var kModuleName = 'library.so';
var _module = Process.findModuleByName(kModuleName);
var _module_end = _module.base.add(_module.size);
var o = 0xFF537;
Interceptor.attach(base.add(o),{
onEnter: function (args) {
console.log(o.toString(16), this.context.x0.readPointer().readCString())
this.tid = Process.getCurrentThreadId();
Stalker.follow({
events: { call: true },
transform: function (iterator) {
var instruction;
while ((instruction = iterator.next()) !== null) {
iterator.keep();
if (instruction.address > _module.base && instruction.address < _module_end && instruction.groups.length > 0 /* && instruction.groups.includes('jump') */ )
{
// console.log(ptr(instruction.address).sub(base), instruction.toString());
send(ptr(instruction.address).sub(base) + ':' + instruction.toString());
}
}
}
})
},
onLeave: function (ret) {
Stalker.unfollow(this.tid);
Stalker.garbageCollect();
}
})#!/usr/bin/python
import os, sys, frida
f = open(os.environ['FRIDA_LOG'], 'w')
def on_message(msg, data):
f.write(msg['payload']+'\n')
print(msg['payload'])
device = frida.enumerate_devices()[3]
pid = device.spawn(["com.app"])
session = device.attach(pid)
script = session.create_script(open('script.js', 'r').read(), runtime='v8')
script.on('message', on_message)
script.load()
device.resume(pid)
sys.stdin.read()
f.close()cat $FRIDA_LOG | cut -d: -f1 | paste -sd, - | xclip -sel clip -i
# IDA < 7.4 : pip2 install "sark<7.4"
# IDA > 7.4 & Py3 : pip3 install sark
import sark
for addr in [0xa38958,0xef68b4,0x45a210,...]:
sark.CodeBlock(addr).color = 0x000000ff
