From 8658889847aa6f541e854857aeadb60700210f85 Mon Sep 17 00:00:00 2001
From: iddoeldor <iddo.eldor.work@gmail.com>
Date: Wed, 20 Mar 2019 14:52:45 +0200
Subject: [PATCH] android intercept libc#open example

---
 README.md | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 920009d..aeba9fb 100644
--- a/README.md
+++ b/README.md
@@ -67,27 +67,28 @@ An example for intercepting `libc#open` & logging backtrace if specific file was
 
 ```js
 Interceptor.attach(Module.findExportByName("/system/lib/libc.so", "open"), {
-	onEnter: function(args) {
-		// debug only the intended calls
-		this.flag = false;
-		var filename = Memory.readCString(ptr(args[0]));
-		if (filename.indexOf("something") != -1) {
-			this.flag = true;
-			var backtrace = Thread.backtrace(this.context, Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join("\n\t");
-			console.log("file name [ " + Memory.readCString(ptr(args[0])) + " ]\nBacktrace:" + backtrace);
-		}
-	},
-	onLeave: function(retval) {
-		if (this.flag) // passed from onEnter
-			console.warn("\nretval: " + retval);
-	}
+  onEnter: function(args) {
+    this.flag = false;
+    var filename = Memory.readCString(ptr(args[0]));
+    console.log('filename =', filename)
+    if (filename.endsWith(".xml")) {
+      this.flag = true;
+      var backtrace = Thread.backtrace(this.context, Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join("\n\t");
+      console.log("file name [ " + Memory.readCString(ptr(args[0])) + " ]\nBacktrace:" + backtrace);
+    }
+  },
+  onLeave: function(retval) {
+    if (this.flag) // passed from onEnter
+      console.warn("\nretval: " + retval);
+  }
 });
 ```
 
 <details>
 <summary>Output example</summary>
+Intecepting `com.android.chrome`
+![](gif/intercept_open_chrome_android.gif)
 
-TODO
 
 </details>