From 12f71ba58e181811c9de87ba42679bbf485d921a Mon Sep 17 00:00:00 2001
From: Knine <nothing@qq.com>
Date: Wed, 13 Mar 2024 21:22:58 +0800
Subject: [PATCH] =?UTF-8?q?frida-node=E6=B5=8B=E8=AF=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 course/frida/03_frida-node/foo/main.js | 67 ++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 course/frida/03_frida-node/foo/main.js

diff --git a/course/frida/03_frida-node/foo/main.js b/course/frida/03_frida-node/foo/main.js
new file mode 100644
index 0000000..84a6462
--- /dev/null
+++ b/course/frida/03_frida-node/foo/main.js
@@ -0,0 +1,67 @@
+// node main.js MyTestMFC-vcpkg.exe
+import frida from "frida";
+
+
+// 消息通知处理函数
+function onMessage(message, data) {
+  if (message.type === 'send') {
+      console.log('[*] ', message.payload);
+  } else if (message.type === 'error') {
+      console.error(message.stack);
+  }
+}
+
+async function 获取进程ID() {
+  let exeName = process.argv[2]
+  console.log("exeName:", exeName)
+  
+  var device = await frida.getLocalDevice();
+  var processes = await device.enumerateProcesses();  // 尽量使用管理员权限执行脚本。
+  var pid = -1;
+  processes.forEach(async (p_) => {
+    // console.log(p_.name, p_.pid, p_);
+    if (p_.name == exeName) {
+      // 找到第一个就是
+      if (pid == -1) {
+        pid = p_.pid;
+      }
+    }
+  });
+  console.log("主进程 pid = " + pid);
+
+  return pid;
+}
+
+async function 获取注入脚本() {
+  return `
+  console.log("开始注入脚本");
+
+  // 获取MessageBoxA地址
+  const funcAddr = Module.findExportByName('user32.dll', 'MessageBoxA')
+  // hook MessageBoxA
+  Interceptor.attach(funcAddr, {
+    // 进入函数前打印第一个参数（从0开始计算，第0个参数为句柄）
+    onEnter(args) {
+      send("HOOK MessageBoxA args[1] = " + args[1].readAnsiString())
+      send("HOOK MessageBoxA args[2] = " + args[2].readAnsiString())
+    }
+  });
+`
+}
+
+async function main() {
+  let jsSource = await 获取注入脚本()
+  const pid = await 获取进程ID();
+  if (pid == -1) {
+    return -1;
+  }
+
+  let session = await frida.attach(pid);
+  let script = await session.createScript(jsSource);
+  script.message.connect(onMessage);
+  await script.load();
+}
+
+main().catch(error => {
+    console.error(error);
+});
-- 
GitLab