[原创] frida常用检测点及其原理–一把梭方案 | 宜武汇-ag真人国际厅网站

function replace_str() {

    var pt_strstr = module.findexportbyname("libc.so", 'strstr');

    var pt_strcmp = module.findexportbyname("libc.so", 'strcmp');

 

    interceptor.attach(pt_strstr, {

        onenter: function (args) {

            var str1 = args[0].readcstring();

            var str2 = args[1].readcstring();

            if (

                str2.indexof("reject") !== -1 ||

                str2.indexof("tmp") !== -1 ||

                str2.indexof("frida") !== -1 ||

                str2.indexof("gum-js-loop") !== -1 ||

                str2.indexof("gmain") !== -1 ||

                str2.indexof("linjector") !== -1

            ) {

                console.log("strstr-->", str1, str2);

                this.hook = true;

            }

        }, onleave: function (retval) {

            if (this.hook) {

                retval.replace(0);

            }

        }

    });

 

    interceptor.attach(pt_strcmp, {

        onenter: function (args) {

            var str1 = args[0].readcstring();

            var str2 = args[1].readcstring();

            if (

                str2.indexof("reject") !== -1 ||

                str2.indexof("tmp") !== -1 ||

                str2.indexof("frida") !== -1 ||

                str2.indexof("gum-js-loop") !== -1 ||

                str2.indexof("gmain") !== -1 ||

                str2.indexof("linjector") !== -1

            ) {

                //console.log("strcmp-->", str1, str2);

                this.hook = true;

            }

        }, onleave: function (retval) {

            if (this.hook) {

                retval.replace(0);

            }

        }

    })

 

 

replace_str();

原文链接:https://bbs.kanxue.com/thread-278145.htm

网络摘文,本文作者:15h,如若转载,请注明出处:https://www.15cov.cn/2023/08/27/原创-frida常用检测点及其原理-一把梭方案/

发表评论

邮箱地址不会被公开。 必填项已用*标注

网站地图