Awesome
frida-trace
Trace APIs declaratively through Frida.
Example
import trace from 'frida-trace';
const func = trace.func;
const argIn = trace.argIn;
const argOut = trace.argOut;
const retval = trace.retval;
const types = trace.types;
const pointer = types.pointer;
const INT = types.INT;
const POINTER = types.POINTER;
const UTF8 = types.UTF8;
trace({
module: 'libsqlite3.dylib',
functions: [
func('sqlite3_open', retval(INT), [
argIn('filename', UTF8),
argOut('ppDb', pointer(POINTER), when('result', isZero)),
]),
func('sqlite3_prepare_v2', retval(INT), [
argIn('db', POINTER),
argIn('zSql', [UTF8, bind('length', 'nByte')]),
argIn('nByte', INT),
argOut('ppStmt', pointer(POINTER), when('result', isZero)),
])
],
callbacks: {
onEvent(event) {
console.log('onEvent! ' + JSON.stringify(event, null, 2));
},
onEnter(event, context) {
event.trace = Thread.backtrace(context)
.map(DebugSymbol.fromAddress)
.filter(x => x.name);
},
onError(e) {
console.error(e);
}
}
});
function isZero(value) {
return value === 0;
}
Auto-generating boilerplate from header files
$ ./bin/parse-header.js /usr/include/sqlite3.h | ./bin/generate-boilerplate.js
trace({
module: 'libfoo.dylib',
functions: [
func('sqlite3_libversion', retval(UTF8), []),
func('sqlite3_sourceid', retval(UTF8), []),
func('sqlite3_libversion_number', retval(INT), []),
func('sqlite3_compileoption_used', retval(INT), [
argIn('zOptName', UTF8)
]),
func('sqlite3_compileoption_get', retval(UTF8), [
argIn('N', INT)
]),
func('sqlite3_threadsafe', retval(INT), []),
func('sqlite3_close', retval(INT), [
argIn('a1', POINTER)
]),
func('sqlite3_close_v2', retval(INT), [
argIn('a1', POINTER)
]),
func('sqlite3_exec', retval(INT), [
argIn('a1', POINTER),
argIn('sql', UTF8),
argIn('callback', POINTER),
argIn('a4', POINTER),
argOut('errmsg', pointer(POINTER), when('result', isZero))
]),
...