逆向工程 - Frida - Print Export Function

參考資訊：
https://github.com/frida/frida
https://frida.re/docs/functions/
https://frida.re/docs/installation/
https://mobsecguys.medium.com/exploring-native-functions-with-frida-on-android-part-2-98b97e89eb3d

hook.py

import os
import sys
import frida

def on_message(message, data):
    print(message)
 
os.system('sleep 3&')
 
session = frida.attach("sleep")
  
script = session.create_script("""
    var m = Process.enumerateModules();
    for (var i = 0; i < m.length; i++) {
        send(m[i]);

        var e = m[i].enumerateExports();
        for (var j = 0; j < e.length; j++) {
            send(e[j]);
        }
    }
""")

script.on('message', on_message)  
script.load()

sys.stdin.read()

編譯、執行

$ python3 ./hook.py
    {'type': 'send', 'payload': {'name': 'sleep', 'base': '0x5587da37b000', 'size': 41920, 'path': '/usr/bin/sleep'}}
    {'type': 'send', 'payload': {'type': 'variable', 'name': 'stdout', 'address': '0x5587da385208'}}
    {'type': 'send', 'payload': {'type': 'variable', 'name': '__progname', 'address': '0x5587da385200'}}
    {'type': 'send', 'payload': {'type': 'variable', 'name': 'program_invocation_name', 'address': '0x5587da385218'}}
    {'type': 'send', 'payload': {'type': 'variable', 'name': '__progname_full', 'address': '0x5587da385218'}}
    {'type': 'send', 'payload': {'type': 'variable', 'name': 'program_invocation_short_name', 'address': '0x5587da385200'}}
    {'type': 'send', 'payload': {'type': 'variable', 'name': 'opterr', 'address': '0x5587da385220'}}
    {'type': 'send', 'payload': {'type': 'variable', 'name': 'stderr', 'address': '0x5587da385240'}}
    {'type': 'send', 'payload': {'type': 'variable', 'name': 'optind', 'address': '0x5587da385210'}}
    {'type': 'send', 'payload': {'name': 'linux-vdso.so.1', 'base': '0x7ffc839c9000', 'size': 3421, 'path': 'linux-vdso.so.1'}}
    {'type': 'send', 'payload': {'name': 'libc.so.6', 'base': '0x7f299c8a1000', 'size': 1970000, 'path': '/usr/lib/x86_64-linux-gnu/libc.so.6'}}
    {'type': 'send', 'payload': {'type': 'function', 'name': 'fgetc', 'address': '0x7f299c91ece0'}}
    {'type': 'send', 'payload': {'type': 'function', 'name': 'pthread_attr_setscope', 'address': '0x7f299c928310'}}
    {'type': 'send', 'payload': {'type': 'function', 'name': 'pthread_attr_getstacksize', 'address': '0x7f299c9280d0'}}
    ...