forked from Kairos-T/Malware-Analysis-Toolkit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dynamic_analysis.js
65 lines (57 loc) · 2.13 KB
/
dynamic_analysis.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
function performDynamicAnalysis() {
Interceptor.attach(Module.findExportByName(null, "function_name"), {
onEnter: function (args) {
var arg1 = args[0].toInt32();
var arg2 = args[1].toInt32();
// Log the function arguments
send("Function arguments - arg1: " + arg1 + ", arg2: " + arg2);
},
onLeave: function (retval) {
// Log the return value
send("Function return value: " + retval.toInt32());
}
});
Interceptor.attach(ptr("address_to_hook"), {
onRead: function (access, address, size) {
// Log the memory read operation
send("Memory Read - Address: " + address + ", Size: " + size);
},
onWrite: function (access, address, size) {
// Log the memory write operation
send("Memory Write - Address: " + address + ", Size: " + size);
}
});
Interceptor.attach(Module.findExportByName(null, "api_function_name"), {
onEnter: function (args) {
// Log the API function name and arguments
send("API Call - Function: " + this.functionName + ", Arg1: " + args[0].toInt32());
},
onLeave: function (retval) {
// Log the return value of the API function
send("API Return Value: " + retval.toInt32());
}
});
Stalker.follow(Process.getCurrentThreadId(), {
events: {
call: true, // Log function calls
ret: true, // Log function returns
exec: true // Log instruction execution
},
onReceive: function (events) {
// Log the events received from Stalker
for (var i = 0; i < events.length; i++) {
var event = events[i];
var type = event[0];
var address = event[1];
if (type === "call") {
send("Function call - Address: " + address);
} else if (type === "ret") {
send("Function return - Address: " + address);
} else if (type === "exec") {
send("Instruction execution - Address: " + address);
}
}
}
});
}
performDynamicAnalysis();