以Process分析js對(duì)象的初始化

frida-gum 雖然功能強(qiáng)大,但由于使用了 C 語(yǔ)言的接口,擴(kuò)展開(kāi)發(fā)不方便,因此frida 使用 JavaScript 作為編寫(xiě) hook 的語(yǔ)言,底層使用quickjs和v8封裝。

image.png

相關(guān)文件

  • frida-gum/bindings/gumjs/runtime/core.js
  • frida-gum/bindings/gumjs/gumv8process.cpp

代碼

void
_gum_v8_process_init (GumV8Process * self,
                      GumV8Module * module,
                      GumV8Core * core,
                      Local<ObjectTemplate> scope)
{
  auto isolate = core->isolate;

  self->module = module;
  self->core = core;

  auto process = _gum_v8_create_module ("Process", scope, isolate);
  process->Set (_gum_v8_string_new_ascii (isolate, "id"),
      Number::New (isolate, gum_process_get_id ()), ReadOnly);
  process->Set (_gum_v8_string_new_ascii (isolate, "arch"),
      String::NewFromUtf8Literal (isolate, GUM_SCRIPT_ARCH), ReadOnly);
  process->Set (_gum_v8_string_new_ascii (isolate, "platform"),
      String::NewFromUtf8Literal (isolate, GUM_SCRIPT_PLATFORM), ReadOnly);
  process->Set (_gum_v8_string_new_ascii (isolate, "pageSize"),
      Number::New (isolate, gum_query_page_size ()), ReadOnly);
  process->Set (_gum_v8_string_new_ascii (isolate, "pointerSize"),
      Number::New (isolate, GLIB_SIZEOF_VOID_P), ReadOnly);
  process->Set (_gum_v8_string_new_ascii (isolate, "codeSigningPolicy"),
      String::NewFromUtf8 (isolate, gum_code_signing_policy_to_string (
      gum_process_get_code_signing_policy ())).ToLocalChecked (), ReadOnly);
  _gum_v8_module_add (External::New (isolate, self), process,
      gumjs_process_functions, isolate);
}


static const GumV8Function gumjs_process_functions[] =
{
  { "getCurrentDir", gumjs_process_get_current_dir },
  { "getHomeDir", gumjs_process_get_home_dir },
  { "getTmpDir", gumjs_process_get_tmp_dir },
  { "isDebuggerAttached", gumjs_process_is_debugger_attached },
  { "getCurrentThreadId", gumjs_process_get_current_thread_id },
  { "_enumerateThreads", gumjs_process_enumerate_threads },
  { "findModuleByName", gumjs_process_find_module_by_name },
  { "_enumerateModules", gumjs_process_enumerate_modules },
  { "_enumerateRanges", gumjs_process_enumerate_ranges },
  { "enumerateSystemRanges", gumjs_process_enumerate_system_ranges },
  { "_enumerateMallocRanges", gumjs_process_enumerate_malloc_ranges },
  { "setExceptionHandler", gumjs_process_set_exception_handler },

  { NULL, NULL }
};


makeEnumerateApi(Process, 'enumerateThreads', 0);
makeEnumerateApi(Process, 'enumerateModules', 0);
makeEnumerateRanges(Process);
makeEnumerateApi(Process, 'enumerateMallocRanges', 0);

Object.defineProperties(Process, {
  findModuleByAddress: {
    enumerable: true,
    value: function (address) {
      let module = null;
      Process._enumerateModules({
        onMatch(m) {
          const base = m.base;
          if (base.compare(address) <= 0 && base.add(m.size).compare(address) > 0) {
            module = m;
            return 'stop';
          }
        },
        onComplete() {
        }
      });
      return module;
    }
  },
  getModuleByAddress: {
    enumerable: true,
    value: function (address) {
      const module = Process.findModuleByAddress(address);
      if (module === null)
        throw new Error('unable to find module containing ' + address);
      return module;
    }
  },
  getModuleByName: {
    enumerable: true,
    value: function (name) {
      const module = Process.findModuleByName(name);
      if (module === null)
        throw new Error("unable to find module '" + name + "'");
      return module;
    }
  },
  getRangeByAddress: {
    enumerable: true,
    value: function (address) {
      const range = Process.findRangeByAddress(address);
      if (range === null)
        throw new Error('unable to find range containing ' + address);
      return range;
    }
  },
});

if (Process.findRangeByAddress === undefined) {
  Object.defineProperty(Process, 'findRangeByAddress', {
    enumerable: true,
    value: function (address) {
      let range = null;
      Process._enumerateRanges('---', {
        onMatch(r) {
          const base = r.base;
          if (base.compare(address) <= 0 && base.add(r.size).compare(address) > 0) {
            range = r;
            return 'stop';
          }
        },
        onComplete() {
        }
      });
      return range;
    }
  });
}
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容