-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdump_data.js
53 lines (45 loc) · 1.31 KB
/
dump_data.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
var mod = Process.findModuleByName('libDiag.so');
Interceptor.attach(ptr(parseInt(mod.base)+0x23404+1), {
onEnter: function(args) {
console.log(args[0] + " _ " + args[1] + " _ " + args[2]);
var strBegin = Memory.readPointer(ptr(parseInt(args[2])+0x14));
var strEnd = Memory.readPointer(ptr(parseInt(args[2])+0x10));
var buf = Memory.readByteArray(strBegin, parseInt(strEnd)-parseInt(strBegin));
console.log(hexdump(buf, {
offset: 0,
length: parseInt(strEnd)-parseInt(strBegin),
header: true,
ansi: true
}) + "\n");
},
onLeave: function(retval) {
}
});
Interceptor.attach(ptr(parseInt(mod.base)+0x21CD6+1), {
onEnter: function(args) {
console.log(args[0] + " _ " + args[1] + " _ " + args[2] + " _ " + args[3]);
var buf = Memory.readByteArray(ptr(args[0]), 4);
console.log(hexdump(buf, {
offset: 0,
length: 4,
header: true,
ansi: true
}) + "\n");
buf = Memory.readByteArray(ptr(args[2]), 4);
console.log(hexdump(buf, {
offset: 0,
length: 4,
header: true,
ansi: true
}) + "\n");
},
onLeave: function(retval) {
}
});
//var buf = Memory.readByteArray(ptr(parseInt(mod.base)+0xF53B8), 8);
//console.log(hexdump(buf, {
// offset: 0,
// length: 8,
// header: true,
// ansi: true
//}) + "\n");