Improve Java.registerClass() and fix generic array handling (#120)

gebing · oleavr · commit 271a47ab1234 · 2019-07-22T20:09:45.000+02:00
diff --git a/lib/class-factory.js b/lib/class-factory.js
@@ -1785,12 +1785,13 @@ function ClassFactory (vm) {
 
       const className = spec.name;
       const interfaces = (spec.implements || []);
+      const superClass = (spec.superClass || factory.use('java.lang.Object'));
 
       const dexMethods = [];
       const dexSpec = {
         name: makeJniObjectTypeName(className),
         sourceFileName: makeSourceFileName(className),
-        superClass: 'Ljava/lang/Object;',
+        superClass: makeJniObjectTypeName(superClass.$classWrapper.__name__),
         interfaces: interfaces.map(iface => makeJniObjectTypeName(iface.$classWrapper.__name__)),
         methods: dexMethods
       };
@@ -1804,7 +1805,7 @@ function ClassFactory (vm) {
         const ifaceProto = Object.getPrototypeOf(iface);
         Object.getOwnPropertyNames(ifaceProto)
           .filter(name => {
-            return name[0] !== '$' && name !== 'constructor' && name !== 'class';
+            return name[0] !== '$' && name !== 'constructor' && name !== 'class' && iface[name].overloads !== undefined;
           })
           .forEach(name => {
             const method = iface[name];
@@ -1851,7 +1852,7 @@ function ClassFactory (vm) {
 
           if (typeof methodValue === 'function') {
             const m = baseMethods[name];
-            if (m !== undefined) {
+            if (m !== undefined && Array.isArray(m)) {
               const [baseMethod, overloadIds, parentTypeHandle] = m;
 
               if (overloadIds.length > 1) {
@@ -1950,6 +1951,59 @@ function ClassFactory (vm) {
         env.checkForExceptionAndThrowIt();
       }
 
+      if (spec.superClass) {
+        Object.defineProperty(Klass.$classWrapper.prototype, '$super', {
+          enumerable: true,
+          get: function () {
+            const superInstance = factory.cast(this, superClass);
+            return new Proxy(superInstance, {
+              get: function (target, property, receiver) {
+                const prop = superInstance[property];
+                if (prop === undefined || prop.overloads === undefined) {
+                  return prop;
+                }
+                function makeProxy (method) {
+                  return new Proxy(method, {
+                    apply: function (target, thisArg, args) {
+                      const tid = Process.getCurrentThreadId();
+                      try {
+                        method[PENDING_CALLS].add(tid);
+                        return method.apply(superInstance, args);
+                      } finally {
+                        method[PENDING_CALLS].delete(tid);
+                      }
+                    }
+                  });
+                }
+                return new Proxy(prop, {
+                  apply: function (target, thisArg, args) {
+                    for (let i = 0; i !== prop.overloads.length; i++) {
+                      const method = prop.overloads[i];
+                      if (method.canInvokeWith(args)) {
+                        return makeProxy(method).apply(target, args);
+                      }
+                    }
+                    throwOverloadError(property, prop.overloads, 'argument types do not match any of:');
+                  },
+                  get: function (target, property, receiver) {
+                    switch (property) {
+                      case 'overloads':
+                        return prop.overloads.map(makeProxy);
+                      case 'overload':
+                        return function (...args) {
+                          return makeProxy(prop.overload.apply(superInstance, args))
+                        };
+                      default:
+                        return prop[property];
+                    }
+                  },
+                });
+              },
+            });
+          }
+        });
+      }
+
       const C = classes[spec.name];
 
       function placeholder (...args) {
@@ -2466,11 +2520,11 @@ const primitiveArrayTypes = [
     ['S', 'short'],
   ]
   .reduce((result, [shorty, name]) => {
-    result['[' + shorty] = makePrimitiveArrayType(name);
+    result['[' + shorty] = makePrimitiveArrayType('[' + shorty, name);
     return result;
   }, {});
 
-function makePrimitiveArrayType (name) {
+function makePrimitiveArrayType (shorty, name) {
   const envProto = Env.prototype;
 
   const nameTitled = toTitleCase(name);
@@ -2483,7 +2537,7 @@ function makePrimitiveArrayType (name) {
   };
 
   return {
-    name: name,
+    name: shorty,
     type: 'pointer',
     size: 1,
     isCompatible: function (v) {
diff --git a/lib/env.js b/lib/env.js
@@ -873,6 +873,8 @@ Env.prototype.getTypeName = function (type, getGenericsInformation) {
 
   if (this.isInstanceOf(type, this.javaLangClass().handle)) {
     return this.getClassName(type);
+  } else if (this.isInstanceOf(type, this.javaLangReflectGenericArrayType().handle)) {
+    return this.getArrayTypeName(type);
   } else if (this.isInstanceOf(type, this.javaLangReflectParameterizedType().handle)) {
     const rawType = invokeObjectMethodNoArgs(this.handle, type, this.javaLangReflectParameterizedType().getRawType);
     this.checkForExceptionAndThrowIt();
diff --git a/test/re/frida/ClassCreationTest.java b/test/re/frida/ClassCreationTest.java
@@ -5,19 +5,26 @@
 import org.junit.After;
 import org.junit.Test;
 
+import java.io.OutputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.Arrays;
 import javax.net.ssl.X509TrustManager;
 
 public class ClassCreationTest {
     private static Object badgerObject = null;
     private static Class bananaClass = null;
+    private static Class hasFieldClass = null;
+    private static Class primitiveArrayClass = null;
+    private static Class myOutputClass = null;
     private static Class trustManagerClass = null;
     private static Class formatterClass = null;
     private static Class weirdTrustManagerClass = null;
+    private HasField hasField;
 
     @Test
     public void simpleClassCanBeImplemented() throws ClassNotFoundException, InstantiationException, IllegalAccessException {
@@ -161,6 +168,147 @@ public void interfaceMethodCanHaveUnrelatedOverload() throws ClassNotFoundExcept
         assertEquals("checkServerTrusted B", script.getNextMessage());
     }
 
+    // Issue #119
+    @Test
+    public void interfaceHasFieldCanBeImplemented() throws ClassNotFoundException, InstantiationException, IllegalAccessException {
+        loadScript("var HasField = Java.use('re.frida.HasField');" +
+                "var SimpleHasField = Java.registerClass({" +
+                "  name: 're.frida.SimpleHasField'," +
+                "  implements: [HasField]," +
+                "  methods: {" +
+                "    getName: function () {" +
+                "      return 'hasField';" +
+                "    }," +
+                "    getCalories: function (grams) {" +
+                "      return grams * 2;" +
+                "    }," +
+                "  }" +
+                "});" +
+                "Java.use('re.frida.ClassCreationTest').hasFieldClass.value = SimpleHasField.class;");
+        HasField hasField = (HasField) hasFieldClass.newInstance();
+        assertEquals("hasField", hasField.getName());
+        assertEquals(100, hasField.getCalories(50));
+        assertEquals("Field", hasField.field);
+    }
+
+    // Issue #121
+    @Test
+    public void primitiveArrayInterfaceMethodsCanBeImplemented() throws ClassNotFoundException, InstantiationException, IllegalAccessException {
+        loadScript("var PrimitiveArray = Java.use('re.frida.PrimitiveArray');" +
+                "var SimplePrimitiveArray = Java.registerClass({" +
+                "  name: 're.frida.SimplePrimitiveArray'," +
+                "  implements: [PrimitiveArray]," +
+                "  methods: {" +
+                "    getByteArray: [{" +
+                "      returnType: '[B'," +
+                "      argumentTypes: []," +
+                "      implementation: function () {" +
+                "        return [1, 2, 3, 4, 5];" +
+                "      }" +
+                "    }]," +
+                "    setIntArray: function (array, off) {" +
+                "      var s = '';" +
+                "      for (var i = off; i < array.length; i++) s += array[i];" +
+                "      return s;" +
+                "    }," +
+                "  }" +
+                "});" +
+                "Java.use('re.frida.ClassCreationTest').primitiveArrayClass.value = SimplePrimitiveArray.class;");
+        PrimitiveArray primitiveArray = (PrimitiveArray) primitiveArrayClass.newInstance();
+        assertEquals(Arrays.equals(new byte[] { 1, 2, 3, 4, 5 }, primitiveArray.getByteArray()), true);
+        assertEquals("345", primitiveArray.setIntArray(new int[] { 1, 2, 3, 4, 5 }, 2));
+    }
+
+    // Issue #122
+    @Test
+    public void extendingClassCanBeImplemented() throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException {
+        loadScript("const bytes = [];" +
+                "var MyOutputStream = Java.registerClass({" +
+                "  name: 're.frida.MyOutputSteam'," +
+                "  superClass: Java.use('java.io.OutputStream')," +
+                "  methods: {" +
+                "    write: [{" +
+                "      returnType: 'void'," +
+                "      argumentTypes: ['int']," +
+                "      implementation: function (b) {" +
+                "        bytes.push(b);" +
+                "      }" +
+                "    }]," +
+                "    toString: {" +
+                "      returnType: 'java.lang.String'," +
+                "      argumentTypes: []," +
+                "      implementation: function () {" +
+                "        return bytes.join(',');" +
+                "      }" +
+                "    }," +
+                "  }" +
+                "});" +
+                "Java.use('re.frida.ClassCreationTest').myOutputClass.value = MyOutputStream.class;");
+        OutputStream myOutput = (OutputStream) myOutputClass.newInstance();
+        myOutput.write(new byte[] { 1, 2, 3, 4, 5 });
+        assertEquals("1,2,3,4,5", myOutput.toString());
+        myOutput.write(new byte[] { 1, 2, 3, 4, 5 });
+        assertEquals("1,2,3,4,5,1,2,3,4,5", myOutput.toString());
+    }
+
+    // Issue #122
+    @Test
+    public void extendingClassCanInvoekSuperMethod() throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException {
+        loadScript("var SuperClass = Java.use('java.io.ByteArrayOutputStream');" +
+                "var MyOutputStream = Java.registerClass({" +
+                "  name: 're.frida.MyOutputSteamEx'," +
+                "  superClass: SuperClass," +
+                "  methods: {" +
+                "    write: [{" +
+                "      returnType: 'void'," +
+                "      argumentTypes: ['[B', 'int', 'int']," +
+                "      implementation: function (b, off, len) {" +
+                "        this.$super.write(b, off, len);" +
+                "      }" +
+                "    }, {" +
+                "      returnType: 'void'," +
+                "      argumentTypes: ['int']," +
+                "      implementation: function (b) {" +
+                "        this.$super.write(b);" +
+                "      }" +
+                "    }]," +
+                "  }" +
+                "});" +
+                "Java.use('re.frida.ClassCreationTest').myOutputClass.value = MyOutputStream.class;");
+        OutputStream myOutput = (OutputStream) myOutputClass.newInstance();
+        myOutput.write(new byte[] { '1', '2', '3', '4', '5' });
+        assertEquals("12345", myOutput.toString());
+        myOutput.write(new byte[] { '1', '2', '3', '4', '5' });
+        assertEquals("1234512345", myOutput.toString());
+    }
+
+    // Issue #124
+    @Test
+    public void extendInterfaceCanBeImplemented() throws ClassNotFoundException, InstantiationException, IllegalAccessException {
+        loadScript("var Eatable = Java.use('re.frida.Eatable');" +
+                "var EatableEx = Java.use('re.frida.EatableEx');" +
+                "var BananaEx = Java.registerClass({" +
+                "  name: 're.frida.BananaEx'," +
+                "  implements: [EatableEx, Eatable]," +
+                "  methods: {" +
+                "    getName: function () {" +
+                "      return 'Banana';" +
+                "    }," +
+                "    getNameEx: function () {" +
+                "      return 'BananaEx';" +
+                "    }," +
+                "    getCalories: function (grams) {" +
+                "      return grams * 2;" +
+                "    }," +
+                "  }" +
+                "});" +
+                "Java.use('re.frida.ClassCreationTest').bananaClass.value = BananaEx.class;");
+        EatableEx eatable = (EatableEx) bananaClass.newInstance();
+        assertEquals("Banana", eatable.getName());
+        assertEquals("BananaEx", eatable.getNameEx());
+        assertEquals(100, eatable.getCalories(50));
+    }
+
     private Script script = null;
 
     private void loadScript(String code) {
diff --git a/test/re/frida/MethodTest.java b/test/re/frida/MethodTest.java
@@ -173,6 +173,7 @@ public void passingJSStringToReplacementThatThrowsShouldNotCrash() {
         assertEquals("java.lang.IllegalStateException: Already dead: w00t", script.getNextMessage());
     }
 
+    @Test
     public void genericsCanBeUsed() {
         loadScript("var ArrayList = Java.use('java.util.ArrayList');" +
                 "var items = ArrayList.$new();" +
@@ -245,6 +246,15 @@ public void replacementCanBeDoneOnReflection() {
         }
     }
 
+    // Issue #125
+    @Test
+    public void genericArrayTypeShouldConvertToArray() {
+        loadScript("var GenericArray = Java.use('re.frida.GenericArray');" +
+            "var genericArray = GenericArray.getArray();" +
+            "send(Array.isArray(genericArray) + ',' + genericArray.length);");
+        assertEquals("true,2", script.getNextMessage());
+    }
+
     private Script script = null;
 
     private void loadScript(String code) {
@@ -346,3 +356,9 @@ class Reflector {
     public static void reflected() {
     }
 }
+
+class GenericArray {
+    public static Class<?>[] getArray() {
+        return new Class<?>[] { Collider.class, Reflector.class };
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -173,6 +173,7 @@ public void passingJSStringToReplacementThatThrowsShouldNotCrash() {`
`173`	`173`	`assertEquals("java.lang.IllegalStateException: Already dead: w00t", script.getNextMessage());`
`174`	`174`	`}`
`175`	`175`
	`176`	`+ @Test`
`176`	`177`	`public void genericsCanBeUsed() {`
`177`	`178`	`loadScript("var ArrayList = Java.use('java.util.ArrayList');" +`
`178`	`179`	`"var items = ArrayList.$new();" +`
`@@ -245,6 +246,15 @@ public void replacementCanBeDoneOnReflection() {`
`245`	`246`	`}`
`246`	`247`	`}`
`247`	`248`
	`249`	`+ // Issue #125`
	`250`	`+ @Test`
	`251`	`+ public void genericArrayTypeShouldConvertToArray() {`
	`252`	`+ loadScript("var GenericArray = Java.use('re.frida.GenericArray');" +`
	`253`	`+ "var genericArray = GenericArray.getArray();" +`
	`254`	`+ "send(Array.isArray(genericArray) + ',' + genericArray.length);");`
	`255`	`+ assertEquals("true,2", script.getNextMessage());`
	`256`	`+ }`
	`257`	`+`
`248`	`258`	`private Script script = null;`
`249`	`259`
`250`	`260`	`private void loadScript(String code) {`
`@@ -346,3 +356,9 @@ class Reflector {`
`346`	`356`	`public static void reflected() {`
`347`	`357`	`}`
`348`	`358`	`}`
	`359`	`+`
	`360`	`+class GenericArray {`
	`361`	`+ public static Class<?>[] getArray() {`
	`362`	`+ return new Class<?>[] { Collider.class, Reflector.class };`
	`363`	`+ }`
	`364`	`+}`