在分析一款app
想frida主动调用函数，里面addAllYr需要传递一个数组进去

如下是getRandomNumList反编译源码

一开始采用的如下代码

const arr = Java.use("java.util.ArrayList")
const arr2 = arr.$new()
arr2.add(2)
arr2.add(1)
console.log(arr2)
console.log(addAllYr.newBuilder().setMj(74145).addAllYr(arr2))

发现报错

把主动调用代码删掉之后还是报错，我意识到是add()的问题，
我还不死心的hook了这两个重载

// arr.add.overload('int', 'java.lang.Object').implementation = function(i, o){
//     console.log("in here ----1", "i:", i, "o:", o)
//     return this.add(i, o)
// }
// arr.add.overload('java.lang.Object').implementation = function(o){
//     console.log("in here ----1")
//     return this.add(o)

// for (var i=0;i<arrlist.length;i++){
//     arr2.add(i, arrlist[i])
// } 

解决方法

需要在new一个Integer类
注意下面的$符号，详情看照片

const arr = Java.use("java.util.ArrayList")
const integer = Java.use('java.lang.Integer').new(1)
const arr2 = arr.new()
arr2.add(integer)
arr2.add(integer)
console.log(arr2)

扩展

我查阅过frida官方api，发现里面有这么一个方法

Java.array(type, elements): 
creates a Java array with elements of the specified type, 
from a JavaScript array elements. 
The resulting Java array behaves like a JS array,
but can be passed by reference to Java APIs 
in order to allow them to modify its contents.

我用这个方法进行传参也会报错

主动调用
{'type': 'error', 'description': "Error: addAllYr(): argument types do not match any of:\n\t.overload('java.lang.Iterable')", 'stack': "Error: addAllYr(): argument types do not match any of:\n\t.overload('java.lang.Iterable')\n    at X (frida/node_modules/frida-java-bridge/lib/class-factory.js:563)\n    at value (frida/node_modules/frida-java-bridge/lib/class-factory.js:967)\n    at e (frida/node_modules/frida-java-bridge/lib/class-factory.js:547)\n    at <anonymous> (/script1.js:120)\n    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)\n    at _performPendingVmOps (frida/node_modules/frida-java-bridge/index.js:238)\n
at <anonymous> (frida/node_modules/frida-java-bridge/index.js:213)\n
at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)\n
at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:232)\n    at perform (frida/node_modules/frida-java-bridge/index.js:192)\n    at test (/script1.js:125)\n    at apply (native)\n    at <anonymous> (frida/runtime/core.js:51)", 'fileName': 'frida/node_modules/frida-java-bridge/lib/class-factory.js', 'lineNumber': 563, 'columnNumber': 1}

参考文献

[1] stackooverflow: frida: Error: a(): argument types do not match any of: overload(‘int’, ‘int’, ‘long’, ‘java.lang.String’, ‘java.lang.Object’)
[2] 无涯教程： Javascript – 使用 Frida 重载函数时从列表中删除元素
[3] bilibili: 主动调用
[4] FRIDA官方文档