heibai2006/frida-snippets
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Intercept and backtrace low level open

Browse Source
This commit is contained in:
iddoeldor 2018-07-25 17:18:07 +03:00 committed by GitHub
parent 28911ca3cc
commit 24fc326cf8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -1,4 +1,5 @@
# Contents # Contents
- [Intercept and backtrace low level open](#intercept-and-backtrace-low-level-open)
- [Enumerate loaded classes](#enumerate-loaded-classes) - [Enumerate loaded classes](#enumerate-loaded-classes)
- [Java class available methods](#java-class-methods) - [Java class available methods](#java-class-methods)
- [Dump iOS class hierarchy](#dump-ios-class-hierarchy) - [Dump iOS class hierarchy](#dump-ios-class-hierarchy)
@ -17,7 +18,30 @@
- [File access](#file-access) - [File access](#file-access)
- [Webview URLS](#webview-urls) - [Webview URLS](#webview-urls)
- [TODO list](#todos) - [TODO list](#todos)
#### Intercept and backtrace low level open
```
Interceptor.attach(Module.findExportByName("/system/lib/libc.so", "open"), {
onEnter: function(args) {
// debug only the intended calls
this.flag = false;
var filename = Memory.readCString(ptr(args[0]));
if (filename.indexOf("epsi") != -1)
this.flag = true;
if (this.flag) {
console.log("file name [ " + Memory.readCString(ptr(args[0])) +
" ]\nBacktrace:" +
Thread.backtrace(this.context, Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join("\n\t")
);
}
},
onLeave: function(retval) {
if (this.flag)
console.warn("\nretval: " + retval);
}
});
```
#### Enumerate loaded classes #### Enumerate loaded classes
And save to a file And save to a file
``` ```