Search code examples
androidshared-librarieshookfrida

how can i use inject my own so by frida when there is a string type?

i hooked the native function dlopen in libc.so,and i want to use it.i find i need to new a nativefunction and set the arguments type like this:

  1. new NativeFunction (address,returntype,[...,abi]) and the native function like this:
  2. void* dlopen(const char*,int ) i donot know how to choose the type to match const char*,i write this :
  3. var fun=new NativeFunction(_dlopen,'pointer',['pointer','int']) and my so's path is '/data/local/tmp/***.so' so i write this:
  4. var str='/data/local/tmp/***.so'
  5. fun(str,1)

but the console gives me an error that :

invalid argument value at /[5] what should i do ? can someone help me ?

Solution

  • You can use Module.load https://frida.re/docs/javascript-api/#module-load

    If you want to inject a module instead of another module you can do something like this

            Interceptor.attach(Module.findExportByName(null, "dlopen"), {
            onEnter: function(args) {
                if ( args[0].readUtf8String().includes(excludeModuleName) ) {
                  Module.load('/data/local/tmp/custom.so');
                  // now we need to fail the original dlopen
                  // we can do something like this.. or replace the return value..
                  // maybe later i'll edit with a better solution ;)
                  args[0].writeUtf8String('...');
                }
            }
        });

    To answer your question in comment

    how do i start my function in the so injected by frida?is there some methods?

    Module.load('/data/local/tmp/a');
var func_ptr = Module.findExportByName('a', 'function_name');
// wrap with NativeFunction(pointer, return_value, [list_of_arguments])
// lets assume your function gets a string and an int
// function_name(string a1, int a2)
var f = new NativeFunction(func_ptr, 'pointer', ['pointer', 'int']);
// invoking the fuction
f(Memory.allocUtf8String("abcd"), 3);