Created
March 9, 2018 17:51
-
-
Save awakened1712/b68d9cdbd43e474812b9a3fec732d738 to your computer and use it in GitHub Desktop.
Frida spawn Android app + hook native function
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import frida, sys | |
ss = """ | |
Interceptor.attach(Module.findExportByName(null, "dlopen"), { | |
onEnter: function (args) { | |
this.path = Memory.readUtf8String(args[0]); | |
}, | |
onLeave: function (retval) { | |
if(!retval.isNull() && this.path.includes('libtest.so')) { | |
var fstatat = resolveAddress('libtest.so', '0x0', '0x17FEB5'); | |
Interceptor.attach(fstatat, { | |
onEnter: function (args) { | |
var p1 = Memory.readUtf8String(args[1]); | |
Memory.writeUtf8String(args[1], "/empty"); | |
}, | |
onLeave: function (retval) { | |
} | |
}); | |
} | |
} | |
}); | |
function resolveAddress(name, idaBase, idaAddr) { | |
var baseAddr = Module.findBaseAddress(name); | |
console.log('[+] BaseAddr of ' + name + ': ' + baseAddr); | |
// Calculate offset in memory from base address in IDA database | |
var offset = ptr(idaAddr).sub(idaBase); | |
// Add current memory base address to offset of function to monitor | |
var result = baseAddr.add(offset); | |
// Write location of function in memory to console | |
console.log('[+] Address in memory: ' + result); | |
return result; | |
} | |
""" | |
device = frida.get_usb_device(timeout=1) | |
pid = device.spawn(["com.example.test"]) | |
session = device.attach(pid) | |
script = session.create_script(ss) | |
script.load() | |
device.resume(pid) | |
sys.stdin.read() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
please explain
Calculate offset in memory from base address in IDA database
?