heibai2006/frida-snippets
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

OTW explicit description

Browse Source
This commit is contained in:
iddoeldor 2019-05-21 22:07:20 +03:00 committed by GitHub
parent ff6fbe14c7
commit d8583ccf28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -5,7 +5,7 @@
<details> <details>
<summary>Native</summary> <summary>Native</summary>
* [`Watchpoint`](#watchpoint) * [`One time watchpoint`](#one-time-watchpoint)
* [`Socket activity`](#socket-activity) * [`Socket activity`](#socket-activity)
* [`Intercept open`](#intercept-open) * [`Intercept open`](#intercept-open)
* [`Execute shell command`](#execute-shell-command) * [`Execute shell command`](#execute-shell-command)
@ -68,7 +68,7 @@
<hr /> <hr />
#### Watchpoint #### One time watchpoint
For this example I'm intercepting `funcPtr` & I want to know who read/write to `x2` so I remove permissions w/ `mprotect`. For this example I'm intercepting `funcPtr` & I want to know who read/write to `x2` so I remove permissions w/ `mprotect`.
@ -77,6 +77,8 @@ Process.setExceptionHandler(function(exp) {
console.warn(JSON.stringify(exp, null, 2)); console.warn(JSON.stringify(exp, null, 2));
// can implement a switch case on exp.memory.operation, if read set only 'r--' if write '-w-' etc.. // can implement a switch case on exp.memory.operation, if read set only 'r--' if write '-w-' etc..
Memory.protect(exp.memory.address, Process.pointerSize, 'rw-'); Memory.protect(exp.memory.address, Process.pointerSize, 'rw-');
// can also use `new NativeFunction(Module.findExportByName(null, 'mprotect'), 'int', ['pointer', 'uint', 'int'])(parseInt(this.context.x2), 2, 0)`
return true; return true;
}); });