{"id":13641200,"url":"https://github.com/davuxcom/frida-scripts","last_synced_at":"2025-10-27T21:30:41.922Z","repository":{"id":72553750,"uuid":"129847959","full_name":"davuxcom/frida-scripts","owner":"davuxcom","description":"Inject JS and C# into Windows apps, call COM and WinRT APIs","archived":false,"fork":false,"pushed_at":"2019-07-29T04:53:03.000Z","size":259,"stargazers_count":94,"open_issues_count":2,"forks_count":17,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-02-01T08:23:39.383Z","etag":null,"topics":["com","framework","frida","frida-javascript","hooking","win32","win32api","win32com","windows","windows10","winrt"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/davuxcom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-04-17T04:54:06.000Z","updated_at":"2025-01-21T09:04:50.000Z","dependencies_parsed_at":"2023-05-24T13:00:06.715Z","dependency_job_id":null,"html_url":"https://github.com/davuxcom/frida-scripts","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davuxcom%2Ffrida-scripts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davuxcom%2Ffrida-scripts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davuxcom%2Ffrida-scripts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davuxcom%2Ffrida-scripts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davuxcom","download_url":"https://codeload.github.com/davuxcom/frida-scripts/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238560620,"owners_count":19492559,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["com","framework","frida","frida-javascript","hooking","win32","win32api","win32com","windows","windows10","winrt"],"created_at":"2024-08-02T01:01:18.739Z","updated_at":"2025-10-27T21:30:41.601Z","avatar_url":"https://github.com/davuxcom.png","language":"JavaScript","readme":"# Frida scripts for Windows application hooking\nThis repository contains scripts for working with [Frida](https://www.frida.re/docs/home/) on Windows.  The objective of Frida scripts is to inject into a third-party target process and modify behavior.\n\nScripts are provided for interacting with COM, WinRT and .NET APIs directly from javascript Frida scripts.\n\n- Learn more about [Frida](https://www.frida.re/docs/home/), a dynamic code instrumentation toolkit.\n- Install Frida `npm install -g frida frida-compile`\n- Review the [Frida JavaScript API](https://www.frida.re/docs/javascript-api), which provides access to native functions and memory manipulation.  Scripts here are based on this API.\n\n### Introduction to Frida scripts on Windows\nThe workflow is this:\n- A target app is running on the machine\n- A crafted javascript file (the script) compiled using `frida-compile`, merging in common resources.\n- The script is attached and injected into the target (e.g. `frida -p 1234 -l myscript.compiled.js`)\n- A custom set of instructions in the script manipulate memory in the target using Frida APIs, as well as higher level APIs like com.js and dotnet.js to call more complex APIs (e.g. opening a named pipe or streaming data to a log file)\n- The target app and script both operate concurrently from the process space of the target\n\n#### Example: attach to a running process\nWe attach to a running instance of notepad by looking in task manager for the `PID` (say `1447` in this case):\n\n```\nfrida -p 1447 -l myscript.compiled.js\n```\n\nFrida will then start and attach to the target:\n\n```\n     ____\n    / _  |   Frida 11.0.12 - A world-class dynamic instrumentation toolkit\n   | (_| |\n    \u003e _  |   Commands:\n   /_/ |_|       help      -\u003e Displays the help system\n   . . . .       object?   -\u003e Display information about 'object'\n   . . . .       exit/quit -\u003e Exit\n   . . . .\n   . . . .   More info at http://www.frida.re/docs/home/\nAttaching...\n\n[Local::PID::1447]-\u003e\n\n```\n\nAt this point as long as no errors are present in the output, the script is attached and ready to go. Scripts in this repository usualy print `Begin` or `Ready` to signal the script is actually loaded. If frida quits, there may be a parse error in the script.\n\n- The [Frida](https://www.frida.re/docs/home/) console has commands and features, but we don't need to use it for scripts here.\n- You can also launch and attach to processes using other methods.\n\n## Script: Replace SHBrowseForFolder with IFileDialog (COM)\n[Fix-SHBrowseForFolder](./Fix-SHBrowseForFolder) replaces the legacy folder dialog with the modern new dialog, enabling path entry.\n\n![Legacy SHBrowseForFolder IFileDialog selection dialog](./Fix-SHBrowseForFolder/gfx/dialogs.png)\n\n(Left) Legacy SHBrowseForFolder dialog, (Right) modern IFileDialog dialog.\n\n#### [View and install Fix-SHBrowseForFolder script](./Fix-SHBrowseForFolder)\n\n## Script: Assign a unique taskbar identity (.NET \u0026 COM)\nGroup a specific window differently on the taskbar by assigning a unique identity:\n\n![Taskbar showing two notepad buttons](./Fix-TaskbarIdentity/gfx/taskbar.png)\n\n#### [View and install Fix-TaskbarIdentity script](./Fix-TaskbarIdentity)\n\n## Script: Un-fullscreen XboxApp (WinRT)\nUndo fullscreen when a modern app attempts to enter fullscreen mode.  Hook WinRT API.\n\n#### [View and install Fix-XboxAppGoesFullscreen script](./Fix-XboxAppGoesFullscreen)\n\n## Test suite: Validate DotNetBridge\nVerify that DotNetBridge is working properly by exercising calling .net APIs from the system and a locally compiled library.\n\n#### [View and install Test-DotNetBridge script](./Test-DotNetBridge)\n\n## Test suite: Validate WinRT\nVerify WinRT APIs are working.\n\n#### [View and install Test-WinRT script](./Test-WinRT)\n\n## Common scripts\n\n### [Learn more about common scripts](./common)\n\n#### COM Example\nDefine a COM or WinRT interface:\n```js\nvar CLSID_FileOpenDialog = GUID.alloc(\"DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7\");\nvar IFileDialog = new COM.Interface(COM.IUnknown, {\n\tShow: [0, ['uint']],\n\tSetOptions: [6, ['uint']],\n\tGetResult: [17, ['pointer']],\n}, \"42f85136-db7e-439c-85f1-e4075d135fc8\");\n```\nEach entry value is an ordinal in the interface vtable and a set of function argument types.\n\nCreate an object and work with the resulting COM interfaces:\n```js\nCOM.Initialize(COM.ApartmentType.STA);\n\nvar modalWindow = COM.CreateInstance(CLSID_FileOpenDialog, COM.ClassContext.InProc, IFileDialog);\nmodalWindow.SetOptions(FOS_PICKFOLDERS);\nmodalWindow.Show(browseinfo.hwndOwner);\n\nvar shellItem = new COM.Pointer(IShellItem);\nCOM.ThrowIfFailed(modalWindow.GetResult(shellItem.GetAddressOf()));\n\nvar pidl = Memory.alloc(Process.pointerSize);\nCOM.ThrowIfFailed(SHGetIDListFromObject(shellItem.Get(), pidl));\n```\n\n#### DotNet Example\nCall .NET APIs directly from javascript.\n```js\nconst CLR = require(\"../common/dotnet\");\nconst System = new CLR.Namespace(\"System\");\nSystem.IO.File.WriteAllText(path, \"log data\");\n```\n\n#### Struct Example\nCreate a [BROWSEINFOW](https://docs.microsoft.com/en-us/windows/win32/api/shlobj_core/ns-shlobj_core-browseinfow) struct at `browseinfoPtr`:\n```js\nvar browseinfo = new Struct({\n    'hwndOwner':'int',\n    'pidlRoot':'pointer',\n    'pszDisplayName':'pointer',\n    'lpszTitle':'pointer',\n    'ulFlags':'uint',\n    'lpfn':'pointer',\n    'lParam':'long',\n    'iImage':'int',\n}, browseinfoPtr);\n```\n\nThen read or write as object properties:\n```js\nconsole.log(\"Flags: 0x\" + browseinfo.ulFlags.toString(16));\n```","funding_links":[],"categories":["Projects","JavaScript"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavuxcom%2Ffrida-scripts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavuxcom%2Ffrida-scripts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavuxcom%2Ffrida-scripts/lists"}