frida | hook windows进程
参考官方文档:https://frida.re/docs/functions/
frida就是动态插桩技术啦
先写个这样子的C程序然后跑起来:
#include<stdio.h>
#include<Windows.h>
void output(int n){
printf("Number: %d
", n);
}
int main(){
int i = 0;
printf("func at %p
", output);
while(1){
output(i++);
Sleep(1000);
}
return 0;
}
跑起来以后用frida去hook就好啦:
from __future__ import print_function
import frida
import sys
session = frida.attach('1.exe')
#local = frida.get_local_device()
#session = local.attach("1.exe")
script = session.create_script('''
Interceptor.attach(ptr("%s"),{
onEnter: function(args){
send(args[0].toInt32());
}
});
''' % int(sys.argv[1], 16))
def on_message(message, data):
print(message)
script.on('message', on_message)
script.load()
sys.stdin.read()
具体的细节看官方文档就好了。