Skip to content

Instantly share code, notes, and snippets.

@hyongbai

hyongbai/ClassLoader of ActivityManagerService.md

Last active February 10, 2022 07:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hyongbai/86232ae38a15dd7ac668f9d3aeb3bf5f to your computer and use it in GitHub Desktop.
Save hyongbai/86232ae38a15dd7ac668f9d3aeb3bf5f to your computer and use it in GitHub Desktop.
Download ZIP
ClassLoader of ActivityManagerService
Raw
ClassLoader of ActivityManagerService.md

ClassLoader of ActivityManagerService

alvik.system.PathClassLoader[DexPathList[[
zip file "/system/framework/com.android.location.provider.jar", 
zip file "/system/framework/services.jar", 
zip file "/system/framework/ethernet-service.jar", 
zip file "/apex/com.android.appsearch/javalib/service-appsearch.jar", 
zip file "/apex/com.android.media/javalib/service-media-s.jar", 
zip file "/apex/com.android.permission/javalib/service-permission.jar"],
nativeLibraryDirectories=[/system/lib64, /system_ext/lib64, /system/lib64, /system_ext/lib64]]]

frida script

let ams_ActivityStarter_execStartActivity = () => {
  var startActivityUnchecked = Java.use('com.android.server.wm.ActivityStarter').startActivityUnchecked
  startActivityUnchecked.implementation = function (r, sourceRecord, voiceSession, voiceInteractor, startFlags, doResume, options, inTask, outActivity, restrictedBgActivity) {
    log("startActivityUnchecked: options: " + options + ", r: " + r);
    log(`ams_ActivityStarter_execStartActivity = ${this.getClass().getClassLoader()}`);
    var result = startActivityUnchecked.call(this, r, sourceRecord, voiceSession, voiceInteractor, startFlags, doResume, options, inTask, outActivity, restrictedBgActivity);
    return result;
  }
}

frida -U -f --no-pause -l _agent.js -p {pid-of-system_server}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment