Frida agent, using Xamarin Mono APIs to intercept a full-AOT method and dump its single argument
import { MonoApiHelper, MonoApi } from 'frida-mono-api' | |
const domain = MonoApi.mono_get_root_domain() | |
// Get a handle to the SeeingAI.Core assembly | |
let coreAssembly = MonoApi.mono_assembly_load_with_partial_name(Memory.allocUtf8String("SeeingAI.Core"), NULL) | |
let coreImage = MonoApi.mono_assembly_get_image(coreAssembly) | |
// Retrieve class metadata | |
let helperClass = MonoApiHelper.ClassFromName(coreImage, "SeeingAI.Network.SignatureHelper") | |
// Get pointer to AOT compiled method | |
let methodInfo = MonoApiHelper.ClassGetMethodFromName(helperClass, "GenerateSignature", 1) | |
let monoError = Memory.alloc(32) // Allocate enough memory for MonoError initialization | |
let nativeMethodPtr = MonoApi.mono_aot_get_method(domain, methodInfo, monoError) | |
// Attach interceptor and fish out the first method argument | |
Interceptor.attach(nativeMethodPtr, { | |
onEnter: function(args) { | |
console.log("GenerateSignature called") | |
console.log("args[1] => " + MonoApiHelper.StringToUtf8(args[1])) | |
} | |
}) | |
console.log("Interceptor attached and ready.") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment