heibai2006/frida-snippets
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

onetimewatchpoint comment fix

Browse Source
This commit is contained in:
iddoeldor 2019-08-18 12:23:38 +03:00 committed by GitHub
parent d847c76187
commit e7104f2205
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -111,12 +111,11 @@ ab fridadescribe console.log(Object.getOwnPropertyNames(Java.use('$').__proto__)
#### One time watchpoint #### One time watchpoint
For this example I'm intercepting `funcPtr` & I want to know who read/write to `x2` so I remove permissions w/ `mprotect`. Intercept `funcPtr` & log who read/write to `x2` via removing permissions w/ `mprotect`.
```js ```js
Process.setExceptionHandler(function(exp) { Process.setExceptionHandler(function(exp) {
console.warn(JSON.stringify(Object.assign(exp, { _lr: DebugSymbol.fromAddress(exp.context.lr), _pc: DebugSymbol.fromAddress(exp.context.pc) }), null, 2)); console.warn(JSON.stringify(Object.assign(exp, { _lr: DebugSymbol.fromAddress(exp.context.lr), _pc: DebugSymbol.fromAddress(exp.context.pc) }), null, 2));
// can implement a switch case on exp.memory.operation, if read set only 'r--' if write '-w-' etc..
Memory.protect(exp.memory.address, Process.pointerSize, 'rw-'); Memory.protect(exp.memory.address, Process.pointerSize, 'rw-');
// can also use `new NativeFunction(Module.findExportByName(null, 'mprotect'), 'int', ['pointer', 'uint', 'int'])(parseInt(this.context.x2), 2, 0)` // can also use `new NativeFunction(Module.findExportByName(null, 'mprotect'), 'int', ['pointer', 'uint', 'int'])(parseInt(this.context.x2), 2, 0)`
return true; // goto PC return true; // goto PC