lua_dump firda

attach进程的两种方式，第一种是重新运行游戏
device = frida.get_usb_device()
pid = device.spawn("com.cocos2d.fishingfun.uc")
session = device.attach(pid)
device.resume(pid)

第二种是运行之后附加
device = frida.get_usb_device()
session = device.attach("com.cocos2d.fishingfun.uc")


dumplua两种方式
第一种是等待进入游戏，确保我们要hook的so被加载之后，进行hook
var fun = Module.findExportByName("libd2eam.so", "luaL_loadbuffer")
if (!fun) {
    console.log("Can't find fun")
} else {
    console.log('find fun')
    hook_dump_fun(fun)
}

function hook_dump_fun(fun) {
    Interceptor.attach(fun, {
        onEnter: function(args) {
            console.log('--------script start --------')
            console.log('name: ' +  Memory.readUtf8String(args[3]))
            console.log('len: ' +  args[2].toInt32())
            console.log('script: \n' + Memory.readUtf8String(args[1]))
            console.log('--------script end --------')
        }
    })
}

第二种是我们hook dlopen函数。判断参数0是我们要hook的so。确定加载之后进行hook操作
var didHookApis = false

Interceptor.attach(Module.findExportByName(null, "dlopen"), {
    onEnter: function(args) {
        this.path = Memory.readUtf8String(args[0])
        console.log(this.path)
    },
    onLeave: function(retval) {
        if (!retval.isNull() && this.path.indexOf('libd2eam.so') !== -1 && !didHookApis) {
            didHookApis = true
            var fun = Module.findExportByName('libd2eam.so', 'luaL_loadbuffer')
            if (!fun) {
                console.log("still can't find fun???")
            } else {
                hook_dump_fun(fun)
            }
        }
    }
})



function hook_dump_fun(fun) {
    Interceptor.attach(fun, {
        onEnter: function(args) {
            console.log('--------script start --------')
            console.log('name: ' +  Memory.readCString(args[3]))
            console.log('len: ' +  args[2].toInt32())
            console.log('script: \n' + Memory.readCString(args[1]))
            console.log('--------script end --------')
        }
    })
}