frida_script

Last updated on February 28, 2024 pm

施工中

包含几个常用的frida函数,总结在这里了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
import frida
import sys

task = True


def on_message(message, data):
    global task
    print("[message]:", message, "[data]:", data)
    task = False
if __name__ == '__main__':

    target = 'main.exe'
  # 启动进程
    rdev = frida.get_local_device()
    pid = rdev.spawn(program=target, stdio='inherit')
    print(pid)
  # 附加进程
    session = frida.attach(pid)
  # 打开并启动js脚本
    jsFile = 'test1.js'
    handle = open(jsFile, "r", encoding='utf-8')
    jsScript = handle.read()
    handle.close()
    script = session.create_script(jsScript)
    script.on("message", on_message)
    script.load()
  #回复进程的运行
    rdev.resume(pid)
    while (task):
        pass
    session.detach()
    print('end')

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
console.log('start')
var addr1 = 0x4110F0;
Interceptor.attach(ptr(addr1), {
    onEnter(args) {
        console.log(args[0].toString())
        var value = Memory.readUtf8String(args[0])
        console.log("[value]:"+ value)
        Memory.writeUtf8String(args[0], "sssctf{222424441331314424113333}");
    },
    onLeave(retval) {
        console.log("函数1的返回值:", retval);
    }
});
var addr2 = 0x411073;
Interceptor.attach(ptr(addr2), {
    onEnter(args) {
        console.log(args[0].toString())
        var value = Memory.readUtf8String(args[0])
        console.log("[value]:"+ value)
    }
});
send("exit")
1
2
3
4
5
var addr = 0xffffff
const f = new NativeFunction(ptr(addr), 'void', ['int']);
f(1911);
f(1911);
f(1911);
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
console.log('start')
var addr1 = 0x4110F0;
var addr2 = 0x411073;
args1_addr = ptr(0);
args2_addr = ptr(0);
const f1 = new NativeFunction(ptr(addr1), 'int', ['pointer', 'pointer']);
const f2 = new NativeFunction(ptr(addr2), 'int', ['pointer']);
Interceptor.attach(ptr(addr1), {
    onEnter(args) {
        args1_addr = args[0];
        args2_addr = args[1];
        var retval1 = 1
        var retval2 = 1
        var str1 = "sssctf{222424441331314424113333}"
        var str2 = "sssctf{22242444133131424112333}"
        do{
            retval1 = 1;
            retval2 = 1;
            Memory.writeUtf8String(args1_addr, str2);
            retval1 = f1(args1_addr, args2_addr);
            retval2 = f2(args2_addr);
            console.log("[retval1]:"+ retval1)
            console.log("[retval2]:"+ retval2)
        }while (retval1== 1 || retval2 == 1 )
        console.log("[flag]:"+ str2)
    },
    onLeave(retval) {
        console.log("函数1的返回值:", retval);
    }
});

send("exit")
CTF
#CTF
frida_script
https://txpoki.github.io/2024/02/27/frida-script/
Author
John Doe
Posted on
February 27, 2024
Updated on
February 28, 2024
Licensed under