-
Notifications
You must be signed in to change notification settings - Fork 34
/
Copy pathagent.c
42 lines (31 loc) · 1.11 KB
/
agent.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#include <fcntl.h>
#include <frida-gum.h>
static int replacement_open (const char * path, int oflag, ...);
void
example_agent_main (const gchar * data, gboolean * stay_resident)
{
GumInterceptor * interceptor;
/* We don't want to our library to be unloaded after we return. */
*stay_resident = TRUE;
gum_init_embedded ();
g_printerr ("example_agent_main()\n");
interceptor = gum_interceptor_obtain ();
/* Transactions are optional but improve performance with multiple hooks. */
gum_interceptor_begin_transaction (interceptor);
gum_interceptor_replace (interceptor,
(gpointer) gum_module_find_export_by_name (NULL, "open"), replacement_open, NULL);
/*
* ^
* |
* This is using replace(), but there's also attach() which can be used to hook
* functions without any knowledge of argument types, calling convention, etc.
* It can even be used to put a probe in the middle of a function.
*/
gum_interceptor_end_transaction (interceptor);
}
static int
replacement_open (const char * path, int oflag, ...)
{
g_printerr ("open(\"%s\", 0x%x)\n", path, oflag);
return open (path, oflag);
}