Options
All
  • Public
  • Public/Protected
  • All
Menu

Class Api

Hierarchy

  • Api

Index

Methods

Methods

Static backtrace

  • backtrace(context?: CpuContext): DebugSymbol[] | null

  • Shortcut to retrieve native backtrace

    Parameters

    • Optional context: CpuContext

    Returns DebugSymbol[] | null

Static enumerateExports

  • enumerateExports(module: any): Array<ModuleExportDetails>

  • Enumerate exports for the given module name or pointer

    Parameters

    • module: any

      an hex/int address or string name

    Returns Array<ModuleExportDetails>

Static enumerateImports

  • enumerateImports(module: any): Array<ModuleExportDetails>

  • Enumerate imports for the given module name or pointer

    Parameters

    • module: any

      an hex/int address or string name

    Returns Array<ModuleExportDetails>

Static enumerateJavaClasses

  • enumerateJavaClasses(useCache?: any): void

  • Enumerate java classes

    Parameters

    • Optional useCache: any

      false by default

    Returns void

Static enumerateJavaMethods

  • enumerateJavaMethods(className: string): void

  • Enumerate method for the given class

    Parameters

    • className: string

    Returns void

Static enumerateModuleInfo

  • enumerateModuleInfo(fridaModule: Module | string): Module

  • Enumerate all information about the module (imports / exports / symbols)

    Parameters

    • fridaModule: Module | string

      object from frida-gum

    Returns Module

Static enumerateModules

  • enumerateModules(fillInformation?: boolean): Module[]

  • Enumerate loaded modules

    Parameters

    • Optional fillInformation: boolean

    Returns Module[]

Static enumerateObjCClasses

  • enumerateObjCClasses(moduleName: string): void

  • Enumerate objc classes

    Parameters

    • moduleName: string

    Returns void

Static enumerateObjCMethods

  • enumerateObjCMethods(className: string): void

  • Enumerate method for the given class

    Parameters

    • className: string

    Returns void

Static enumerateObjCModules

  • enumerateObjCModules(className: string): void

  • Enumerate modules for ObjC inspector panel

    Parameters

    • className: string

    Returns void

Static enumerateRanges

  • enumerateRanges(): RangeDetails[]

  • Enumerate all mapped ranges

    Returns RangeDetails[]

Static enumerateSymbols

  • enumerateSymbols(module: any): Array<ModuleSymbolDetails>

  • Enumerate symbols for the given module name or pointer

    Parameters

    • module: any

      an hex/int address or string name

    Returns Array<ModuleSymbolDetails>

Static evaluate

  • evaluate(w: any): any

  • Evaluate javascript. Used from the UI to inject javascript code into the process

    Parameters

    • w: any

    Returns any

Static evaluateFunction

  • evaluateFunction(w: any): any

  • Evaluate javascript. Used from the UI to inject javascript code into the process

    Parameters

    • w: any

    Returns any

Static evaluatePtr

  • evaluatePtr(w: any): NativePointer

  • Evaluate any input and return a NativePointer

    Parameters

    • w: any

    Returns NativePointer

Static findExport

  • findExport(name: any, module?: any): NativePointer | null

  • Shortcut to quickly retrieve an export

    const openAddress = findExport('open');
const myTargetAddress = findExport('target_func', 'target_module.so');

    Parameters

    • name: any
    • Optional module: any

    Returns NativePointer | null

Static findModule

  • findModule(module: any): Module | Module[] | null

  • Find a module providing any argument. Could be a string/int pointer or module name

    Parameters

    • module: any

    Returns Module | Module[] | null

Static findSymbol

  • findSymbol(pattern: any): NativePointer[]

  • Find a symbol matching the given pattern

    Parameters

    • pattern: any

    Returns NativePointer[]

Static getAddressTs

  • getAddressTs(p: any): any[]

  • get telescope information for the given pointer argument

    Parameters

    • p: any

    Returns any[]

Static getDebugSymbols

  • getDebugSymbols(ptrs: any): DebugSymbol[]

  • Return an array of DebugSymbol for the requested pointers

    Parameters

    • ptrs: any

    Returns DebugSymbol[]

Static getInstruction

  • getInstruction(address: any): string

  • Shortcut to retrieve an Instruction object for the given address

    Parameters

    • address: any

    Returns string

Static getRange

  • getRange(address: any): RangeDetails | null

  • Return a RangeDetails object or null for the requested pointer

    Parameters

    • address: any

    Returns RangeDetails | null

Static getSymbolByAddress

  • getSymbolByAddress(pt: any): DebugSymbol | null

  • Return DebugSymbol or null for the given pointer

    Parameters

    • pt: any

    Returns DebugSymbol | null

Static hookAllJavaMethods

  • hookAllJavaMethods(className: string, callback: Function): boolean

  • Hook all the methods for the given java class

    hookAllJavaMethods('android.app.Activity', function() {
    console.log('hello from:', this.className, this.method);
})

    Parameters

    • className: string
    • callback: Function

    Returns boolean

Static hookClassLoaderClassInitialization

  • hookClassLoaderClassInitialization(className: string, callback: Function): boolean

  • Receive a callback whenever a java class is going to be loaded by the class loader.

    hookClassLoaderClassInitialization('com.target.classname', function() {
    console.log('target is being loaded');
})

    Parameters

    • className: string
    • callback: Function

    Returns boolean

Static hookJavaConstructor

  • hookJavaConstructor(className: string, callback: Function): boolean

  • Hook the constructor of the given java class

    hookJavaConstructor('android.app.Activity', function() {
    console.log('activity created');
})

    Parameters

    • className: string
    • callback: Function

    Returns boolean

Static hookJavaMethod

  • hookJavaMethod(targetClassMethod: string, callback: Function): boolean

  • Hook the constructor of the given java class

    hookJavaConstructor('android.app.Activity.onCreate', function() {
    console.log('activity created');
    var savedInstanceState = arguments[0];
    if (savedInstanceState !== null) {
        return this.finish();
    } else {
        return this.overload.call(this, arguments);
    }
})

    Parameters

    • targetClassMethod: string
    • callback: Function

    Returns boolean

Static hookModuleInitialization

  • hookModuleInitialization(moduleName: string, callback: Function): boolean

  • Receive a callback when the native module is being loaded

    hookModuleInitialization('libtarget.so', function() {
    console.log('libtarget is being loaded');
});

    Parameters

    • moduleName: string
    • callback: Function

    Returns boolean

Static injectBlob

  • injectBlob(name: string, blob: string): number | false | true | any[] | NativePointer | UInt64 | Int64

  • Map the given blob as hex string using memfd:create with the given name

    Parameters

    • name: string
    • blob: string

    Returns number | false | true | any[] | NativePointer | UInt64 | Int64

    a negative integer if error or fd

Static isAddressWatched

  • isAddressWatched(pt: any): boolean

  • Parameters

    • pt: any

    Returns boolean

    a boolean indicating if the given pointer is currently watched

Static javaBacktrace

  • javaBacktrace(): any

  • Returns any

    a java stack trace. Must be executed in JVM thread

Static jvmExplorer

  • jvmExplorer(handle: any): object

  • Parameters

    • handle: any

    Returns object

    the explorer object for the given java handle

Static log

  • log(what: any): void

  • log whatever to Dwarf console

    Parameters

    • what: any

    Returns void

Static putBreakpoint

  • putBreakpoint(address_or_class: any, condition?: string | Function): boolean

  • put a breakpoint on a native pointer or a java class with an optional evaluated condition

    var nativeTarget = findExport('memcpy');

putBreakpoint(nativeTarget);

nativeTarget = findExport('open');
putBreakpoint(target, function() {
    if (this.context.x0.readUtf8String().indexOf('prefs.json') >= 0) {
        return true;
    }

    return false;
});

var javaTarget = 'android.app.Activity.onCreate';
putBreakpoint(javaTarget);

    Parameters

    • address_or_class: any
    • Optional condition: string | Function

    Returns boolean

Static putJavaClassInitializationBreakpoint

  • putJavaClassInitializationBreakpoint(className: string): boolean

  • Put a java class initialization breakpoint

    putJavaClassInitializationBreakpoint('android.app.Activity');

    Parameters

    • className: string

    Returns boolean

Static putModuleInitializationBreakpoint

  • putModuleInitializationBreakpoint(moduleName: string): boolean

  • Put a native module initialization breakpoint

    putModuleInitializationBreakpoint('libtarget.so');

    Parameters

    • moduleName: string

    Returns boolean

Static putWatchpoint

  • putWatchpoint(address: any, flags: string, callback?: Function): Watchpoint

  • Put a watchpoint on the given address

    putWatchpoint(0x1000, 'r');

var target = findExport('memcpy');
Interceptor.attach(target, {
    onLeave: function(ret) {
        putWatchpoint(this.context.x0, 'rw', function() {
           log(backtrace(this.context));
        });
    }
});

    Parameters

    • address: any
    • flags: string
    • Optional callback: Function

    Returns Watchpoint

Static readBytes

  • readBytes(address: any, length: any): any[] | ArrayBuffer

  • A shortcut for safely reading from memory

    Parameters

    • address: any
    • length: any

    Returns any[] | ArrayBuffer

    an ArrayBuffer of the given length filled with data starting from target address

Static readPointer

  • readPointer(pt: any): NativePointer

  • Parameters

    • pt: any

    Returns NativePointer

    a pointer from the given address

Static readString

  • readString(address: any, length?: any): string

  • A shortcut and secure way to read a string from a pointer with frida on any os

    Parameters

    • address: any
    • Optional length: any

    Returns string

    the string pointed by address until termination or optional length

Static releaseFromJs

  • releaseFromJs(tid: any): void

  • resume the execution of the given thread id

    Parameters

    • tid: any

    Returns void

Static removeBreakpoint

  • removeBreakpoint(address_or_class: any): boolean

  • Remove a breakpoint on address_or_class

    Parameters

    • address_or_class: any

    Returns boolean

    a boolean indicating if removal was successful

Static removeJavaClassInitializationBreakpoint

  • removeJavaClassInitializationBreakpoint(moduleName: string): boolean

  • Remove a java class initialization breakpoint on moduleName

    Parameters

    • moduleName: string

    Returns boolean

    a boolean indicating if removal was successful

Static removeModuleInitializationBreakpoint

  • removeModuleInitializationBreakpoint(moduleName: string): boolean

  • Remove a module initialization breakpoint on moduleName

    Parameters

    • moduleName: string

    Returns boolean

    a boolean indicating if removal was successful

Static removeWatchpoint

  • removeWatchpoint(address: any): boolean

  • Remove a watchpoint on the given address

    Parameters

    • address: any

    Returns boolean

    a boolean indicating if removal was successful

Static restart

  • restart(): boolean

  • Restart the application

    Android only

    Returns boolean

Static setData

  • setData(key: any, data: any): void

  • Send whatever to the data panel

    var sendCount = 0;
Interceptor.attach(findExport('send'), function() {
    setData(sendCount + '', this.context.x1.readByteArray(parseInt(this.context.x2)))
    sendCount++;
});

    Parameters

    • key: any
    • data: any

    Returns void

Static startJavaTracer

  • startJavaTracer(classes: string[], callback: Function): boolean

  • Start the java tracer on the given classes

    Parameters

    • classes: string[]
    • callback: Function

    Returns boolean

Static startNativeTracer

  • startNativeTracer(callback: any): boolean

  • Start the native tracer on the current thread

    startNativeTracer(function() {
    log('===============');
    log(this.instruction);
    log(this.context);
    log('===============');
    if (shouldStopTracer) {
        this.stop();
    }
});

    Parameters

    • callback: any

    Returns boolean

Static stopJavaTracer

  • stopJavaTracer(): boolean

  • Stop the java tracer

    Returns boolean

Static strace

  • strace(callback: any): boolean

  • start strace

    Parameters

    • callback: any

    Returns boolean

Static writeBytes

  • writeBytes(address: any, what: string | ArrayBuffer): boolean

  • Write the given hex string or ArrayBuffer into the given address

    Parameters

    • address: any
    • what: string | ArrayBuffer

    Returns boolean