-
Notifications
You must be signed in to change notification settings - Fork 3
/
mem_locate.js
70 lines (57 loc) · 2.25 KB
/
mem_locate.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
var baseAddress = Module.findBaseAddress("libname.so");
var libname = "libname";
var container = {};
Interceptor.attach(Module.findExportByName("libc.so", "malloc"), {
onEnter: function (args) {
if (Process.findModuleByAddress(this.returnAddress).name.startsWith(libname)) {
this.info = { "size": this.context.x0, "ret_addr": this.returnAddress.sub(baseAddress) };
}
else {
this.info = null;
}
},
onLeave: function (retval) {
if (this.info) {
container[retval] = this.info;
// console.log(`${JSON.stringify(container[retval])}`);
}
}
});
Interceptor.attach(Module.findExportByName("libc.so", "realloc"), {
onEnter: function (args) {
if (Process.findModuleByAddress(this.returnAddress).name.startsWith(libname)) {
if (container[this.context.x0] != null) {
var info = container[this.context.x0];
//console.log(`${info.ret_addr} => ${args[0].readByteArray(parseInt(info.size, 16))}`);
console.log(`${JSON.stringify(info)}`);
console.log(args[0].readByteArray(parseInt(info.size, 16)));
console.log(args[0].readCString());
console.log();
}
this.info = { "size": this.context.x1, "ret_addr": this.returnAddress.sub(baseAddress) };
}
else {
this.info = null;
}
},
onLeave: function (retval) {
if (this.info) {
container[retval] = this.info;
// console.log(`${JSON.stringify(container[retval])}`);
}
}
});
Interceptor.attach(Module.findExportByName("libc.so", "free"), {
onEnter: function (args) {
if (Process.findModuleByAddress(this.returnAddress).name.startsWith(libname)) {
if (container[this.context.x0] != null) {
var info = container[this.context.x0];
//console.log(`${info.ret_addr} => ${args[0].readByteArray(parseInt(info.size, 16))}`);
console.log(`${JSON.stringify(info)}`);
console.log(args[0].readByteArray(parseInt(info.size, 16)));
console.log(args[0].readCString());
console.log();
}
}
},
});