Intercept and backtrace low level open

2018-07-25 17:18:07 +03:00 · 2018-07-25 17:18:07 +03:00 · 24fc326cf8
commit 24fc326cf8
parent 28911ca3cc
1 changed files with 25 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -1,4 +1,5 @@
 # Contents
+ - [Intercept and backtrace low level open](#intercept-and-backtrace-low-level-open)
 - [Enumerate loaded classes](#enumerate-loaded-classes) 
 - [Java class available methods](#java-class-methods)
 - [Dump iOS class hierarchy](#dump-ios-class-hierarchy) 
@ -18,6 +19,29 @@
 - [Webview URLS](#webview-urls)
 - [TODO list](#todos)

+#### Intercept and backtrace low level open
+```
+Interceptor.attach(Module.findExportByName("/system/lib/libc.so", "open"), {
+	onEnter: function(args) {
+		// debug only the intended calls
+this.flag = false;
+		var filename = Memory.readCString(ptr(args[0]));
+		if (filename.indexOf("epsi") != -1)
+			this.flag = true;
+		if (this.flag) {
+			console.log("file name [ " + Memory.readCString(ptr(args[0])) +
+			    " ]\nBacktrace:" +
+			    Thread.backtrace(this.context, Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join("\n\t")
+			);
+		}
+	},
+	onLeave: function(retval) {
+		if (this.flag)
+			console.warn("\nretval: " + retval);
+	}
+});
+```
+
 #### Enumerate loaded classes
 And save to a file
 ```