android intercept libc#open example

2019-03-20 14:52:45 +02:00 · 2019-03-20 14:52:45 +02:00 · 8658889847
commit 8658889847
parent 7208fc7793
1 changed files with 16 additions and 15 deletions
--- a/README.md
+++ b/README.md
@ -67,27 +67,28 @@ An example for intercepting `libc#open` & logging backtrace if specific file was
 ```js
 Interceptor.attach(Module.findExportByName("/system/lib/libc.so", "open"), {
-	onEnter: function(args) {
+  onEnter: function(args) {
-		// debug only the intended calls
+    this.flag = false;
-		this.flag = false;
+    var filename = Memory.readCString(ptr(args[0]));
-		var filename = Memory.readCString(ptr(args[0]));
+    console.log('filename =', filename)
-		if (filename.indexOf("something") != -1) {
+    if (filename.endsWith(".xml")) {
-			this.flag = true;
+      this.flag = true;
-			var backtrace = Thread.backtrace(this.context, Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join("\n\t");
+      var backtrace = Thread.backtrace(this.context, Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join("\n\t");
-			console.log("file name [ " + Memory.readCString(ptr(args[0])) + " ]\nBacktrace:" + backtrace);
+      console.log("file name [ " + Memory.readCString(ptr(args[0])) + " ]\nBacktrace:" + backtrace);
-		}
+    }
-	},
+  },
-	onLeave: function(retval) {
+  onLeave: function(retval) {
-		if (this.flag) // passed from onEnter
+    if (this.flag) // passed from onEnter
-			console.warn("\nretval: " + retval);
+      console.warn("\nretval: " + retval);
-	}
+  }
 });
 ```
 <details>
 <summary>Output example</summary>
 Intecepting `com.android.chrome`
 ![](gif/intercept_open_chrome_android.gif)
 TODO
 </details>