/data/lib/libart.sonm libart.so |grep OpenMemory

Android7.1.2_ZN3art7DexFile10OpenMemoryEPKhjRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEjPNS_6MemMapEPKNS_10OatDexFileEPS9_
Android9.0_ZN3art7DexFile10OpenMemoryERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEjPNS_6MemMapEPS7_

Interceptor.attach(Module.findExportByName("libart.so", "_ZN3art7DexFile10OpenMemoryEPKhjRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEjPNS_6MemMapEPKNS_10OatDexFileEPS9_"), {    onEnter: function (args) {
        //dex起始位置        var begin = args[1]                 //修改一下dex起始位置var begin = this.context.x0
        //打印magic        console.log("magic : " + Memory.readUtf8String(begin))        //dex fileSize地址        var address = parseInt(begin,16) + 0x20        //dex 大小        var dex_size = Memory.readInt(ptr(address))
        console.log("dex_size :" + dex_size)        //dump dex到/sdcard/目录下        var file = new File("/sdcard/xxx.xxx.xxx/" + dex_size + ".dex", "wb")        file.write(Memory.readByteArray(begin, dex_size))        file.flush()        file.close()    },    onLeave: function (retval) {        if (retval.toInt32() > 0) {            /* do something */        }    }});

/data/lib/libart.sonm libart.so |grep OpenCommon

Android8.1.0(方法的签名)_ZN3art7DexFile10OpenCommonEPKhmRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEjPKNS_10OatDexFileEbbPS9_PNS0_12VerifyResultE
Android9.0(方法的签名)_ZN3art13DexFileLoader10OpenCommonEPKhjS2_jRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEjPKNS_10OatDexFileEbbPS9_NS3_10unique_ptrINS_16DexFileContainerENS3_14default_deleteISH_EEEEPNS0_12VerifyResultE

nm libdexfile.so |grep OpenCommon

Android10libdexfile.so/apex/com.android.runtime/lib/libdexfile.so/apex/com.android.runtime/lib64/libdexfile.so_ZN3art13DexFileLoader10OpenCommonEPKhjS2_jRKNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEjPKNS_10OatDexFileEbbPS9_NS3_10unique_ptrINS_16DexFileContainerENS3_14default_deleteISH_EEEEPNS0_12VerifyResultE

https://github.com/chzphoenix/frida-unpackhttps://www.cnblogs.com/wuxianyu/p/14274667.html