so getBugl圜lassPathPrefix 0x48 0x7f9744fd3c libBugly. so javaTheadDump 0x44 0x7f9744be40 libBugly. so javaStaticCall_Thread_CurrentThread 0x80 0x7f9744b40c libBugly. so pthread_getattr_np 0xc0 0x7f9744aedc libBugly. so! _ZN3art11ClassLinker9FindClassEPNS_6ThreadEPKcNS_6HandleINS_6mirror11ClassLoaderEEE 0x3b0 so! _ZN3art11ClassLinker26FindClassInPathClassLoaderERNS_33ScopedObjectAccessAlreadyRunnableEPNS_6ThreadEPKcmNS_6HandleINS_6mirror11ClassLoaderEEEPPNS8_5ClassE 0x190 so! _ZN3art11ClassLinker26FindClassInPathClassLoaderERNS_33ScopedObjectAccessAlreadyRunnableEPNS_6ThreadEPKcmNS_6HandleINS_6mirror11ClassLoaderEEEPPNS8_5ClassE 0xfc so! _ZN3art11ClassLinker11LookupClassEPNS_6ThreadEPKcmPNS_6mirror11ClassLoaderE 0xc4 so! _ZN3art10ClassTable6LookupEPKcm 0x100 Set a dynamic breakpoint: (notice the field "stopped":false) 13)ĭtS seconds Trace all threads for given seconds using the stalker di Intercept and replace return value of address dx Inject code and execute it ( TODO)ĭxc Call the target symbol with given args ) Trace register values dtf Trace address with format (^ ixzO) ( see dtf?)ĭtSf Trace address or symbol using the stalker ( Frida >= 10.3. Trace list of addresses or symbols dth (|) ( x y.) Define function header ( z= str, i= int, v= hex barray, s= barray)ĭt- Clear all tracing dtr (. ) Kill the allocations at ( or all of them without param)ĭmp Change page at with, protection ( rwx)ĭmm List all named squashed maps dmh List all heap allocated chunks dmhj List all heap allocated chunks in JSON dmh* Export heap chunks and regions as r2 flags dmhm Show which maps are used to allocate heap chunks dp Show current pid dpt Show threads dr Show thread registers ( see dpt)ĭl libname Dlopen a library dl2 libname Inject library using Frida's >= 8.2 new APIĭt (|). > \?~^ d db (|) List or place breakpoint db- (| )|* Remove breakpoint( s)ĭc Continue breakpoints or resume a spawned process dd () List, dup2 or close filedescriptors dm Show memory regions dma Allocate bytes on the heap, address is returned dmas Allocate a string inited with on the heap dmad Allocate bytes on the heap, copy contents from ĭmal List live heap allocations created with dmaĭma- (. Searching 6 bytes in Īnother example searching for potential whitebox cryptography implementations: so 0x7f9419f600 f EVP_has_aes_hardware / system/ lib64/ libcrypto. so 0x7f941a3344 f EVP_aead_aes_256_cbc_sha1_tls_implicit_iv / system/ lib64/ libcrypto. so 0x7f941a3320 f EVP_aead_aes_128_cbc_sha1_tls_implicit_iv / system/ lib64/ libcrypto.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |