Last active
August 29, 2020 09:24
-
-
Save SimonTheCoder/f1966143d395fe06ac61c5efcf815fcb to your computer and use it in GitHub Desktop.
Trace libc open function using Frida.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var target_fn = "open" | |
| //target module can be set to null, but it will cause lower speed. | |
| var target_module = "libc.so" | |
| var callback_obj = | |
| { | |
| onEnter: function (args) { | |
| var path = Memory.readUtf8String(args[0]); | |
| path = path.replace("\n",""); | |
| console.log("Path:" + path + "\t\t Flag:"+args[1]) | |
| }, | |
| onLeave: function (retval) { | |
| } | |
| } | |
| { | |
| var target_addr = Module.findExportByName(target_module,target_fn); | |
| Interceptor.attach(target_addr, callback_obj); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment