andrewpedia · September 12, 2020 03:13
diff --git a/hook_native.py b/hook_native.py
 import frida, sys

 ss = """
 Interceptor.attach(Module.findExportByName(null, "dlopen"), {
    onEnter: function (args) {
        this.path = Memory.readUtf8String(args[0]);
    },
    onLeave: function (retval) {
        if(!retval.isNull() && this.path.includes('libtest.so')) {
            var fstatat = resolveAddress('libtest.so', '0x0', '0x17FEB5');
            Interceptor.attach(fstatat, {
                onEnter: function (args) {
                    var p1 = Memory.readUtf8String(args[1]);
                    Memory.writeUtf8String(args[1], "/empty");
                },
                onLeave: function (retval) {
                }
            });
        }
    }
 });
 function resolveAddress(name, idaBase, idaAddr) {
    var baseAddr = Module.findBaseAddress(name);
    console.log('[+] BaseAddr of ' + name + ': ' + baseAddr);
      
    // Calculate offset in memory from base address in IDA database
    var offset = ptr(idaAddr).sub(idaBase);
      
    // Add current memory base address to offset of function to monitor
    var result = baseAddr.add(offset);
      
    // Write location of function in memory to console
    console.log('[+] Address in memory: ' + result);
    return result;
 }
 """
 device = frida.get_usb_device(timeout=1)
 pid = device.spawn(["com.example.test"])
 session = device.attach(pid)
 script = session.create_script(ss)
 script.load()
 device.resume(pid)
 sys.stdin.read()
	import frida, sys

	ss = """
	Interceptor.attach(Module.findExportByName(null, "dlopen"), {
	onEnter: function (args) {
	this.path = Memory.readUtf8String(args[0]);
	},
	onLeave: function (retval) {
	if(!retval.isNull() && this.path.includes('libtest.so')) {
	var fstatat = resolveAddress('libtest.so', '0x0', '0x17FEB5');
	Interceptor.attach(fstatat, {
	onEnter: function (args) {
	var p1 = Memory.readUtf8String(args[1]);
	Memory.writeUtf8String(args[1], "/empty");
	},
	onLeave: function (retval) {
	}
	});
	}
	}
	});
	function resolveAddress(name, idaBase, idaAddr) {
	var baseAddr = Module.findBaseAddress(name);
	console.log('[+] BaseAddr of ' + name + ': ' + baseAddr);

	// Calculate offset in memory from base address in IDA database
	var offset = ptr(idaAddr).sub(idaBase);

	// Add current memory base address to offset of function to monitor
	var result = baseAddr.add(offset);

	// Write location of function in memory to console
	console.log('[+] Address in memory: ' + result);
	return result;
	}
	"""
	device = frida.get_usb_device(timeout=1)
	pid = device.spawn(["com.example.test"])
	session = device.attach(pid)
	script = session.create_script(ss)
	script.load()
	device.resume(pid)
	sys.stdin.read()