byte printf172
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export function get_lr_info(ctx: Arm64CpuContext) { | |
| let mm = new ModuleMap(); | |
| let lr_info = mm.find(ctx.lr); | |
| if (lr_info == null) return ""; | |
| return ` ${lr_info.name}!${ctx.lr.sub(lr_info.base)}`; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # from https://gist.github.com/NeatMonster/c06c61ba4114a2b31418a364341c26c0 | |
| class hexdump: | |
| def __init__(self, buf, off=0): | |
| self.buf = buf | |
| self.off = off | |
| def __iter__(self): | |
| last_bs, last_line = None, None | |
| for i in range(0, len(self.buf), 16): |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function get_call_function() { | |
| var call_function_addr = null; | |
| var symbols = Process.getModuleByName("linker").enumerateSymbols(); | |
| for (var m = 0; m < symbols.length; m++) { | |
| if (symbols[m].name == "__dl__ZL13call_functionPKcPFviPPcS2_ES0_") { | |
| call_function_addr = symbols[m].address; | |
| console.log("found call_function_addr => ", call_function_addr) | |
| hook_call_function(call_function_addr) | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| from pathlib import Path | |
| import idautils | |
| import ida_nalt | |
| def get_libc_import(): | |
| info = {} | |
| nimps = ida_nalt.get_import_module_qty() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // https://www.cnblogs.com/c-x-a/p/15192821.html | |
| function main(){ | |
| write_file1() | |
| write_File2() | |
| } | |
| function write_file1(){ | |
| //使用firda的自带api | |
| var file = new File("/data/local/tmp/mytest.dat") | |
| file.write("1234"); | |
| file.flush(); |
SeeFlowerX
/ hook_loadLibrary.js
Created
February 21, 2022 01:20
https://github.com/frida/frida-java-bridge/issues/63
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.perform(function() { | |
| const System = Java.use('java.lang.System'); | |
| const Runtime = Java.use('java.lang.Runtime'); | |
| const SystemLoad_2 = System.loadLibrary.overload('java.lang.String'); | |
| const VMStack = Java.use('dalvik.system.VMStack'); | |
| SystemLoad_2.implementation = function(library) { | |
| send("Loading dynamic library => " + library); | |
| try { | |
| const loaded = Runtime.getRuntime().loadLibrary0(VMStack.getCallingClassLoader(), library); |