[JavaScript] 纯文本查看 复制代码
//"use strict"
console.log("\n");
console.warn("Frida.version = " + Frida.version);
console.log("Frida.heapSize = " + Frida.heapSize);
console.warn("Process.arch = " + Process.arch);
console.warn("Process.platform = " + Process.platform);
console.log("Process.pointerSize = " + Process.pointerSize);
console.log("\n");
console.error(" 这是一个 Frida VEH 010 Editor 的牛逼示例")
console.error(" pip3 install frida frida-tools -i [url=https://pypi.tuna.tsinghua.edu.cn/simple]https://pypi.tuna.tsinghua.edu.cn/simple[/url] ");
console.error(" frida -f 010Editor.exe -l ./frida-veh-010-bs.js --no-pause ");
//
if (Process.platform == "windows" && Process.arch == "x64") {
console.warn("\n", "Coming soon :) ", "\n");
} else if (Process.platform == "windows" && Process.arch == "ia32") {
//
var editor = Process.findModuleByName("010Editor.exe");
console.log("010 editor base: ", editor.base, typeof (editor.base));
var sub_patchaddr = editor.base.add(0x31f7fa);
console.log("010 editor VA: ", sub_patchaddr, typeof (sub_patchaddr));
var buf = Memory.readByteArray(sub_patchaddr, 16);
const cc_origin = Memory.readU8(sub_patchaddr);
console.log("cc_origin: ", cc_origin, typeof (cc_origin));
console.log(hexdump(sub_patchaddr, { offset: 0, length: 32, header: true, ansi: true }));
// VEH
Process.setExceptionHandler(function (details) {
console.log("\n", "setExceptionHandler ==> address: ", details.address);
console.error(JSON.stringify(details));
console.warn("RVA: ", details.address.sub(editor.base));
//
console.log("eip[0]: " + ptr(Memory.readU8(details.context.eip)));
// restore
//Memory.writeU8(sub_patchaddr, 0x55);
Memory.writeU8(sub_patchaddr, cc_origin);
console.warn("eip[0]: " + ptr(Memory.readU8(details.context.eip)));
console.log("eip: ", details.context.eip);
console.log("pc: ", details.context.pc);
console.log("eax: ", details.context.eax);
//
details.context.eax = 0xDB;
details.context.eip = ptr(details.context.eip).add(0x7);
console.warn("eax: ", details.context.eax);
console.warn("eip: ", details.context.eip);
console.warn("pc: ", details.context.pc);
// int3 0xCC
Memory.protect(sub_patchaddr, 1, 'rwx');
Memory.writeU8(sub_patchaddr, 0xcc);
return true;
});
// int3 0xCC
Memory.protect(sub_patchaddr, 1, 'rwx');
Memory.writeU8(sub_patchaddr, 0xcc);
} else {
console.warn("\n", "This platform and architecture are not supported :( ", "\n");
}