murx-/var_tracer.js Secret

## var_tracer.js


var rl_end_addr = getSymbolAddress("rlbasic_no_inst", "rl_end")
var rl_point_addr = getSymbolAddress("rlbasic_no_inst", "rl_point")
var main_addr = getSymbolAddress("rlbasic_no_inst", "main")
var difference = 0

console.log("Started!");

attachInterceptor(main_addr);

/*
[Local::rlbasic_no_inst]-> new NativePointer(rl_point_addr).readS64()
"0"
*/

function stalkThisThread() {
    Stalker.follow({
        events: {
            // only intrument at return
            ret: true
        },

        onReceive: function (events) {
            var parsed_events = Stalker.parse(events);
            parsed_events.forEach(function (event) {
                var rl_point_value = new NativePointer(rl_point_addr).readS32()
                var rl_end_value = new NativePointer(rl_end_addr).readS32()
                if (rl_point_value > rl_end_value) {
                    if (difference != rl_point_value - rl_end_value) {
                        difference = rl_point_value - rl_end_value
                        console.log("Error detected!");
                        console.log("rl_point = " + rl_point_value + ", rl_end = " + rl_end_value + " , difference: " + difference);
                        console.log(JSON.stringify(event));
                    }


                }
            });
        }
    });
}


function getSymbolAddress(moduleName, symbolName) {
    var symbols = Module.enumerateSymbols(moduleName);
    for (var i = 0; i < symbols.length; i++) {
        if (symbols[i].name == symbolName)
            return symbols[i].address
    }
}


/**
 * attach interceptor to main, and start stalker
 */
function attachInterceptor(main_addr) {
    Interceptor.attach(main_addr, {
        onEnter: function (args) {

            stalkThisThread();
        },
        onLeave: function () {
            console.log("Leave")
            Stalker.flush();
            Stalker.unfollow(Process.getCurrentThreadId());
            Stalker.garbageCollect();
        }
    });
}


	var rl_end_addr = getSymbolAddress("rlbasic_no_inst", "rl_end")
	var rl_point_addr = getSymbolAddress("rlbasic_no_inst", "rl_point")
	var main_addr = getSymbolAddress("rlbasic_no_inst", "main")
	var difference = 0

	console.log("Started!");

	attachInterceptor(main_addr);

	/*
	[Local::rlbasic_no_inst]-> new NativePointer(rl_point_addr).readS64()
	"0"
	*/

	function stalkThisThread() {
	Stalker.follow({
	events: {
	// only intrument at return
	ret: true
	},

	onReceive: function (events) {
	var parsed_events = Stalker.parse(events);
	parsed_events.forEach(function (event) {
	var rl_point_value = new NativePointer(rl_point_addr).readS32()
	var rl_end_value = new NativePointer(rl_end_addr).readS32()
	if (rl_point_value > rl_end_value) {
	if (difference != rl_point_value - rl_end_value) {
	difference = rl_point_value - rl_end_value
	console.log("Error detected!");
	console.log("rl_point = " + rl_point_value + ", rl_end = " + rl_end_value + " , difference: " + difference);
	console.log(JSON.stringify(event));
	}


	}
	});
	}
	});
	}


	function getSymbolAddress(moduleName, symbolName) {
	var symbols = Module.enumerateSymbols(moduleName);
	for (var i = 0; i < symbols.length; i++) {
	if (symbols[i].name == symbolName)
	return symbols[i].address
	}
	}


	/**
	* attach interceptor to main, and start stalker
	*/
	function attachInterceptor(main_addr) {
	Interceptor.attach(main_addr, {
	onEnter: function (args) {

	stalkThisThread();
	},
	onLeave: function () {
	console.log("Leave")
	Stalker.flush();
	Stalker.unfollow(Process.getCurrentThreadId());
	Stalker.garbageCollect();
	}
	});
	}