doorxp

Blog

MacOSX 程序跟踪 frida脚本

frida -l hook.js 'Process Name'


hook.js


const HookModuleName='Process Name'
function main() {
var imp = ObjC.classes.NSDictionary['- objectForKey:'];
Interceptor.attach(imp.implementation,{
onEnter:function(args) {
var str = ObjC.Object(args[2]);
console.log("===>", str);
},
onLeave:function(retVal) {
    // retVal.replace(ObjC.classes.NSString.stringWithString_("doorxp@msn.com"));
// console.log(retVal);
}
});
}
function starter()  {
var addr = null;
while(!addr) {
addr = Module.findBaseAddress(HookModuleName);
}
console.log("start:", addr);
main();
}
starter();


发表评论:

Powered By Z-BlogPHP 1.5.1 Zero

Copyright doorxp.com Rights Reserved.