System directories
| Method | Result |
|---|---|
| Environment.getDataDirectory() | /data |
| Environment.getDownloadCacheDirectory() | /cache |
| Environment.getRootDirectory() | /system |
External storage directories
chrisdmc
/ monitorMemory.js
Last active
February 9, 2023 09:47
Frida MemoryAccessMonitor that auto-renews on access
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function monitorMemory(base, length, interceptedInstructions = new Set()) { | |
| const baseAddress = ptr(base.toString()); | |
| MemoryAccessMonitor.enable({base: baseAddress, size: length}, { | |
| onAccess: function(details) { | |
| let baseOffset = details.address.sub(baseAddress); | |
| console.log(`${details.address} (offset in range ${baseAddress} = ${baseOffset}) accessed for ${details.operation} from address ${DebugSymbol.fromAddress(details.from)}. Page ${details.pageIndex + 1} of ${details.pagesTotal}`); | |
| let instruction = Instruction.parse(details.from); | |
| const nextInstr = ptr(instruction.next.toString()); | |
| if (interceptedInstructions.has(nextInstr.toString())) { | |
| return; |
Areizen
/ Il2CPP_frida_hooks_generator.py
Last active
October 28, 2022 17:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import json | |
| predefined_struct = { | |
| "UnityEngine_Vector3_o" : [("float","x"),("float","y"),("float","z")] | |
| } | |
| def extract_class_methods(methods_informations, clazz): | |
| """ | |
| We check if the signature start with the class we want to hook, if so |
oleavr
/ simpleceptor-arm.ts
Created
May 19, 2020 02:22
Simplified Interceptor reimplemented in TypeScript
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const THUMB_HOOK_REDIRECT_SIZE = 8; | |
| const THUMB_BIT_REMOVAL_MASK = ptr(1).not(); | |
| const trampolines: NativePointer[] = []; | |
| const replacements: NativePointer[] = []; | |
| export function makeTrampoline(target: NativePointer): NativePointer { | |
| const targetAddress = target.and(THUMB_BIT_REMOVAL_MASK); | |
| const trampoline = Memory.alloc(Process.pageSize); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| from subprocess import Popen | |
| import frida | |
| import time | |
| import sys | |
| dumped = False | |
| def get_script(package_name): | |
| jscode = """ |
granoeste
/ EachDirectoryPath.md
Last active
April 4, 2024 22:32
[Android] How to get the each directory path.