Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nowsecure/frida-trace

Trace APIs declaratively through Frida.
https://github.com/nowsecure/frida-trace

frida nowsecure trace

Last synced: 6 days ago
JSON representation

Trace APIs declaratively through Frida.

Host: GitHub
URL: https://github.com/nowsecure/frida-trace
Owner: nowsecure
License: mit
Created: 2016-03-07T20:31:42.000Z (almost 9 years ago)
Default Branch: main
Last Pushed: 2024-01-22T10:37:55.000Z (12 months ago)
Last Synced: 2025-01-05T07:09:50.233Z (13 days ago)
Topics: frida, nowsecure, trace
Language: JavaScript
Homepage:
Size: 635 KB
Stars: 224
Watchers: 11
Forks: 30
Open Issues: 19
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

awesome-iOS-security-tools - frida-trace
awesome-frida - frida-trace - Trace APIs declaratively (Libraries)

README

        # frida-trace

Trace APIs declaratively through [Frida](https://www.frida.re).

## Example

```js

import trace from 'frida-trace';

const func = trace.func;

const argIn = trace.argIn;

const argOut = trace.argOut;

const retval = trace.retval;

const types = trace.types;

const pointer = types.pointer;

const INT = types.INT;

const POINTER = types.POINTER;

const UTF8 = types.UTF8;

trace({

  module: 'libsqlite3.dylib',

  functions: [

    func('sqlite3_open', retval(INT), [

      argIn('filename', UTF8),

      argOut('ppDb', pointer(POINTER), when('result', isZero)),

    ]),

    func('sqlite3_prepare_v2', retval(INT), [

      argIn('db', POINTER),

      argIn('zSql', [UTF8, bind('length', 'nByte')]),

      argIn('nByte', INT),

      argOut('ppStmt', pointer(POINTER), when('result', isZero)),

    ])

  ],

  callbacks: {

    onEvent(event) {

      console.log('onEvent! ' + JSON.stringify(event, null, 2));

    },

    onEnter(event, context) {

      event.trace = Thread.backtrace(context)

        .map(DebugSymbol.fromAddress)

        .filter(x => x.name);

    },

    onError(e) {

      console.error(e);

    }

  }

});

function isZero(value) {

  return value === 0;

}

```

## Auto-generating boilerplate from header files

```sh

$ ./bin/parse-header.js /usr/include/sqlite3.h | ./bin/generate-boilerplate.js

trace({

  module: 'libfoo.dylib',

  functions: [

    func('sqlite3_libversion', retval(UTF8), []),

    func('sqlite3_sourceid', retval(UTF8), []),

    func('sqlite3_libversion_number', retval(INT), []),

    func('sqlite3_compileoption_used', retval(INT), [

      argIn('zOptName', UTF8)

    ]),

    func('sqlite3_compileoption_get', retval(UTF8), [

      argIn('N', INT)

    ]),

    func('sqlite3_threadsafe', retval(INT), []),

    func('sqlite3_close', retval(INT), [

      argIn('a1', POINTER)

    ]),

    func('sqlite3_close_v2', retval(INT), [

      argIn('a1', POINTER)

    ]),

    func('sqlite3_exec', retval(INT), [

      argIn('a1', POINTER),

      argIn('sql', UTF8),

      argIn('callback', POINTER),

      argIn('a4', POINTER),

      argOut('errmsg', pointer(POINTER), when('result', isZero))

    ]),

...

```