逆向工程 - Frida - Hook Module Function (C)

參考資訊：
https://github.com/frida/frida
https://frida.re/docs/functions/
https://frida.re/docs/installation/

main.c

#include <stdio.h>
#include <unistd.h>

void test(int);

int main(int argc, char *argv[])
{
    int cc = 0;

    while (1) {
        test(cc++);
        sleep(1);
    }
    return 0;
}

test.c

#include <stdio.h>

void test(int v)
{
    printf("%d\n", v);
}

hook.py

import sys
import frida
 
def on_message(message, data):
    print(message)
 
session = frida.attach("main")

script = session.create_script("""
    const mylib = "test.so";
    const myfun = "test";

    let pfun = 0;
    let m = Process.enumerateModules();
    for (let i = 0; i < m.length; i++) {
        if (m[i]["name"] == mylib) {
            let e = m[i].enumerateExports();
            for (let j = 0; j < e.length; j++) {
                if (e[j]["name"] == myfun) {
                    pfun = e[j]["address"]
                }
            }
        }
    }

    Interceptor.attach(ptr(pfun), {
        onEnter: function (args) {
            send(args[0].toInt32());
        }
    });
""")
 
script.on('message', on_message)
script.load()
sys.stdin.read()

編譯、執行

$ gcc test.c -o test.so -shared -fPIC
$ gcc main.c -o main test.so

$ LD_LIBRARY_PATH=. ./main&
    0
    1
    2
    3
    4
    5

$ python3 ./hook.py
    {'type': 'send', 'payload': 6}
    {'type': 'send', 'payload': 7}
    {'type': 'send', 'payload': 8}
    {'type': 'send', 'payload': 9}