DoranekoSystems/enumsymbol.js

## enumsymbol.js
//frida -l enumsymbol.js CalculatorApp.exe
function dump(pointer, length) {
  var buf = Memory.readByteArray(pointer, length);
  console.log(
    hexdump(buf, {
      offset: 0,
      length: length,
      header: true,
      ansi: true,
    })
  );
}

var GetCurrentProcessPtr = Module.findExportByName(null, 'GetCurrentProcess');
var GetCurrentProcess = new NativeFunction(GetCurrentProcessPtr, 'int', []);
var SymInitializePtr = Module.findExportByName(null, 'SymInitialize');
var SymInitialize = new NativeFunction(SymInitializePtr, 'int', ['int', 'int', 'int']);
var SymCleanupPtr = Module.findExportByName(null, 'SymCleanup');
var SymCleanup = new NativeFunction(SymCleanupPtr, 'int', ['int']);
var SymLoadModule64Ptr = Module.findExportByName(null, 'SymLoadModule64');
var SymLoadModule64 = new NativeFunction(SymLoadModule64Ptr, 'uint64', [
  'int',
  'pointer',
  'pointer',
  'pointer',
  'int',
  'int',
]);
var SymEnumSymbolsPtr = Module.findExportByName(null, 'SymEnumSymbols');
var SymEnumSymbols = new NativeFunction(SymEnumSymbolsPtr, 'int', [
  'int',
  'uint64',
  'pointer',
  'pointer',
  'pointer',
]);

function enumSymbolFromModule(modulename) {
  var EnumSymProc = new NativeCallback(
    (pSymInfo, SymbolSize, UserContext) => {
      var baseaddress = parseInt(pSymInfo.add(0x38).readU64()) - BaseOfDll;
      var name = pSymInfo.add(0x54).readUtf8String();
      console.log(baseaddress.toString(16) + ':' + name);
      return 1;
    },
    'int',
    ['pointer', 'uint32', 'pointer']
  );
  var hProcess = GetCurrentProcess();
  var BaseOfDll;
  var Mask = Memory.allocUtf8String('*');
  var _status;

  _status = SymInitialize(hProcess, 0, 0);
  if (_status == 0) {
    return;
  }

  var path = Process.getModuleByName(modulename).path;
  BaseOfDll = SymLoadModule64(hProcess, ptr(0), Memory.allocUtf8String(path), ptr(0), 0, 0);
  if (BaseOfDll == 0) {
    console.log('SymInitialize Error!');
    SymCleanup(hProcess);
    return;
  }

  if (SymEnumSymbols(hProcess, BaseOfDll, Mask, EnumSymProc, ptr(0))) {
    //console.log('SymEnumSymbols succeeded');
  } else {
    // SymEnumSymbols failed
    console.log('SymEnumSymbols failed: %d\n');
    return;
  }

  SymCleanup(hProcess);
}

enumSymbolFromModule('kernel32.dll');
	//frida -l enumsymbol.js CalculatorApp.exe
	function dump(pointer, length) {
	var buf = Memory.readByteArray(pointer, length);
	console.log(
	hexdump(buf, {
	offset: 0,
	length: length,
	header: true,
	ansi: true,
	})
	);
	}

	var GetCurrentProcessPtr = Module.findExportByName(null, 'GetCurrentProcess');
	var GetCurrentProcess = new NativeFunction(GetCurrentProcessPtr, 'int', []);
	var SymInitializePtr = Module.findExportByName(null, 'SymInitialize');
	var SymInitialize = new NativeFunction(SymInitializePtr, 'int', ['int', 'int', 'int']);
	var SymCleanupPtr = Module.findExportByName(null, 'SymCleanup');
	var SymCleanup = new NativeFunction(SymCleanupPtr, 'int', ['int']);
	var SymLoadModule64Ptr = Module.findExportByName(null, 'SymLoadModule64');
	var SymLoadModule64 = new NativeFunction(SymLoadModule64Ptr, 'uint64', [
	'int',
	'pointer',
	'pointer',
	'pointer',
	'int',
	'int',
	]);
	var SymEnumSymbolsPtr = Module.findExportByName(null, 'SymEnumSymbols');
	var SymEnumSymbols = new NativeFunction(SymEnumSymbolsPtr, 'int', [
	'int',
	'uint64',
	'pointer',
	'pointer',
	'pointer',
	]);

	function enumSymbolFromModule(modulename) {
	var EnumSymProc = new NativeCallback(
	(pSymInfo, SymbolSize, UserContext) => {
	var baseaddress = parseInt(pSymInfo.add(0x38).readU64()) - BaseOfDll;
	var name = pSymInfo.add(0x54).readUtf8String();
	console.log(baseaddress.toString(16) + ':' + name);
	return 1;
	},
	'int',
	['pointer', 'uint32', 'pointer']
	);
	var hProcess = GetCurrentProcess();
	var BaseOfDll;
	var Mask = Memory.allocUtf8String('*');
	var _status;

	_status = SymInitialize(hProcess, 0, 0);
	if (_status == 0) {
	return;
	}

	var path = Process.getModuleByName(modulename).path;
	BaseOfDll = SymLoadModule64(hProcess, ptr(0), Memory.allocUtf8String(path), ptr(0), 0, 0);
	if (BaseOfDll == 0) {
	console.log('SymInitialize Error!');
	SymCleanup(hProcess);
	return;
	}

	if (SymEnumSymbols(hProcess, BaseOfDll, Mask, EnumSymProc, ptr(0))) {
	//console.log('SymEnumSymbols succeeded');
	} else {
	// SymEnumSymbols failed
	console.log('SymEnumSymbols failed: %d\n');
	return;
	}

	SymCleanup(hProcess);
	}

	enumSymbolFromModule('kernel32.dll');