aemmitt-ns/svc_hook.js

## svc_hook.js
const module = Process.getModuleByName("app_name");
const syscallbytes = "011000d4c0035fd6" // svc 0x80; ret;

Process.setExceptionHandler((e) => {
    if (e.type == "breakpoint") {
        // do stuff here
        e.context.pc = e.context.pc.add(4); // advance to after bp
        return true;
    } else {
        return false;
    }
});

module.enumerateRanges("r-x").forEach(r => {
    Memory.scanSync(r.base, r.size, syscallbytes).forEach(hit => {
        if (hit.address.and(3).isNull()) { // check alignment
            Memory.patchCode(hit.address, 0x400, code => {
                const writer = new Arm64Writer(code, {pc: hit.address});
                writer.putMovRegReg("x9", "x1");
                writer.putMovRegReg("x10", "x0");
                writer.putInstruction(0xd4001001);
                writer.putBrkImm(3); // insert breakpoint
                writer.putRet();
                writer.flush();
            });
            //console.log(hexdump(hit.address));
        }
    });
});
	const module = Process.getModuleByName("app_name");
	const syscallbytes = "011000d4c0035fd6" // svc 0x80; ret;

	Process.setExceptionHandler((e) => {
	if (e.type == "breakpoint") {
	// do stuff here
	e.context.pc = e.context.pc.add(4); // advance to after bp
	return true;
	} else {
	return false;
	}
	});

	module.enumerateRanges("r-x").forEach(r => {
	Memory.scanSync(r.base, r.size, syscallbytes).forEach(hit => {
	if (hit.address.and(3).isNull()) { // check alignment
	Memory.patchCode(hit.address, 0x400, code => {
	const writer = new Arm64Writer(code, {pc: hit.address});
	writer.putMovRegReg("x9", "x1");
	writer.putMovRegReg("x10", "x0");
	writer.putInstruction(0xd4001001);
	writer.putBrkImm(3); // insert breakpoint
	writer.putRet();
	writer.flush();
	});
	//console.log(hexdump(hit.address));
	}
	});
	});