heibai2006/frida-snippets
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

intercept read from file descriptor

Browse Source
This commit is contained in:
iddoeldor 2019-09-02 16:33:07 +03:00 committed by GitHub
parent e7104f2205
commit d29c03d36a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
README.md
View File

@ -260,6 +260,36 @@ Interceptor.attach(Module.findExportByName("/system/lib/libc.so", "open"), {
}); });
``` ```
```js
var fds = {};
Interceptor.attach(Module.findExportByName(null, 'open'), {
onEnter: function (args) {
var fname = args[0].readCString();
if (fname.endsWith('.jar')) {
console.log('open: ' + fname);
this.flag = true;
this.fname = fname;
}
},
onLeave: function (retval) {
if (this.flag) {
fds[retval] = this.fname;
console.warn(retval);
}
}
});
Interceptor.attach(Module.findExportByName(null, 'read'), {
onEnter: function (args) {
var fd = args[0];
if (fd in fds) {
console.log('read: ' + fds[fd]);
console.warn(Thread.backtrace(this.context, Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join('\n'));
}
}
});
```
<details> <details>
<summary>Output example</summary> <summary>Output example</summary>
Intecepting `com.android.chrome` Intecepting `com.android.chrome`