frenchyeti / interruptor Goto Github PK
View Code? Open in Web Editor NEWHuman-friendly cross-platform system call tracing and hooking library based on Frida's Stalker
License: Other
Human-friendly cross-platform system call tracing and hooking library based on Frida's Stalker
License: Other
Instead of using this project from sources, providing a minified JS file file for any arch/os supported should be easiest to final users.
The crash also happens when trying to trace other applications as well. Device is a Moto G8 on stock ROM rooted via Magisk, Android 11.
$ frida -U --codeshare FrenchYeti/android-arm64-strace -f lv.amberphone.pasazieruvilciens
____
/ _ | Frida 16.1.5 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to moto g 8 (id=ZY2282SCS6)
Spawned `lv.amberphone.pasazieruvilciens`. Resuming main thread!
[moto g 8 ::lv.amberphone.pasazieruvilciens ]-> [LINKER] Loading '/data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so'
[INTERRUPTOR][STARTING] Module '/data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so' is loading, tracer will start
[INTERRUPTOR][STARTING] Tracing thread 11412 []
[STARTING TRACE] UID=0 Thread 11412
Deploying pthread_create hook
0 1
[TID=11412] [/apex/com.android.runtime/lib64/bionic/libc.so +0x38c] futex ( word = 0x780fc3de40 , op = FUTEX_WAKE_PRIVATE , u32 val = 0x7fffffff , struct __kernel_timespec *utime = 0x0 , u32 *uaddr2 = 0x0 , u32 val3[ = 0x0 ) > 0x0
[TID=11412] [/apex/com.android.runtime/lib64/bionic/libc.so +0x38c] futex ( word = 0x780fc3de20 , op = FUTEX_WAKE_PRIVATE , u32 val = 0x7fffffff , struct __kernel_timespec *utime = 0x0 , u32 *uaddr2 = 0x0 , u32 val3[ = 0x0 ) > 0x0
Process crashed: Bad access due to invalid address
***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'motorola/rav_reteu/rav:11/RPJS31.Q4U-47-35-17/4bff0:user/release-keys'
Revision: 'pvt1'
ABI: 'arm64'
Timestamp: 2024-04-21 13:04:08+0200
pid: 11412, tid: 11412, name: sazieruvilciens >>> lv.amberphone.pasazieruvilciens <<<
uid: 10252
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x8
Cause: null pointer dereference
x0 0000007fe8cd7038 x1 0000000000000006 x2 0000007831111bc0 x3 0000007fe8cd6fb0
x4 0000007fe8cd6fa0 x5 0000007882848280 x6 000000780fc3f1f0 x7 0000007fe8cd72f8
x8 0000000000000000 x9 0000000000000000 x10 000000000000062b x11 0000000000000001
x12 000000780fc3e510 x13 48646e4a362d736e x14 0000000000000000 x15 000000780fafa43c
x16 0000000000000001 x17 0000000000000000 x18 0000007b27098000 x19 0000000000000000
x20 0000007fe8cd7038 x21 000000780fc25000 x22 000000780fc25000 x23 000000780fc25000
x24 00000000ffffffff x25 000000780fc3d2f8 x26 000000780fc12fd0 x27 0000007b24405d50
x28 000000780fc3d2f8 x29 0000007fe8cd7010
lr 000000780faf99fc sp 0000007fe8cd7010 pc 000000787eb960d8 pst 0000000080000000
backtrace:
#00 pc 000000000001a0d8 <anonymous:787eb7c000>
#01 pc 000000000031d9f8 /data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so!librealm-jni.so (offset 0x319000) (BuildId: 00148e37ca2d0eb9a73ff48909a15a181c3134eb)
#02 pc 000000000031d9f8 /data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so!librealm-jni.so (offset 0x319000) (BuildId: 00148e37ca2d0eb9a73ff48909a15a181c3134eb)
#03 pc 000000000031df78 /data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so!librealm-jni.so (offset 0x319000) (BuildId: 00148e37ca2d0eb9a73ff48909a15a181c3134eb)
#04 pc 00000000000915ec /data/app/~~B24fXXQXtSHbhNpTZLJZUw==/lv.amberphone.pasazieruvilciens-6JndHQcV1kp025BvFlBZUA==/lib/arm64/librealm-jni.so!librealm-jni.so (offset 0x8f000) (BuildId: 00148e37ca2d0eb9a73ff48909a15a181c3134eb)
#05 pc 000000000004a0f0 /apex/com.android.runtime/bin/linker64!ld-android.so (offset 0x49000) (__dl__ZL10call_arrayIPFviPPcS1_EEvPKcPT_mbS5_+284) (BuildId: f973854810260f3568df23436074dee3)
#06 pc 000000000004a2f0 /apex/com.android.runtime/bin/linker64!ld-android.so (offset 0x49000) (__dl__ZN6soinfo17call_constructorsEv+380) (BuildId: f973854810260f3568df23436074dee3)
#07 pc 0000000000000e08 <anonymous:7b27f59000>
***
[moto g 8 ::lv.amberphone.pasazieruvilciens ]->
Thank you for using Frida!
How is SVC / syscall hooking is implemented?
If someone tries to bypass Frida by using syscalls directly without libc wrapper will we detect them?
For example some packers do that
The current README not mention important modifying (CommonJS -> ES Module) , new API and ways to use it
Implement followThread option
arch: x64
device: Emulator from Android Studio
Tested API versions: 28 and 31
command: frida -U -f com.android.contacts -l _agent.js --no-pause
code:
const Interruptor = require('./android-x64-strace.min.js').target.LinuxX64();
Interruptor.newAgentTracer({
}).start();
The script hooks threads and prints some syscalls but the app itself freezes, seems like the main thread never resumes or something like that.
Galaxy s9
Android 10
kernel: 4.9
java vm: 2.1.0
index.ts
var Interruptor = require('./android-arm64-strace.min.js').target.LinuxArm64();
// better results, when app is loaded
Java.perform(()=>{
Interruptor.newAgentTracer({
exclude: {
modules: ["linker64"],
syscalls: ["clock_gettime"]
}
}).start();
});
after npm compile
running frida -U -f com.android.contacts -l _agent.js --no-pause
:
/ _ | Frida 15.2.2 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to xx xxxx (id=xxxxx)
Spawned `com.android.contacts`. Resuming main thread!
[xx xxxx::com.android.contacts ]-> [INTERRUPTOR][STARTING] Tracing thread 9240 []
[STARTING TRACE] UID=0 Thread 9240
Deploying pthread_create hook
[libc.so] Hooking routine : 0x77222ef1a0 {"0x77222ef1a0":true}
------- [TID=9274][libutils.so][0x77222ef1a0] Thread routine start -------
[INTERRUPTOR][STARTING] Tracing thread 9274 []
[STARTING TRACE] UID=1 Thread 9274
Process crashed: Trace/BPT trap
***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
RROS Version: 'RROS-Q-8.6.5-20201226-starlte-Official'
Build fingerprint: 'samsung/starltexx/starlte:10/xxxxxxxxxxx:user/release-keys'
Revision: '26'
ABI: 'arm64'
Timestamp: 2022-08-05 23:21:56+0600
pid: 9240, tid: 9240, name: ndroid.contacts >>> com.android.contacts <<<
uid: 10246
signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
Abort message: 'Check failed: dex_pc < accessor.InsnsSizeInCodeUnits() (dex_pc=4294967295, accessor.InsnsSizeInCodeUnits()=1421) '
x0 0000000000000000 x1 0000000000002418 x2 0000000000000006 x3 0000007fc6ddab50
x4 0000007687fb6940 x5 0000007687fb6940 x6 0000007687fb6940 x7 0000007687fb6800
x8 00000000000000f0 x9 000000771efe44a0 x10 0000000000000000 x11 0000000000000001
x12 0000007687fb6300 x13 0000007687fb6440 x14 0000000000000001 x15 00000077234c5540
x16 000000771f0b18c0 x17 000000771f08f310 x18 0000000000000000 x19 00000000000000ac
x20 0000000000002418 x21 00000000000000b2 x22 0000000000002418 x23 00000000ffffffff
x24 000000769e2d4104 x25 000000769e2d6104 x26 000000769e2b62e7 x27 0000007723178258
x28 000000769e7f2000 x29 0000007fc6ddac00
sp 0000007fc6ddab30 lr 000000771f042170 pc 000000771f0421a0
backtrace:
#00 pc 00000000000821a0 /apex/com.android.runtime/lib64/bionic/libc.so!libc.so (offset 0x82000) (abort+176) (BuildId: a5aa1dd8572ed64645c321b17b43e24d)
#01 pc 0000000000000108 <anonymous:7696080000>
***
[xx xxxx::com.android.contacts ]->
Thank you for using Frida!
If I'm gonna remove modules: ["linker64"],
from the agent script will get Process crashed: Bad access due to invalid address
error:
____
/ _ | Frida 15.2.2 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to xx xxxx (id=xxxxx)
Spawned `com.android.contacts`. Resuming main thread!
[xx xxxx::com.android.contacts ]-> [INTERRUPTOR][STARTING] Tracing thread 9304 []
[STARTING TRACE] UID=0 Thread 9304
Deploying pthread_create hook
[TID=9304] [/apex/com.android.runtime/lib64/bionic/libc.so +0x1614] mprotect ( addr = 0x12c40000 , size = 0x40000 , prot = PROT_READ | PROT_WRITE ) > 0 SUCCESS
Process crashed: Bad access due to invalid address
***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
RROS Version: 'RROS-Q-8.6.5-20201226-starlte-Official'
Build fingerprint: 'samsung/starltexx/starlte:10/xxxxxxxxxxxxxxx:user/release-keys'
Revision: '26'
ABI: 'arm64'
Timestamp: 2022-08-05 23:24:30+0600
pid: 9304, tid: 9304, name: ndroid.contacts >>> com.android.contacts <<<
uid: 10246
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x120
Cause: null pointer dereference
x0 0000000000000000 x1 000000769e7b4e4c x2 00000076423f3060 x3 0000007fc6ddaaa0
x4 00000076423f6d30 x5 0000007fc6ddaf78 x6 0000007fc6ddaf70 x7 0000000000000018
x8 0000000000000000 x9 0000000000000000 x10 0000000000000072 x11 0000000000000001
x12 0000000070ec61c8 x13 ffffffffffffffff x14 0000000000000000 x15 000000769e723198
x16 0000000000000001 x17 0000000000000000 x18 0000000000000000 x19 000000769e7b4e4c
x20 0000000000000000 x21 0000000000000007 x22 0000000071bdcc10 x23 00000077237f9020
x24 0000000000000000 x25 0000000071d3cb50 x26 0000000071d3cae8 x27 0000000016f400e0
x28 000000772350ac00 x29 0000007fc6ddab20
sp 0000007fc6dda970 lr 000000769e7b4e50 pc 0000007631a356c8
backtrace:
#00 pc 00000000000096c8 <anonymous:7631a2c000>
#01 pc 000000000058fe4c /apex/com.android.runtime/lib64/libart.so!libart.so (offset 0x58f000) (_ZN3artL37JniMethodEndWithReferenceHandleResultEP8_jobjectjPNS_6ThreadE.llvm.15732748762076278778+68) (BuildId: 666654ef4cf00eb4a229a0a82fb8580b)
#02 pc 000000000058fe4c /apex/com.android.runtime/lib64/libart.so!libart.so (offset 0x58f000) (_ZN3artL37JniMethodEndWithReferenceHandleResultEP8_jobjectjPNS_6ThreadE.llvm.15732748762076278778+68) (BuildId: 666654ef4cf00eb4a229a0a82fb8580b)
#03 pc 00000000000b61fc /system/framework/arm64/boot.oat (art_jni_trampoline+140) (BuildId: a8ac55bddd29586f0b1ef039f0785f47489a899b)
#04 pc 00000000000de208 /system/framework/arm64/boot.oat!boot.oat (offset 0xde000) (java.lang.ref.Reference.get+40) (BuildId: a8ac55bddd29586f0b1ef039f0785f47489a899b)
#05 pc 00000000000db7e8 /system/framework/arm64/boot.oat!boot.oat (offset 0xdb000) (java.lang.ThreadLocal.get+152) (BuildId: a8ac55bddd29586f0b1ef039f0785f47489a899b)
#06 pc 000000000075a7cc /system/framework/arm64/boot-framework.oat!boot-framework.oat (offset 0x759000) (android.os.StrictMode.setBlockGuardPolicy+204) (BuildId: 70f26bc2948d2b8de567ee63d027da3521d905c0)
#07 pc 000000000075962c /system/framework/arm64/boot-framework.oat!boot-framework.oat (offset 0x759000) (android.os.StrictMode.initThreadDefaults+476) (BuildId: 70f26bc2948d2b8de567ee63d027da3521d905c0)
#08 pc 00000000004bf3cc /system/framework/arm64/boot-framework.oat!boot-framework.oat (offset 0x4bf000) (android.app.ActivityThread.handleBindApplication+2396) (BuildId: 70f26bc2948d2b8de567ee63d027da3521d905c0)
#09 pc 0000000000136334 /apex/com.android.runtime/lib64/libart.so!libart.so (offset 0x135000) (art_quick_invoke_stub+548) (BuildId: 666654ef4cf00eb4a229a0a82fb8580b)
#10 pc 00000000001450ac /apex/com.android.runtime/lib64/libart.so!libart.so (offset 0x145000) (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+244) (BuildId: 666654ef4cf00eb4a229a0a82fb8580b)
#11 pc 00000000004b0390 /apex/com.android.runtime/lib64/libart.so!libart.so (offset 0x433000) (art::(anonymous namespace)::InvokeWithArgArray(art::ScopedObjectAccessAlreadyRunnable const&, art::ArtMethod*, art::(anonymous namespace)::ArgArray*, art::JValue*, char const*)+104) (BuildId: 666654ef4cf00eb4a229a0a82fb8580b)
#12 pc 00000000004afff0 /apex/com.android.runtime/lib64/libart.so!libart.so (offset 0x433000) (art::InvokeWithVarArgs(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+408) (BuildId: 666654ef4cf00eb4a229a0a82fb8580b)
#13 pc 00000000003a54cc /apex/com.android.runtime/lib64/libart.so!libart.so (offset 0x385000) (art::JNI::CallNonvirtualVoidMethod(_JNIEnv*, _jobject*, _jclass*, _jmethodID*, ...)+692) (BuildId: 666654ef4cf00eb4a229a0a82fb8580b)
#14 pc 0000000000769ff4 /data/local/tmp/re.frida.server/frida-agent-64.so!libfrida-agent.so (offset 0x769000)
#15 pc 00000000007675bc /data/local/tmp/re.frida.server/frida-agent-64.so!libfrida-agent.so (offset 0x767000)
***
[xx xxxx::com.android.contacts ]->
Thank you for using Frida!
with/without --no-pause
have same result
It seems this crash is not produced by the RASP inside R2pay:
[14:30 edu@xps radare2] (master)> frida --codeshare FrenchYeti/android-arm64-strace -H 127.0.0.1:27042 -f re.pwnme --no-pause
____
/ _ | Frida 15.1.14 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
Spawned `re.pwnme`. Resuming main thread!
[Remote::re.pwnme]-> [STARTING TRACE] UID=0 Thread 14474
Process crashed: Bad access due to invalid address
***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/walleye/walleye:11/RP1A.200720.009/6720564:user/release-keys'
Revision: 'MP1'
ABI: 'arm64'
Timestamp: 2022-01-24 08:30:41-0500
pid: 14474, tid: 14474, name: re.pwnme >>> re.pwnme <<<
uid: 10250
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x1f03e036000074
x0 0000007c520841a4 x1 0000007c36a3c658 x2 0000007bf23b3970 x3 0000000000000001
x4 0000007bf23b70f4 x5 0000000000000000 x6 0000000000000040 x7 7f7f7f7f7f7f7f7f
x8 0000007ee78eb000 x9 0000007c523f8000 x10 0000007b00000007 x11 0000000000000001
x12 0000000001120197 x13 0000007c50a5e09c x14 0000007c522bd998 x15 0000007c522bd998
x16 0000000000000001 x17 0000000000000000 x18 0000000000000000 x19 0000007c36a3c658
x20 2a1f03e036000074 x21 2a1f03e036000060 x22 0000007dc2411be0 x23 0000007c520841a4
x24 0000007d32411160 x25 0000000000000004 x26 0000007ee78eb000 x27 0000007fdec4dac8
x28 0000000000000139 x29 0000007fdec4d4b0
lr 0000007c520841a4 sp 0000007fdec4d470 pc 0000007c36a3cae8 pst 0000000080000000
backtrace:
#00 pc 000000000001cae8 <anonymous:7c36a20000>
#01 pc 00000000003411a0 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x341000) (art::jit::Jit::MaybeDoOnStackReplacement(art::Thread*, art::ArtMethod*, unsigned int, int, art::JValue*)+112) (BuildId: d0f321775158ed00df284edfabf672b6)
#02 pc 00000000003411a0 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x341000) (art::jit::Jit::MaybeDoOnStackReplacement(art::Thread*, art::ArtMethod*, unsigned int, int, art::JValue*)+112) (BuildId: d0f321775158ed00df284edfabf672b6)
#03 pc 0000000000172b88 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x16a000) (void art::interpreter::ExecuteSwitchImplCpp<true, false>(art::interpreter::SwitchImplContext*)+35408) (BuildId: d0f321775158ed00df284edfabf672b6)
#04 pc 000000000013f7d8 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x13f000) (ExecuteSwitchImplAsm+8) (BuildId: d0f321775158ed00df284edfabf672b6)
#05 pc 00000000001a22e8 /system/framework/framework.jar (android.app.ActivityThread.updateDefaultDensity)
#06 pc 00000000003095d8 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x309000) (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.llvm.7618685802058321727)+528) (BuildId: d0f321775158ed00df284edfabf672b6)
#07 pc 0000000000311840 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x311000) (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+200) (BuildId: d0f321775158ed00df284edfabf672b6)
#08 pc 0000000000313b5c /apex/com.android.art/lib64/libart.so!libart.so (offset 0x311000) (bool art::interpreter::DoCall<true, true>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+1692) (BuildId: d0f321775158ed00df284edfabf672b6)
#09 pc 00000000001755f8 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x16a000) (void art::interpreter::ExecuteSwitchImplCpp<true, false>(art::interpreter::SwitchImplContext*)+46272) (BuildId: d0f321775158ed00df284edfabf672b6)
#10 pc 000000000013f7d8 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x13f000) (ExecuteSwitchImplAsm+8) (BuildId: d0f321775158ed00df284edfabf672b6)
#11 pc 000000000019dacc /system/framework/framework.jar (android.app.ActivityThread.handleBindApplication)
#12 pc 00000000003095d8 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x309000) (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.llvm.7618685802058321727)+528) (BuildId: d0f321775158ed00df284edfabf672b6)
#13 pc 00000000006740c0 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x674000) (artQuickToInterpreterBridge+776) (BuildId: d0f321775158ed00df284edfabf672b6)
#14 pc 000000000013cff8 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x13c000) (art_quick_to_interpreter_bridge+88) (BuildId: d0f321775158ed00df284edfabf672b6)
#15 pc 0000000000133564 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x133000) (art_quick_invoke_stub+548) (BuildId: d0f321775158ed00df284edfabf672b6)
#16 pc 00000000001a97e8 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x1a9000) (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+200) (BuildId: d0f321775158ed00df284edfabf672b6)
#17 pc 000000000055b830 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x480000) (art::JValue art::InvokeWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+448) (BuildId: d0f321775158ed00df284edfabf672b6)
#18 pc 000000000055bcf4 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x480000) (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+92) (BuildId: d0f321775158ed00df284edfabf672b6)
#19 pc 0000000000427560 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x394000) (art::JNI<true>::CallNonvirtualVoidMethodV(_JNIEnv*, _jobject*, _jclass*, _jmethodID*, std::__va_list)+656) (BuildId: d0f321775158ed00df284edfabf672b6)
#20 pc 000000000037ded8 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x367000) (art::(anonymous namespace)::CheckJNI::CallMethodV(char const*, _JNIEnv*, _jobject*, _jclass*, _jmethodID*, std::__va_list, art::Primitive::Type, art::InvokeType)+2576) (BuildId: d0f321775158ed00df284edfabf672b6)
#21 pc 000000000036c9e8 /apex/com.android.art/lib64/libart.so!libart.so (offset 0x367000) (art::(anonymous namespace)::CheckJNI::CallNonvirtualVoidMethod(_JNIEnv*, _jobject*, _jclass*, _jmethodID*, ...)+144) (BuildId: d0f321775158ed00df284edfabf672b6)
#22 pc 0000000000002b94 /dev/re.frida.helper/frida-server-64.so (offset 0x740000)
***
[Remote::re.pwnme]->
Thank you for using Frida!
[14:30 edu@xps radare2] (master)>
demo examples\android\simple_strace.js
1、frida-compile simple_strace.js -o trace.js
2、frida -U -f pkg -l strace.js --no-paus
error:
ReferenceError: 'require' is not defined
at (/strace.js:1)
src:
var em_module = require('./android-arm64-strace.min.js').target.LinuxArm64();
Java.perform(() => {
em_module.newAgentTracer({
exclude: {
syscalls: ["clock_gettime"]
}
}).start();
});
how can we import this project when we build frida agent with ts: https://github.com/oleavr/frida-agent-example
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.