frida-node测试

course/frida/03_frida-node/foo/main.js

+// node main.js MyTestMFC-vcpkg.exe
+import frida from "frida";
+
+
+// 消息通知处理函数
+function onMessage(message, data) {
+  if (message.type === 'send') {
+      console.log('[*] ', message.payload);
+  } else if (message.type === 'error') {
+      console.error(message.stack);
+  }
+}
+
+async function 获取进程ID() {
+  let exeName = process.argv[2]
+  console.log("exeName:", exeName)
+  
+  var device = await frida.getLocalDevice();
+  var processes = await device.enumerateProcesses();  // 尽量使用管理员权限执行脚本。
+  var pid = -1;
+  processes.forEach(async (p_) => {
+    // console.log(p_.name, p_.pid, p_);
+    if (p_.name == exeName) {
+      // 找到第一个就是
+      if (pid == -1) {
+        pid = p_.pid;
+      }
+    }
+  });
+  console.log("主进程 pid = " + pid);
+
+  return pid;
+}
+
+async function 获取注入脚本() {
+  return `
+  console.log("开始注入脚本");
+
+  // 获取MessageBoxA地址
+  const funcAddr = Module.findExportByName('user32.dll', 'MessageBoxA')
+  // hook MessageBoxA
+  Interceptor.attach(funcAddr, {
+    // 进入函数前打印第一个参数（从0开始计算，第0个参数为句柄）
+    onEnter(args) {
+      send("HOOK MessageBoxA args[1] = " + args[1].readAnsiString())
+      send("HOOK MessageBoxA args[2] = " + args[2].readAnsiString())
+    }
+  });
+`
+}
+
+async function main() {
+  let jsSource = await 获取注入脚本()
+  const pid = await 获取进程ID();
+  if (pid == -1) {
+    return -1;
+  }
+
+  let session = await frida.attach(pid);
+  let script = await session.createScript(jsSource);
+  script.message.connect(onMessage);
+  await script.load();
+}
+
+main().catch(error => {
+    console.error(error);
+});