Frida的js通用函数
objcArgsToArgArray
/* Convert args to real Javascript Array
Note:
Interceptor.attach onEnter(args), args is not real JS array -> later operation will fail
args.slice(2)
Array.from(args)
-> so need here to conver to real Array, then all is OK
*/
function objcArgsToArgArray(args, realArgCount){
var argsArr = Array()
// console.log("initial: argsArr=" + argsArr)
argsArr.push(args[0])
argsArr.push(args[1])
// console.log("add frist two: argsArr=" + argsArr)
for (let curArgIdx = 0; curArgIdx < realArgCount; curArgIdx++) {
const curArg = args[curArgIdx + 2]
argsArr.push(curArg)
}
// console.log("add all args: argsArr=" + argsArr)
return argsArr
}
用法举例:
Interceptor.attach(curMethod.implementation, {
onEnter: function(args) {
const realArgCount = occurrences(funcName, ":")
console.log("realArgCount: " + realArgCount)
args = objcArgsToArgArray(args, realArgCount)
效果:
// 后续针对js的Array的args去操作,就不会报错了
var realArgList = args.slice(2)
详见:
- 【已解决】iOS逆向WhatsApp:Frida的js的函数堆栈打印优化:支持特定函数的特定参数值时打印
- 【已解决】Frida中js去获取Interceptor.attach的onEnter的args时报错:RangeError invalid array index
isValidPointer:判断指针是否有效
- 背景:
- 正常的指针值:
0x194d20320
0x103e79420
0x2831ac880
- 异常的一些指针指:
- 0x0
- 0xc
- 正常的指针值:
代码:
// check pointer is valid or not
// example
// 0x103e79560 => true
// 0xc => false
function isValidPointer(curPtr){
let MinValidPointer = 0x10000
var isValid = curPtr > MinValidPointer
return isValid
}
用法举例:
console.log(isValidPointer(0xc))
输出:
false