frida -l hook.js 'Process Name'
hook.js
const HookModuleName='Process Name'
function main() {
var imp = ObjC.classes.NSDictionary['- objectForKey:'];
Interceptor.attach(imp.implementation,{
onEnter:function(args) {
var str = ObjC.Object(args[2]);
console.log("===>", str);
},
onLeave:function(retVal) {
// retVal.replace(ObjC.classes.NSString.stringWithString_("doorxp@msn.com"));
// console.log(retVal);
}
});
}
function starter() {
var addr = null;
while(!addr) {
addr = Module.findBaseAddress(HookModuleName);
}
console.log("start:", addr);
main();
}
starter();