Skip to content

Instantly share code, notes, and snippets.

@riverar

riverar/agent-2.js

Created July 9, 2019 09:37
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save riverar/6b856be60541b3663ea33c2570fc5041 to your computer and use it in GitHub Desktop.
Save riverar/6b856be60541b3663ea33c2570fc5041 to your computer and use it in GitHub Desktop.
Download ZIP
Frida agent, using Xamarin Mono APIs to intercept a full-AOT method and dump its single argument
Raw
agent-2.js
import { MonoApiHelper, MonoApi } from 'frida-mono-api'
const domain = MonoApi.mono_get_root_domain()
// Get a handle to the SeeingAI.Core assembly
let coreAssembly = MonoApi.mono_assembly_load_with_partial_name(Memory.allocUtf8String("SeeingAI.Core"), NULL)
let coreImage = MonoApi.mono_assembly_get_image(coreAssembly)
// Retrieve class metadata
let helperClass = MonoApiHelper.ClassFromName(coreImage, "SeeingAI.Network.SignatureHelper")
// Get pointer to AOT compiled method
let methodInfo = MonoApiHelper.ClassGetMethodFromName(helperClass, "GenerateSignature", 1)
let monoError = Memory.alloc(32) // Allocate enough memory for MonoError initialization
let nativeMethodPtr = MonoApi.mono_aot_get_method(domain, methodInfo, monoError)
// Attach interceptor and fish out the first method argument
Interceptor.attach(nativeMethodPtr, {
onEnter: function(args) {
console.log("GenerateSignature called")
console.log("args[1] => " + MonoApiHelper.StringToUtf8(args[1]))
}
})
console.log("Interceptor attached and ready.")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment