Page 2 of 2 FirstFirst 12
Results 16 to 19 of 19

Thread: [ New Tool ] Frida

  1. #16
    @blabberer Yes, sorry

  2. #17
    @Aimless @blabberer

    By the way, here's an example C# app that spawns "notepad.exe" and traces the main thread from its first instruction:

    http://build.frida.re/frida/windows/examples/Stalker-20140630-bin.exe
    (Requires .NET 4.5 to run. Note that I put "agent.js", which is the script injected into "notepad.exe", next to the binary to make it easy to edit, but this could obviously be baked into the binary.)

    http://build.frida.re/frida/windows/examples/Stalker-20140630-src.exe
    (Requires VS2013 to compile, no external dependencies.)

    It was done very quickly so it's still a bit rough, though I hope it sheds some light on how to use Frida for 1). Have a look at the JS API docs at http://www.frida.re/docs/javascript-api/ to understand how "agent.js" works - and especially the "Stalker" section. Note that I used onCallSummary for simplicity, so the function calls made are unordered. You could imagine using this on an app where you exercise different parts of its logic and see which new functions are involved.

    PS: "notepad.exe" seems to get into some kind of waiting state before its GUI is shown. Needs investigation.

  3. #18
    I don't think I can be convinced to use this. It's all in - how would you put it - "Quid Infernum?" territory right now. Read that as too much of a work-in-progress.

    If there is a problem in delivering what I was asking for, a simple example from downloading to the result, it's probably not ready for simplistic folks like me. Of course, for Linux/Unix grandmasters like blabberer (love you blabberer!! you should teach me Windebug) it could be child's play.

    So I'll wait till it matures. Or till you can think up of a simple example.

    I don't want to install Visual Studio <whatever version> just so that I can crack an app, directly or indirectly.

    But like I said before, I think I would be the exception. There would be people who would find this immensely useful. A nod of the hat to you for creating and distributing a free tool. Kudos for that.

    Me? I think I'll go back to IDA.

    Have Phun
    Last edited by Aimless; June 30th, 2014 at 02:32.
    Blame Microsoft, get l337 !!

  4. #19
    Replying way late here, I had a long digression while thinking about this.

    One thing I realized that I probably didn't make very clear, is that Frida isn't meant to replace IDA or other tools. It's only meant to complement them by giving you building blocks from which you're meant to build your own tools for the task at hand. So yeah, a bit niche. On another note, you might be interested in a new tool that I'm hacking on:

    https://github.com/frida/cryptoshark

    Cheers!

Similar Threads

  1. A New Tool...
    By Aimless in forum Tools of Our Trade (TOT) Messageboard
    Replies: 5
    Last Post: September 19th, 2003, 06:43
  2. New Tool: RTA 1.00
    By squidge in forum Tools of Our Trade (TOT) Messageboard
    Replies: 6
    Last Post: January 14th, 2003, 18:52
  3. Tool
    By bLaCk-eye in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: September 22nd, 2002, 12:21
  4. RSA Tool 2 v1.2
    By foxthree in forum RCE Cryptographics
    Replies: 2
    Last Post: April 14th, 2002, 16:19
  5. tE!'s RSA Tool
    By bl00dbath in forum RCE Cryptographics
    Replies: 3
    Last Post: January 29th, 2002, 00:58

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •