ScriptRuntime.setName(ScriptRuntime.bind(context, scriptable, "info"), "yashu", context, scriptable, "info"); Object callName = OptRuntime.callName(new Object[]{ScriptRuntime.name(context, scriptable, "info")}, "toastLog", context, scriptable);
scriptable频繁作为参数, 那么scriptable有什么作用
org.mozilla.javascript.Scriptable是一个接口,
org.mozilla.javascript.ScriptableObject是一个抽象类, 继承了Scriptable
public abstract class ScriptableObject implements Scriptable, SymbolScriptable, Serializable, DebuggableObject, ConstProperties {
org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e._c_script_0的堆栈
org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e._c_script_0(Native Method) org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.call() org.mozilla.javascript.ContextFactory.doTopCall() org.mozilla.javascript.ScriptRuntime.doTopCall() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.call() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.exec() d.g.c.o.g.a.doExecution(:2) com.stardust.autojs.engine.JavaScriptEngine.execute() com.stardust.autojs.engine.LoopBasedJavaScriptEngine.access$001() d.g.c.n.c.run(:2) android.os.Handler.handleCallback(Handler.java:751) android.os.Handler.dispatchMessage(Handler.java:95) android.os.Looper.loop(Looper.java:154) com.stardust.autojs.engine.LoopBasedJavaScriptEngine.execute() com.stardust.autojs.engine.LoopBasedJavaScriptEngine.execute() com.stardust.autojs.execution.LoopedBasedJavaScriptExecution.doExecution() com.stardust.autojs.execution.RunnableScriptExecution.execute() com.stardust.autojs.execution.RunnableScriptExecution.execute() com.stardust.autojs.execution.RunnableScriptExecution.run() java.lang.Thread.run(Thread.java:761)
Scriptable第一次出现是在d.g.c.o.g.a.doExecution(:2)
@Override // com.stardust.autojs.engine.RhinoJavaScriptEngine, com.stardust.autojs.engine.JavaScriptEngine public Object doExecution(JavaScriptSource javaScriptSource) { C2943j.m3908e(javaScriptSource, ScriptEngine.TAG_SOURCE); if (!(javaScriptSource instanceof JavaScriptFileSource)) { return m3402b(javaScriptSource); } try { Class<?> cls = Class.forName(CompileContext.Companion.generateClassName(this.f4084a, ((JavaScriptFileSource) javaScriptSource).f459g)); C2943j.m3907d(cls, "Class.forName(className)"); Object newInstance = cls.newInstance(); Objects.requireNonNull(newInstance, "null cannot be cast to non-null type org.mozilla.javascript.Script"); // 这里第一次出现Scriptable return ((Script) newInstance).exec(getContext(), getScriptable()); } catch (Exception unused) { return m3402b(javaScriptSource); } }
Scriptable属于这个类d.g.c.q.i, 他继承了ImporterTopLevel,
ImporterTopLevel继承了TopLevel,
TopLevel继承了IdScriptableObject,
IdScriptableObject继承了ScriptableObject, IdFunctionCall
我们hook一下ImporterTopLevel
org.mozilla.javascript.ImporterTopLevel
找到两个参数有info的方法
getPackageProperty
----------方法getPackageProperty hook 开始---------- Called org.mozilla.javascript.ImporterTopLevel.getPackageProperty(java.lang.String, org.mozilla.javascript.Scriptable) ----------方法getPackageProperty 参数 开始---------- "info" "<instance: org.mozilla.javascript.Scriptable, $className: d.g.c.q.i>" ----------方法getPackageProperty 参数 结束---------- ----------方法getPackageProperty 返回值 开始---------- 返回值类型: [object Object] 返回值: "<instance: java.lang.Object, $className: org.mozilla.javascript.UniqueTag>" ----------方法getPackageProperty 返回值 结束---------- ----------getPackageProperty 堆栈 开始---------- Backtrace: org.mozilla.javascript.ImporterTopLevel.getPackageProperty(Native Method) org.mozilla.javascript.ImporterTopLevel.has() org.mozilla.javascript.ScriptableObject.getBase() org.mozilla.javascript.ScriptableObject.hasProperty() org.mozilla.javascript.ScriptRuntime.initScript() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e._c_script_0() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.call() org.mozilla.javascript.ContextFactory.doTopCall() org.mozilla.javascript.ScriptRuntime.doTopCall() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.call() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.exec() d.g.c.o.g.a.doExecution(:2) com.stardust.autojs.engine.JavaScriptEngine.execute() com.stardust.autojs.engine.LoopBasedJavaScriptEngine.access$001() d.g.c.n.c.run(:2) android.os.Handler.handleCallback(Handler.java:751) android.os.Handler.dispatchMessage(Handler.java:95) android.os.Looper.loop(Looper.java:154) com.stardust.autojs.engine.LoopBasedJavaScriptEngine.execute() com.stardust.autojs.engine.LoopBasedJavaScriptEngine.execute() com.stardust.autojs.execution.LoopedBasedJavaScriptExecution.doExecution() com.stardust.autojs.execution.RunnableScriptExecution.execute() com.stardust.autojs.execution.RunnableScriptExecution.execute() com.stardust.autojs.execution.RunnableScriptExecution.run() java.lang.Thread.run(Thread.java:761) ----------getPackageProperty 堆栈 结束---------- ----------方法getPackageProperty hook 结束----------
get
----------方法get 返回值 开始---------- 返回值类型: [object Object] 返回值: "<instance: java.lang.Object, $className: java.lang.String>" ----------方法get 返回值 结束---------- ----------get 堆栈 开始---------- Backtrace: org.mozilla.javascript.ImporterTopLevel.get(Native Method) org.mozilla.javascript.ScriptableObject.getProperty() org.mozilla.javascript.ScriptRuntime.topScopeName() org.mozilla.javascript.ScriptRuntime.name() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e._c_script_0(:2) org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.call() org.mozilla.javascript.ContextFactory.doTopCall() org.mozilla.javascript.ScriptRuntime.doTopCall() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.call() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.exec() d.g.c.o.g.a.doExecution(:2) com.stardust.autojs.engine.JavaScriptEngine.execute() com.stardust.autojs.engine.LoopBasedJavaScriptEngine.access$001() d.g.c.n.c.run(:2) android.os.Handler.handleCallback(Handler.java:751) android.os.Handler.dispatchMessage(Handler.java:95) android.os.Looper.loop(Looper.java:154) com.stardust.autojs.engine.LoopBasedJavaScriptEngine.execute() com.stardust.autojs.engine.LoopBasedJavaScriptEngine.execute() com.stardust.autojs.execution.LoopedBasedJavaScriptExecution.doExecution() com.stardust.autojs.execution.RunnableScriptExecution.execute() com.stardust.autojs.execution.RunnableScriptExecution.execute() com.stardust.autojs.execution.RunnableScriptExecution.run() java.lang.Thread.run(Thread.java:761) ----------get 堆栈 结束---------- ----------方法get hook 结束----------
包含toastLog的方法
get
----------方法get hook 开始---------- Called org.mozilla.javascript.ImporterTopLevel.get(java.lang.String, org.mozilla.javascript.Scriptable) ----------方法get 参数 开始---------- "toastLog" "<instance: org.mozilla.javascript.Scriptable, $className: d.g.c.q.i>" ----------方法get 参数 结束---------- ----------方法get 返回值 开始---------- 返回值类型: [object Object] 返回值: "<instance: java.lang.Object, $className: org.mozilla.javascript.InterpretedFunction>" ----------方法get 返回值 结束---------- ----------get 堆栈 开始---------- Backtrace: org.mozilla.javascript.ImporterTopLevel.get(Native Method) org.mozilla.javascript.ScriptableObject.getProperty() org.mozilla.javascript.ScriptRuntime.topScopeName() org.mozilla.javascript.ScriptRuntime.getNameFunctionAndThis() org.mozilla.javascript.optimizer.OptRuntime.callName() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e._c_script_0(:2) org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.call() org.mozilla.javascript.ContextFactory.doTopCall() org.mozilla.javascript.ScriptRuntime.doTopCall() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.call() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.exec() d.g.c.o.g.a.doExecution(:2) com.stardust.autojs.engine.JavaScriptEngine.execute() com.stardust.autojs.engine.LoopBasedJavaScriptEngine.access$001() d.g.c.n.c.run(:2) android.os.Handler.handleCallback(Handler.java:751) android.os.Handler.dispatchMessage(Handler.java:95) android.os.Looper.loop(Looper.java:154) com.stardust.autojs.engine.LoopBasedJavaScriptEngine.execute() com.stardust.autojs.engine.LoopBasedJavaScriptEngine.execute() com.stardust.autojs.execution.LoopedBasedJavaScriptExecution.doExecution() com.stardust.autojs.execution.RunnableScriptExecution.execute() com.stardust.autojs.execution.RunnableScriptExecution.execute() com.stardust.autojs.execution.RunnableScriptExecution.run() java.lang.Thread.run(Thread.java:761) ----------get 堆栈 结束---------- ----------方法get hook 结束----------
包含log的方法
get
----------方法get hook 开始---------- Called org.mozilla.javascript.ImporterTopLevel.get(java.lang.String, org.mozilla.javascript.Scriptable) ----------方法get 参数 开始---------- "log" "<instance: org.mozilla.javascript.Scriptable, $className: d.g.c.q.i>" ----------方法get 参数 结束---------- ----------方法get 返回值 开始---------- 返回值类型: [object Object] 返回值: "<instance: java.lang.Object, $className: org.mozilla.javascript.BoundFunction>" ----------方法get 返回值 结束---------- ----------get 堆栈 开始---------- Backtrace: org.mozilla.javascript.ImporterTopLevel.get(Native Method) org.mozilla.javascript.ScriptableObject.getProperty() org.mozilla.javascript.ScriptRuntime.getPropFunctionAndThisHelper() org.mozilla.javascript.ScriptRuntime.getPropFunctionAndThis() org.mozilla.javascript.Interpreter.interpretLoop() org.mozilla.javascript.Interpreter.interpret() org.mozilla.javascript.InterpretedFunction.call() org.mozilla.javascript.optimizer.OptRuntime.callName() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e._c_script_0(:2) org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.call() org.mozilla.javascript.ContextFactory.doTopCall() org.mozilla.javascript.ScriptRuntime.doTopCall() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.call() org.autojs.autojspro.gen._7a9076d6d94e62c13d641aa71f19ae8e.exec() d.g.c.o.g.a.doExecution(:2) com.stardust.autojs.engine.JavaScriptEngine.execute() com.stardust.autojs.engine.LoopBasedJavaScriptEngine.access$001() d.g.c.n.c.run(:2) android.os.Handler.handleCallback(Handler.java:751) android.os.Handler.dispatchMessage(Handler.java:95) android.os.Looper.loop(Looper.java:154) com.stardust.autojs.engine.LoopBasedJavaScriptEngine.execute() com.stardust.autojs.engine.LoopBasedJavaScriptEngine.execute() com.stardust.autojs.execution.LoopedBasedJavaScriptExecution.doExecution() com.stardust.autojs.execution.RunnableScriptExecution.execute() com.stardust.autojs.execution.RunnableScriptExecution.execute() com.stardust.autojs.execution.RunnableScriptExecution.run() java.lang.Thread.run(Thread.java:761) ----------get 堆栈 结束---------- ----------方法get hook 结束----------
未完待续
