-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdumper.js
45 lines (41 loc) · 1.13 KB
/
dumper.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
let lib_name
let identifier
// exports
rpc.exports = {
libinfo: function(name, itf){
lib_name = name
identifier = itf
}
}
// main dumper
let count = 0
function dump() {
// counter
count += 1
if (count !== 1) {
console.log(`[-] Ignored (${count})`)
return
}
// dump lib
let lib = Process.findModuleByName(lib_name);
console.log(`[o] Start dumping ${lib_name}`)
console.log(` ${lib.base} - ${lib.base.add(ptr(lib.size))} / size: ${lib.size}`)
Memory.protect(ptr(lib.base), lib.size, 'rwx');
let dump = new File(`/data/data/${identifier}/files/dump_${lib_name}`, "wb")
let lib_buffer = lib.base.readByteArray(lib.size)
dump.write(lib_buffer)
dump.close()
// send info
send([Process.findModuleByName(lib_name), Process.arch])
}
// Hook lib load
Interceptor.attach(Module.findExportByName(null, 'dlopen'), {
onEnter: function (args) {
this.path = Memory.readUtf8String(args[0]);
},
onLeave: function () {
if (this.path !== null && this.path.includes(lib_name)) {
dump() // target lib loaded
}
}
});