-
-
Notifications
You must be signed in to change notification settings - Fork 111
/
FunctionCalled.js
55 lines (54 loc) · 2.15 KB
/
FunctionCalled.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
var Location = "libEpic_Vm.so";
var FileLoaded = 0;
Interceptor.attach(Module.findExportByName(null, 'android_dlopen_ext'), {
onEnter: function(args) {
var library_path = Memory.readCString(args[0])
if (library_path.indexOf(Location) >= 0) {
console.warn("Loading library : " + library_path)
FileLoaded = 1;
}
},
onLeave: function(retVal) {
if (FileLoaded == 1) {
var LibBase = Module.findBaseAddress(Location);
var JNIAddr = Module.findExportByName(Location, 'JNI_OnLoad');
Interceptor.attach(JNIAddr, {
onEnter: function(args) {
Stalker.follow({
events: {
call: true,
ret: false,
exec: false,
block: false,
compile: false
},
onReceive: function(events) {
var calls = Stalker.parse(events, {
annotate: true,
});
for (var i = 0; i < calls.length; i++) {
var call = calls[i];
if (call[0] !== 'call') break;
if (getModuleInfoByName(call[2]) == Location) {
Check = call[2].sub(LibBase);
}
try {
console.log((' '.repeat(call[3] * 2)) + '↳ calling ' + getModuleInfoByName(call[2]), call[2]);
}catch(e){ console.error(e)}
}
},
})
},
onLeave: function(ret_val) {
Stalker.unfollow();
}
});
}
}
})
function getModuleInfoByName(fnPtr) {
if (fnPtr != null) {
var ModName = Process.getModuleByAddress(fnPtr).name;
return ModName;
}
}