BufferedOutputStream = env->GetMethodID(
            cls_BufferedOutputStream, "<init>", "(Ljava/io/OutputStream;)V");
    jobject localBufferedOutputStream = env->NewObject(cls_BufferedOutputStream,
            methodID_BufferedOutputStream, BufferoutputstreamParam);
    //some preparations
    jmethodID methodID_write = env->GetMethodID(cls_BufferedOutputStream, "write", "([BII)V");
    jmethodID methodID_read = env->GetMethodID(cls_BufferedInputStream, "read", "([B)I");
    jmethodID output_flush = env->GetMethodID(cls_BufferedOutputStream, "flush", "()V");
    jmethodID output_close = env->GetMethodID(cls_BufferedOutputStream, "close", "()V");
    jmethodID input_close = env->GetMethodID(cls_BufferedInputStream, "close", "()V");

    while (true) {
        jint i = env->CallIntMethod(localBufferedInputStream, methodID_read, bytes);
        LOGI("IIIIIIIIII %d", i);
        if (i <= 0) {
            env->CallVoidMethod(localBufferedOutputStream, output_flush);
            env->CallVoidMethod(localBufferedOutputStream, output_close);
            env->CallVoidMethod(localBufferedInputStream, input_close);
            return;
        }
        env->CallVoidMethod(localBufferedOutputStream, methodID_write, bytes, 0, i);
        LOGI("afterwrite %d", i);
    }
}


//动态加载DEX
JNIEXPORT
jobject
JNICALL
sub_2222(JNIEnv* env, jobject thiz, jobject context)
{
    jclass native_clazz = env->GetObjectClass(context);
    jmethodID methodID_func = env->GetMethodID(native_clazz, "getPackageName", "()Ljava/lang/String;");
    jstring packagename = (jstring) (env->CallObjectMethod(context, methodID_func));
    char *aa = "android.app.ActivityThread", *bb = "currentActivityThread";
    jstring jaa = CharTojstring(env, aa);
    jstring jbb = CharTojstring(env, bb);
    jobjectArray pareTyple;
    jobjectArray pareVaules;
    jobject currentActivityThread = invokeStaticMethodss(env, jaa, jbb, pareTyple, pareVaules);
    char *cc = "android.app.ActivityThread", *dd = "mPackages";
    jstring jcc = CharTojstring(env, cc);
    jstring jdd = CharTojstring(env, dd);
    jclass class_hashmap = env->FindClass("java/util/HashMap");
    jmethodID hashmap_construct_method = env->GetMethodID(class_hashmap, "<init>", "()V");
    jobject obj_hashmap = env->NewObject(class_hashmap, hashmap_construct_method, "");
    obj_hashmap = getFieldOjbect(env, jcc, currentActivityThread, jdd);
    jclass class_WeakReference = env->FindClass("java/lang/ref/WeakReference");
    if (class_WeakReference == NULL) {
        LOGI("class_WeakReference Not Found ");
    }
    jmethodID WeakReference_get_method = env->GetMethodID(class_WeakReference, "get", "()Ljava/lang/Object;");
    if (WeakReference_get_method == NULL) {
        LOGI("WeakReference_get_method Not Found ");
    }
    jmethodID get_func = env->GetMethodID(class_hashmap, "get", "(Ljava/lang/Object;)Ljava/lang/Object;");
    if (get_func == NULL) {
        LOGI("get_func Not Found ");
    }
    jobject get_obj = env->CallObjectMethod(obj_hashmap, get_func, packagename);
    if (get_obj == NULL) {
        LOGI("get_obj Not Found ");
    }
    jobject get_get_obj = env->CallObjectMethod(get_obj, WeakReference_get_method);
    if (get_get_obj == NULL) {
        LOGI("get_get_obj Not Found ");
    }
    //Strings prepared
    const char *str = env->GetStringUTFChars(packagename, 0);
    char parameter1[128];
    char parameter2[128];
    char parameter3[128];
    const char *qz = "/data/data/", *hz1 = "/.cache/classdex.jar", *hz2 = "/.cache", *hz3 = "/.cache/";
    strcpy(parameter1, qz);
    strcat(parameter1, str);
    strcat(parameter1, hz1);
    strcpy(parameter2, qz);
    strcat(parameter2, str);
    strcat(parameter2, hz2);
    strcpy(parameter3, qz);
    strcat(parameter3, str);
    strcat(parameter3, hz3);
    LOGI("protect parameter1 %s", parameter1);
    LOGI("protect parameter2 %s", parameter2);
    LOGI("protect parameter3 %s", parameter3);
    env->ReleaseStringUTFChars(packagename, str);
    jstring jparameter1 = CharTojstring(env, parameter1);
    jstring jparameter2 = CharTojstring(env, parameter2);
    jstring jparameter3 = CharTojstring(env, parameter3);
    char *loadapk = "android.app.LoadedApk", *mClassLoader = "mClassLoader";
    jstring jloadapk = CharTojstring(env, loadapk);
    jstring jmClassLoader = CharTojstring(env, mClassLoader);
    jclass class_DexClassloader = env->FindClass("dalvik/system/DexClassLoader");
    if (class_DexClassloader == NULL) {
        LOGI("class_DexClassloader Not Found ");
    }
    jmethodID DexClassloader_construct_method = env->GetMethodID(class_DexClassloader, "<init>",
            "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/ClassLoader;)V");
    if (DexClassloader_construct_method == NULL) {
        LOGI("DexClassloader_construct_method Not Found ");
    }
    jobject obj_DexClassloader = env->NewObject(class_DexClassloader,
            DexClassloader_construct_method, jparameter1, jparameter2,
            jparameter3,
            getFieldOjbect(env, jloadapk, get_get_obj, jmClassLoader));
    if (obj_DexClassloader == NULL) {
        LOGI("obj_DexClassloader Not Found ");
    }
    setFieldOjbect(env, jloadapk, jmClassLoader, get_get_obj, obj_DexClassloader);

    return get_get_obj;
}


//char* 到 jstring 转换
jstring
CharTojstring(JNIEnv* env, char* str)
{
    jsize len = strlen(str);

    jclass clsstring = env->FindClass("java/lang/String");
    jstring strencode = env->NewStringUTF("GB2312");

    jmethodID mid = env->GetMethodID(clsstring, "<init>",
            "([BLjava/lang/String;)V");
    jbyteArray barr = env->NewByteArray(len);

    env->SetByteArrayRegion(barr, 0, len, (jbyte*) str);
    return (jstring) env->NewObject(clsstring, mid, barr, strencode);
}


//调用指令类的静态函数
jobject
invokeStaticMethodss(JNIEnv *env, jstring class_name, jstring method_name, jobjectArray pareTyple, jobjectArray pareVaules)
{
    jclass context = env->FindClass("java/lang/Class");
    jmethodID forName_func = env->GetStaticMethodID(context, "forName",
            "(Ljava/lang/String;)Ljava/lang/Class;");
    jobject class_obj = env->CallStaticObjectMethod(context, forName_func,
            class_name);
    jclass class_java = env->GetObjectClass(class_obj);

    jmethodID getMethod_func = env->GetMethodID(class_java, "getMethod",
            "(Ljava/lang/String;[Ljava/lang/Class;)Ljava/lang/reflect/Method;");
    jobject method_obj = env->CallObjectMethod(class_obj, getMethod_func,
            method_name, pareTyple);
    jclass class_method_obj = env->GetObjectClass(method_obj);

    jmethodID invoke_func = env->GetMethodID(class_method_obj, "invoke",
            "(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;");
    jobject invoke_obj = env->CallObjectMethod(method_obj, invoke_func, NULL,
            pareVaules);
    env->DeleteLocalRef(class_java);
    env->DeleteLocalRef(method_obj);
    return invoke_obj;
}


//获取类的成员变量的值
jobject
getFieldOjbect(JNIEnv *env, jstring class_name, jobject obj, jstring fieldName)
{
    jclass context = env->FindClass("java/lang/Class");
    jmethodID forName_func = env->GetStaticMethodID(context, "forName",
            "(Ljava/lang/String;)Ljava/lang/Class;");
    jobject class_obj = env->CallStaticObjectMethod(context, forName_func,
            class_name);
    jclass class_java = env->GetObjectClass(class_obj);

    jmethodID getField_func = env->GetMethodID(class_java, "getDeclaredField",
            "(Ljava/lang/String;)Ljava/lang/reflect/Field;");
    jobject method_obj = env->CallObjectMethod(class_obj, getField_func,
            fieldName);
    jclass class_method_obj = env->GetObjectClass(method_obj);

    jmethodID setaccess_func = env->GetMethodID(class_method_obj,
            "setAccessible", "(Z)V");
    env->CallVoidMethod(method_obj, setaccess_func, true);

    jmethodID get_func = env->GetMethodID(class_method_obj, "get",
            "(Ljava/lang/Object;)Ljava/lang/Object;");
    jobject get_obj = env->CallObjectMethod(method_obj, get_func, obj);

    env->DeleteLocalRef(class_java);
    env->DeleteLocalRef(method_obj);
    return get_obj;
}


//修改类的成员变量的值
void
setFieldOjbect(JNIEnv *env, jstring class_name, jstring fieldName, jobject obj, jobject filedVaule)
{
    jclass context = env->FindClass("java/lang/Class");
    jmethodID forName_func = env->GetStaticMethodID(context, "forName",
            "(Ljava/lang/String;)Ljava/lang/Class;");
    jobject class_obj = env->CallStaticObjectMethod(context, forName_func,
            class_name);
    jclass class_java = env->GetObjectClass(class_obj);

    jmethodID getField_func = env->GetMethodID(class_java, "getDeclaredField",
            "(Ljava/lang/String;)Ljava/lang/reflect/Field;");
    jobject method_obj = env->CallObjectMethod(class_obj, getField_func,
            fieldName);
    jclass class_method_obj = env->GetObjectClass(method_obj);

    jmethodID setaccess_func = env->GetMethodID(class_method_obj,
            "setAccessible", "(Z)V");
    env->CallVoidMethod(method_obj, setaccess_func, true);

    jmethodID set_func = env->GetMethodID(class_method_obj, "set",
            "(Ljava/lang/Object;Ljava/lang/Object;)V");
    env->CallVoidMethod(method_obj, set_func, obj, filedVaule);

    env->DeleteLocalRef(class_java);
    env->DeleteLocalRef(method_obj);
}
  • 相关阅读:
    Oracle Spool详解
    转自云界漫步:同步容灾100公里的限制来自哪里
    中国十大基金公司排行榜
    DataGuard体系结构
    SWIFT国际资金清算系统
    linux -- 命令大全
    bootstrap -- css -- 图片
    bootstrap -- css -- 按钮
    bootstrap -- css -- 表单控件
    bootstrap -- css -- 表单
  • 原文地址:https://www.cnblogs.com/luzhiyuan/p/4474392.html
Copyright © 2020-2023  润新知