Giter Site home page Giter Site logo

是否能够支持iOS about stalker_trace_so HOT 4 CLOSED

oacia avatar oacia commented on August 30, 2024
是否能够支持iOS

from stalker_trace_so.

Comments (4)

oacia avatar oacia commented on August 30, 2024

frida-stalker 在IOS上也可以使用的.在ios中想要开始追踪函数调用流的位置,调用生成的js中的trace_so函数就可以了,记得把setImmediate里面调用的函数hook_dlopen,替换成你自己的入口函数
对了trace_so函数里面的Stalker.exclude也要注释掉,因为我想ios里面应该没有libc.so:)

/*
Stalker.exclude({
        "base": Process.getModuleByName("libc.so").base,
        "size": Process.getModuleByName("libc.so").size
    })
*/

from stalker_trace_so.

LanBaiCode avatar LanBaiCode commented on August 30, 2024

frida-stalker 在IOS上也可以使用的.在ios中想要开始追踪函数调用流的位置,调用生成的js中的trace_so函数就可以了,记得把setImmediate里面调用的函数hook_dlopen,替换成你自己的入口函数 对了trace_so函数里面的Stalker.exclude也要注释掉,因为我想ios里面应该没有libc.so:)

/*
Stalker.exclude({
        "base": Process.getModuleByName("libc.so").base,
        "size": Process.getModuleByName("libc.so").size
    })
*/
var func_addr = ……
var func_name = ……
var so_name = "SFSecurity";

function trace_so() {
    var times = 1;
    var module = Process.getModuleByName(so_name);
    var pid = Process.getCurrentThreadId();
    console.log('module: ' + JSON.stringify(module));
    console.log('pid: ' + pid);
    console.log("start Stalker!");
    Stalker.follow(pid, {
        events: {
            call: false,
            ret: false,
            exec: false,
            block: false,
            compile: false
        },
        onReceive: function (events) {
        },
        transform: function (iterator) {
            var instruction = iterator.next();
            console.log(JSON.stringify(instruction));
            do {
                if (func_addr.indexOf(instruction.address - module.base) != -1) {
                    console.log("call" + times + ": " + func_name[func_addr.indexOf(instruction.address - module.base)])
                    times = times + 1
                }
                iterator.keep();
            } while ((instruction = iterator.next()) !== null);
        },

        onCallSummary: function (summary) {

        }
    });
    console.log("Stalker end!");
}

setImmediate(trace_so());

这是我修改后的版本,但是没有效果
输出:

module: {"name":"SFSecurity","base":"0x109acc000","size":98304,"path":"/private/var/containers/Bundle/Application/CA2B7F10-F6D3-4A13-AAF8-1DD87F292C72/SFReader.app/Frameworks/SFSecurity.framework/SFSecurity"}
pid: 8195
start Stalker!
Stalker end!
{"address":"0x10d56fcd8","next":"0x4","size":4,"mnemonic":"b","opStr":"#0x10d56fce8","operands":[{"type":"imm","value":"4518771944","access":"r"}],"regsAccessed":{"read":[],"written":[]},"regsRead":[],"regsWritten":[],"groups":["jump","branch_relative"]}
{"address":"0x10d56fce8","next":"0x4","size":4,"mnemonic":"str","opStr":"wzr, [x19, #0x90]","operands":[{"type":"reg","value":"wzr","access":"r"},{"type":"mem","value":{"base":"x19","disp":144},"access":"rw"}],"regsAccessed":{"read":["wzr","x19"],"written":[]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d56fcf8","next":"0x4","size":4,"mnemonic":"bl","opStr":"#0x10d473ef8","operands":[{"type":"imm","value":"4517740280","access":"r"}],"regsAccessed":{"read":[],"written":["lr"]},"regsRead":[],"regsWritten":["lr"],"groups":["call","jump","branch_relative"]}
{"address":"0x10d56fcfc","next":"0x4","size":4,"mnemonic":"ldr","opStr":"x0, [x19, #0x98]","operands":[{"type":"reg","value":"x0","access":"w"},{"type":"mem","value":{"base":"x19","disp":152},"access":"r"}],"regsAccessed":{"read":["x19"],"written":["x0"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d56fd08","next":"0x4","size":4,"mnemonic":"ldp","opStr":"x29, x30, [sp, #0x10]","operands":[{"type":"reg","value":"fp","access":"w"},{"type":"reg","value":"lr","access":"w"},{"type":"mem","value":{"base":"sp","disp":16},"access":"r"}],"regsAccessed":{"read":["sp"],"written":["fp","lr"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d473ef8","next":"0x4","size":4,"mnemonic":"stp","opStr":"x24, x23, [sp, #-0x40]!","operands":[{"type":"reg","value":"x24","access":"r"},{"type":"reg","value":"x23","access":"r"},{"type":"mem","value":{"base":"sp","disp":-64},"access":"rw"}],"regsAccessed":{"read":["x24","x23","sp"],"written":["sp"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d473f30","next":"0x4","size":4,"mnemonic":"bl","opStr":"#0x10d476110","operands":[{"type":"imm","value":"4517749008","access":"r"}],"regsAccessed":{"read":[],"written":["lr"]},"regsRead":[],"regsWritten":["lr"],"groups":["call","jump","branch_relative"]}
{"address":"0x10d473f34","next":"0x4","size":4,"mnemonic":"sub","opStr":"w8, w24, #1","operands":[{"type":"reg","value":"w8","access":"w"},{"type":"reg","value":"w24","access":"r"},{"type":"imm","value":"1","access":"r"}],"regsAccessed":{"read":["w24"],"written":["w8"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d473f4c","next":"0x4","size":4,"mnemonic":"b","opStr":"#0x10d473f84","operands":[{"type":"imm","value":"4517740420","access":"r"}],"regsAccessed":{"read":[],"written":[]},"regsRead":[],"regsWritten":[],"groups":["jump","branch_relative"]}
{"address":"0x10d473f84","next":"0x4","size":4,"mnemonic":"cmp","opStr":"w24, #2","operands":[{"type":"reg","value":"w24","access":"w"},{"type":"imm","value":"2","access":"r"}],"regsAccessed":{"read":[],"written":["nzcv","w24"]},"regsRead":[],"regsWritten":["nzcv"],"groups":[]}
{"address":"0x10d473f8c","next":"0x4","size":4,"mnemonic":"tbz","opStr":"w0, #0, #0x10d474028","operands":[{"type":"reg","value":"w0","access":"r"},{"type":"imm","value":"0","access":"r"},{"type":"imm","value":"4517740584","access":"r"}],"regsAccessed":{"read":["w0"],"written":[]},"regsRead":[],"regsWritten":[],"groups":["jump","branch_relative"]}
{"address":"0x10d474028","next":"0x4","size":4,"mnemonic":"ldp","opStr":"x29, x30, [sp, #0x30]","operands":[{"type":"reg","value":"fp","access":"w"},{"type":"reg","value":"lr","access":"w"},{"type":"mem","value":{"base":"sp","disp":48},"access":"r"}],"regsAccessed":{"read":["sp"],"written":["fp","lr"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d552d40","next":"0x4","size":4,"mnemonic":"mov","opStr":"x0, x19","operands":[{"type":"reg","value":"x0","access":"w"},{"type":"reg","value":"x19","access":"r"}],"regsAccessed":{"read":["x19"],"written":["x0"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d552d50","next":"0x4","size":4,"mnemonic":"ldur","opStr":"x8, [x29, #-0x38]","operands":[{"type":"reg","value":"x8","access":"w"},{"type":"mem","value":{"base":"fp","disp":-56},"access":"r"}],"regsAccessed":{"read":["fp"],"written":["x8"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d552d68","next":"0x4","size":4,"mnemonic":"ldp","opStr":"x29, x30, [sp, #0xe0]","operands":[{"type":"reg","value":"fp","access":"w"},{"type":"reg","value":"lr","access":"w"},{"type":"mem","value":{"base":"sp","disp":224},"access":"r"}],"regsAccessed":{"read":["sp"],"written":["fp","lr"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d54c384","next":"0x4","size":4,"mnemonic":"mov","opStr":"w0, #0","operands":[{"type":"reg","value":"w0","access":"rw"},{"type":"imm","value":"0","access":""}],"regsAccessed":{"read":["w0"],"written":["w0"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a4858","next":"0x4","size":4,"mnemonic":"mov","opStr":"x23, x0","operands":[{"type":"reg","value":"x23","access":"w"},{"type":"reg","value":"x0","access":"r"}],"regsAccessed":{"read":["x0"],"written":["x23"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a4870","next":"0x4","size":4,"mnemonic":"ldr","opStr":"x8, [x27, #8]","operands":[{"type":"reg","value":"x8","access":"w"},{"type":"mem","value":{"base":"x27","disp":8},"access":"r"}],"regsAccessed":{"read":["x27"],"written":["x8"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a4878","next":"0x4","size":4,"mnemonic":"bl","opStr":"#0x10d4a5954","operands":[{"type":"imm","value":"4517943636","access":"r"}],"regsAccessed":{"read":[],"written":["lr"]},"regsRead":[],"regsWritten":["lr"],"groups":["call","jump","branch_relative"]}
{"address":"0x10d4a487c","next":"0x4","size":4,"mnemonic":"ldr","opStr":"w8, [x21, #0x2c]","operands":[{"type":"reg","value":"w8","access":"w"},{"type":"mem","value":{"base":"x21","disp":44},"access":"r"}],"regsAccessed":{"read":["x21"],"written":["w8"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a4884","next":"0x4","size":4,"mnemonic":"and","opStr":"w8, w8, #0xfffffffd","operands":[{"type":"reg","value":"w8","access":"w"},{"type":"reg","value":"w8","access":"r"},{"type":"imm","value":"4294967293","access":"r"}],"regsAccessed":{"read":["w8"],"written":["w8"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a4894","next":"0x4","size":4,"mnemonic":"mov","opStr":"x0, x21","operands":[{"type":"reg","value":"x0","access":"w"},{"type":"reg","value":"x21","access":"r"}],"regsAccessed":{"read":["x21"],"written":["x0"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a489c","next":"0x4","size":4,"mnemonic":"cbnz","opStr":"w23, #0x10d4a48b0","operands":[{"type":"reg","value":"w23","access":"r"},{"type":"imm","value":"4517939376","access":"r"}],"regsAccessed":{"read":["nzcv","w23"],"written":[]},"regsRead":["nzcv"],"regsWritten":[],"groups":["jump","branch_relative"]}
{"address":"0x10d4a48a0","next":"0x4","size":4,"mnemonic":"ldrb","opStr":"w8, [x21, #0x2c]","operands":[{"type":"reg","value":"w8","access":"w"},{"type":"mem","value":{"base":"x21","disp":44},"access":"r"}],"regsAccessed":{"read":["x21"],"written":["w8"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a48a8","next":"0x4","size":4,"mnemonic":"mov","opStr":"x0, x21","operands":[{"type":"reg","value":"x0","access":"w"},{"type":"reg","value":"x21","access":"r"}],"regsAccessed":{"read":["x21"],"written":["x0"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a48b0","next":"0x4","size":4,"mnemonic":"bl","opStr":"#0x10d4a5a1c","operands":[{"type":"imm","value":"4517943836","access":"r"}],"regsAccessed":{"read":[],"written":["lr"]},"regsRead":[],"regsWritten":["lr"],"groups":["call","jump","branch_relative"]}
{"address":"0x10d4a48b4","next":"0x4","size":4,"mnemonic":"add","opStr":"x24, x24, #1","operands":[{"type":"reg","value":"x24","access":"w"},{"type":"reg","value":"x24","access":"r"},{"type":"imm","value":"1","access":"r"}],"regsAccessed":{"read":["x24"],"written":["x24"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a47b4","next":"0x4","size":4,"mnemonic":"ldr","opStr":"x0, [x19, #0x40]","operands":[{"type":"reg","value":"x0","access":"w"},{"type":"mem","value":{"base":"x19","disp":64},"access":"r"}],"regsAccessed":{"read":["x19"],"written":["x0"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a48bc","next":"0x4","size":4,"mnemonic":"mov","opStr":"w1, #0","operands":[{"type":"reg","value":"w1","access":"rw"},{"type":"imm","value":"0","access":""}],"regsAccessed":{"read":["w1"],"written":["w1"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a48c4","next":"0x4","size":4,"mnemonic":"bl","opStr":"#0x10d4a595c","operands":[{"type":"imm","value":"4517943644","access":"r"}],"regsAccessed":{"read":[],"written":["lr"]},"regsRead":[],"regsWritten":["lr"],"groups":["call","jump","branch_relative"]}
{"address":"0x10d4a48c8","next":"0x4","size":4,"mnemonic":"ldp","opStr":"x29, x30, [sp, #0x60]","operands":[{"type":"reg","value":"fp","access":"w"},{"type":"reg","value":"lr","access":"w"},{"type":"mem","value":{"base":"sp","disp":96},"access":"r"}],"regsAccessed":{"read":["sp"],"written":["fp","lr"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a4a60","next":"0x4","size":4,"mnemonic":"mov","opStr":"x0, x19","operands":[{"type":"reg","value":"x0","access":"w"},{"type":"reg","value":"x19","access":"r"}],"regsAccessed":{"read":["x19"],"written":["x0"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a4a68","next":"0x4","size":4,"mnemonic":"bl","opStr":"#0x10d4a5954","operands":[{"type":"imm","value":"4517943636","access":"r"}],"regsAccessed":{"read":[],"written":["lr"]},"regsRead":[],"regsWritten":["lr"],"groups":["call","jump","branch_relative"]}
{"address":"0x10d4a4a6c","next":"0x4","size":4,"mnemonic":"mov","opStr":"x0, x21","operands":[{"type":"reg","value":"x0","access":"w"},{"type":"reg","value":"x21","access":"r"}],"regsAccessed":{"read":["x21"],"written":["x0"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a4c10","next":"0x4","size":4,"mnemonic":"b","opStr":"#0x10d4a4bf8","operands":[{"type":"imm","value":"4517940216","access":"r"}],"regsAccessed":{"read":[],"written":[]},"regsRead":[],"regsWritten":[],"groups":["jump","branch_relative"]}
{"address":"0x10d4a4bf8","next":"0x4","size":4,"mnemonic":"ldar","opStr":"w8, [x20]","operands":[{"type":"reg","value":"w8","access":"w"},{"type":"mem","value":{"base":"x20","disp":0},"access":"r"}],"regsAccessed":{"read":["x20"],"written":["w8"]},"regsRead":[],"regsWritten":[],"groups":[]}
{"address":"0x10d4a4c04","next":"0x4","size":4,"mnemonic":"mov","opStr":"w1, #1","operands":[{"type":"reg","value":"w1","access":"rw"},{"type":"imm","value":"1","access":""}],"regsAccessed":{"read":["w1"],"written":["w1"]},"regsRead":[],"regsWritten":[],"groups":[]}
Spawned `com.sfacg.SFReader`. Resuming main thread!                     
TypeError: cannot read property 'apply' of undefined
    at <anonymous> (frida/runtime/core.js:51)
[Remote::com.sfacg.SFReader ]->

from stalker_trace_so.

oacia avatar oacia commented on August 30, 2024

@LanBaiCodeInterceptor.attach先hook某行代码,然后在onEnter中调用trace_so试试?下面是一个示例

function hook_native(){
    Interceptor.attach(base.add(addr), {
        onEnter: function (args) {
            trace_so();
        },
        onLeave: function (ret) {
        }
    });
}
setImmediate(hook_native);

from stalker_trace_so.

LanBaiCode avatar LanBaiCode commented on August 30, 2024

@LanBaiCodeInterceptor.attach先hook某行代码,然后在onEnter中调用trace_so试试?下面是一个示例

function hook_native(){
    Interceptor.attach(base.add(addr), {
        onEnter: function (args) {
            trace_so();
        },
        onLeave: function (ret) {
        }
    });
}
setImmediate(hook_native);

可以了,但有些函数调用次数太多了,把frida给整无响应了2333

from stalker_trace_so.

Related Issues (2)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.