Introduction

The aim of this book is to introduce ourselves in the world of binary instrumentation by using Frida (frida.re) toolkit. In this book we will see a practical approach to learning the framework which means that we will reduce the theory side and work with practical examples as much as possible.

Although the Frida API documentation is quite good, there's still a gap between the basic use cases and the most complex ones. Moreover, this toolkit is particularly used for mobile instrumentation and lots of Android examples can be found on the internet, even though it has support for desktop OS's. This gap is what I attempt to fulfill with this book.

We are going to see a variety of scenarios from reading and manipulating simple arguments to reading and writing to structs. Also, the most interesting features such as remote instrumentation will also be covered.

Handbook structure

Here lays a brief explanation of how this book is going to be structured:

1. System/Software requirements: Although the examples are self-explanatory, in case you want to try them or play around you will need to meet the software requirements.
2. Binary Instrumentation: The basic concepts of binary instrumentation will be explained to help us understand the underlying techniques used in Frida or other frameworks.
3. Frida internals: We learn how Frida works on the inside and what makes Frida interesting for us to use compared to other toolkits or frameworks.
4. Frida basics: We will learn the basics of how Frida operates, its tools and most interesting APIs as well as recommendations on how to approach certain tasks and also how not to. We will also learn how to create our first control-instrumentation tandem.
5. Intermediate usage: We will perform tasks that are useful in real-life examples. Since they rely on already understanding the Frida API and are error-prone (this is, you might crash the application if done incorrectly) or cover more advanced topics, they are set in a separate category (Modifiying return values, modifying function params, reading buffers...).
6. Advanced usage: This area covers more advanced topics that require understanding more complex concepts unrelated to Frida such as struct offsets, NOPing functions, optimizing certain tasks with CModule...

This handbook is aimed to cover only Desktop OS's and so most of the book can be followed either using a Linux distro of your choice or a modern Windows system. Be sure to understand each part of the book before moving forward to more advanced topics (as I said you will probably end up crashing the instrumented process if you make mistakes). The examples are done in different platforms to illustrate the fact that having an understanding of the Frida toolkit applies anywhere.

As an extra, I added instrumentation for Objective-C/Swift under MacOS. Objective C interaction with Frida works a bit different from what we will see throughout the book (mostly indexes and how classes are loaded) so it has its own separate section.