heibai2006/frida-snippets
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

watchpoint refactoring

Browse Source
This commit is contained in:
iddoeldor 2019-05-21 19:15:49 +03:00 committed by GitHub
parent c61a477a7c
commit ff6fbe14c7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 63 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
README.md
View File

@ -74,14 +74,19 @@ For this example I'm intercepting `funcPtr` & I want to know who read/write to `
```js ```js
Process.setExceptionHandler(function(exp) { Process.setExceptionHandler(function(exp) {
console.error('[!]', JSON.stringify(exp)); console.warn(JSON.stringify(exp, null, 2));
// can implement a switch case on exp.memory.operation, if read set only 'r--' if write '-w-' etc..
Memory.protect(exp.memory.address, Process.pointerSize, 'rw-');
return true; return true;
}); });
Interceptor.attach(funcPtr, { Interceptor.attach(funcPtr, {
onEnter: function (args) { onEnter: function (args) {
console.log('onEnter', this.context.x2); console.log('onEnter', JSON.stringify({
Memory.protect(this.context.x2, Process.pointerSize, '---'); x2: this.context.x2,
mprotect_ret: Memory.protect(this.context.x2, 2, '---'),
errno: this.errno
}, null, 2));
}, },
onLeave: function (retval) { onLeave: function (retval) {
console.log('onLeave'); console.log('onLeave');
@ -91,7 +96,61 @@ Interceptor.attach(funcPtr, {
<details> <details>
<summary>Output example</summary> <summary>Output example</summary>
TODO
```
[iOS Device::com.app]-> onEnter {
"x2": "0x1c145c6e0",
"mprotect_ret": true,
"errno": 2
}
{
"type": "access-violation",
"address": "0x1853b0198",
"memory": {
"operation": "read",
"address": "0x1c145c6e0"
},
"context": {
"lr": "0x100453358",
"fp": "0x16fb2e860",
"x28": "0x0",
"x27": "0x0",
"x26": "0x104312600",
"x25": "0x0",
"x24": "0x0",
"x23": "0x0",
"x22": "0x0",
"x21": "0xb000000422bbda03",
"x20": "0x1c4a22560",
"x19": "0xb000000422bbda03",
"x18": "0x0",
"x17": "0x100d25290",
"x16": "0x1853b0190",
"x15": "0x0",
"x14": "0x5",
"x13": "0xe5a1c4119597",
"x12": "0x10e80ca30",
"x11": "0x180000003f",
"x10": "0x10e80ca00",
"x9": "0x1020ad7c3",
"x8": "0x0",
"x7": "0x0",
"x6": "0x0",
"x5": "0x0",
"x4": "0xb000000422bbda03",
"x3": "0x1c4a22560",
"x2": "0x1c145c6e0",
"x1": "0x1020ad7c3",
"x0": "0x1c145c6e0",
"sp": "0x16fb2e790",
"pc": "0x1853b0198"
},
"nativeContext": "0x16fc42b24"
}
onLeave
```
</details> </details>
<br>[⬆ Back to top](#table-of-contents) <br>[⬆ Back to top](#table-of-contents)