StackOverflowExcept1on/function-interceptor
GitHub: StackOverflowExcept1on/function-interceptor
基于 funchook 和 frida 的跨平台函数拦截演示项目,展示了运行时挂钩目标函数并修改其行为的方法。
Stars: 0 | Forks: 1
### 函数拦截器
[](https://github.com/StackOverflowExcept1on/function-interceptor/actions/workflows/ci.yml)
本项目演示了如何通过 [funchook](https://github.com/StackOverflowExcept1on/funchook) 库挂钩函数
### 环境要求
- g++ / msvc 编译器
- cmake
- python3
- frida: https://frida.re
### 准备 (Linux)
```
# 安装 dependencies
pip install frida
# 为 frida 更改 ptrace_scope
sudo sysctl kernel.yama.ptrace_scope=0
# 构建 c++ 项目
./build.sh
```
### 准备 (Windows)
```
REM install dependencies
pip install frida
REM build c++ project
build.bat
```
### 运行 (Linux)
```
# 运行程序(假设在不同的终端中)
LD_LIBRARY_PATH=./build/bin ./build/bin/program
# 将 `./build/bin/libhook.so` attach 到 `$(pidof program)`
./scripts/loader.py $(pidof program) ./build/bin/libhook.so
```
### 运行 (Windows)
```
REM run program (it is assumed that in different terminals)
.\build\bin\program.exe
REM find the PID
frida-ps
REM attach .\build\bin\hook.dll to PID
python .\scripts\loader.py PID .\build\bin\hook.dll
```
### 输出
```
exampleFunction(a=1, b=2, c=3)
ret = 48
handle = 0x7f79317921e0
exampleFunction_original = 0x7f793178e120
[+] done
exampleFunction(a=1, b=2, c=3)
[+] org ret = 48
[+] exampleFunction_hook(a=1, b=2, c=3)
ret = 42
```
标签:Bash脚本, C++, Docker支持, Frida, 函数Hook, 动态注入, 数据擦除, 系统底层, 逆向工具