Created
March 24, 2019 13:05
-
-
Save FrankSpierings/f66c55ecc550039fd90666d469867ae7 to your computer and use it in GitHub Desktop.
Ghidra Plugin - Generate Frida Hooks - Requires Oneshot Decompiler Parameter ID
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #TODO write a description for this script | |
| #@author | |
| #@category _NEW_ | |
| #@keybinding | |
| #@menupath | |
| #@toolbar | |
| #TODO Add User Code Here | |
| def getFunctions(): | |
| functions = [] | |
| function = getFirstFunction() | |
| while function is not None: | |
| functions.append(function) | |
| function = getFunctionAfter(function) | |
| return functions | |
| def generatehook(f): | |
| conf = { | |
| 'binname': currentProgram.getName(), | |
| 'name':f.name, | |
| 'offset':hex(f.getEntryPoint().offset - currentProgram.getImageBase().offset).rstrip('L'), | |
| 'address':hex(f.getEntryPoint().offset).rstrip('L'), | |
| 'symbolsource':f.getSymbol().getSource(), | |
| 'prototype': '' | |
| } | |
| conf['prototype'] = '{name}("'.format(**conf) | |
| for i in range(f.getParameterCount()): | |
| conf['prototype'] += ' + args[{0}]'.format(i) | |
| if (i+1) < f.getParameterCount(): | |
| conf['prototype'] += ' + ", "' | |
| conf['prototype'] += ' + ")' | |
| hook = ''' | |
| //Hook function {name} @ {address} | |
| Interceptor.attach(Module.findBaseAddress('{binname}').add(ptr({offset})), {{ | |
| onEnter: function(args) {{ | |
| console.log("=> {prototype}"); | |
| }}, | |
| onLeave: function(result) {{ | |
| console.log("{name}() => " + result); | |
| }} | |
| }}); | |
| '''.format(**conf) | |
| return hook | |
| for i in getFunctions(): | |
| print(generatehook(i)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment