Table of Contents¶
Binary instrumentation and Frida¶
- Application and code-level instrumentation
- Frida: a binary instrumentation toolkit
- Instrumentation tool structure under Frida
- Frida architecture basics
Frida usage basics¶
- JavaScript vs TypeScript
- An overview of Frida API
- Main features
- frida-tools
- Dealing with data types with Frida
- Dealing with strings: Reading and allocation
- Numbers
- Pointers
- Pointer to offsets
- Getting pointers to exports
- Pointer to ArrayBuffers
- Hexdump: getting a picture from a memory region
- Writing our first agent.
- Injecting our scripts using Frida's command line
- Remote instrumentation
Intermediate usage¶
- Defining globals in Frida's REPL
- Following child processes
- Creating NativeFunctions
- Modifying return values
- Access values after usage
- CryptDecrypt: A practical case.
- Modifying values before execution
- Undoing instrumentation
- std::string
- std::vector
- Operating with ArrayBuffers
Advanced usage¶
- NOP functions
- Memory scanning
- Using custom libraries (DLL/.so)
- Reading and writing registers
- Reading structs
- SYSCALL struct
- WINAPI struct.
- Tips for calculating structure offsets
- CModule
- CModule boilerplates
- Stalker
MacOS¶
- ObjC
- Intercepting NSURL InitWithString
- Obj-C: Intercepting fileExistsAtPath
- ObjC: Methods with multiple arguments.
- ObjC: Reading a CFDataRef
- Getting CryptoKit's AES.GCM.seal data before encryption
- Swift.String
Android and Java API¶
r2frida¶
- Testing r2frida's setup
- Tracing functions
- Disassembling functions in memory
- Replacing return values
- Allocating strings
- Calling functions