heibai2006/frida-snippets
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add doc & execution example

Browse Source
This commit is contained in:
Iddo 2018-06-05 11:50:18 +03:00 committed by GitHub
parent 8bc9bfd8eb
commit 6163d71237
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
print_native_method_arguments.py
View File

@ -73,6 +73,15 @@ def get_js_script(method, module_id):
def main(app_id, module_id, method): def main(app_id, module_id, method):
"""
$ python3.x+ script.py --method SomeClass::someMethod --app com.company.app --module libfoo.so
:param app_id: application identifier / bundle id
:param module_id: shared object identifier / known suffix, will iterate loaded modules (@see dlopen)
:param method: method/symbol name
:return: hook native method and print arguments when invoked
"""
# TODO extract all app's modules via `adb shell -c 'ls -lR /data/app/' + app_if + '*' | grep "\.so"`
nm_stdout = list_symbols_from_object_files(module_id) nm_stdout = list_symbols_from_object_files(module_id)
symbols = [] symbols = []
@ -122,17 +131,15 @@ if __name__ == '__main__':
""" """
Symbol Type Table: Symbol Type Table:
"A" The symbol's value is absolute, and will not be changed by further linking. "A" The symbol's value is absolute, and will not be changed by further linking.
"B" The symbol is in the uninitialized data section (known as BSS). "B" The symbol is in the uninitialized data section (known as BSS).
"C" The symbol is common. Common symbols are uninitialized data. "C" The symbol is common. Common symbols are uninitialized data.
When linking, multiple common symbols may appear with the same When linking, multiple common symbols may appear with the same name.
name. If the symbol is defined anywhere, the common symbols If the symbol is defined anywhere, the common symbols are treated as undefined references.
are treated as undefined references.
"D" The symbol is in the initialized data section. "D" The symbol is in the initialized data section.
"G" The symbol is in an initialized data section for small objects. "G" The symbol is in an initialized data section for small objects.
Some object file formats permit more efficient access to small Some object file formats permit more efficient access to small data objects, such as a global int variable as
data objects, such as a global int variable as opposed to a opposed to a large global array.
large global array.
"I" The symbol is an indirect reference to another symbol. "I" The symbol is an indirect reference to another symbol.
This is a GNU extension to the a.out object file format which is rarely used. This is a GNU extension to the a.out object file format which is rarely used.
"N" The symbol is a debugging symbol. "N" The symbol is a debugging symbol.
@ -140,22 +147,18 @@ Symbol Type Table:
"S" The symbol is in an uninitialized data section for small objects. "S" The symbol is in an uninitialized data section for small objects.
"T" The symbol is in the text (code) section. "T" The symbol is in the text (code) section.
"U" The symbol is undefined. "U" The symbol is undefined.
"V" The symbol is a weak object. When a weak defined symbol is "V" The symbol is a weak object. When a weak defined symbol is linked with a normal defined symbol,
linked with a normal defined symbol, the normal defined symbol the normal defined symbol is used with no error.
is used with no error. When a weak undefined symbol is linked When a weak undefined symbol is linked and the symbol is not defined, the value of the weak symbol becomes
and the symbol is not defined, the value of the weak symbol zero with no error.
becomes zero with no error. "W" The symbol is a weak symbol that has not been specifically tagged as a weak object symbol.
"W" The symbol is a weak symbol that has not been specifically When a weak defined symbol is linked with a normal defined symbol,
tagged as a weak object symbol. When a weak defined symbol is the normal defined symbol is used with no error.
linked with a normal defined symbol, the normal defined symbol When a weak undefined symbol is linked and the symbol is not defined, the value of the symbol is determined
is used with no error. When a weak undefined symbol is linked in a system-specific manner without error.
and the symbol is not defined, the value of the symbol is On some systems, uppercase indicates that a default value has been specified.
determined in a system-specific manner without error. On some "-" The symbol is a stabs symbol in an a.out object file.
systems, uppercase indicates that a default value has been In this case, the next values printed are the stabs other field, the stabs desc field, and the stab type.
specified. Stabs symbols are used to hold debugging information.
"-" The symbol is a stabs symbol in an a.out object file. In this
case, the next values printed are the stabs other field, the
stabs desc field, and the stab type. Stabs symbols are used to
hold debugging information.
"?" The symbol type is unknown, or object file format specific. "?" The symbol type is unknown, or object file format specific.
""" """