-
Notifications
You must be signed in to change notification settings - Fork 5
/
frida-dump.py
61 lines (43 loc) · 1.42 KB
/
frida-dump.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/usr/bin/python
# -*- coding: utf-8 -*-
"""frida-dump
Tool to dump process memory matching a given PROTECTION (by default rw-),
useful to obtain memory sections or calling it at will from a script.
"""
__author__ = 'Fernando Urbano'
__version__ = '2020.12.1'
__contact__ = '[email protected]'
import os
import sys
import frida
PROTECTION = 'rw-'
def on_message(message, data):
print("[%s] => %s" % (message, data))
def main(target_process):
session = frida.attach(target_process)
with open('_agent.js', 'r') as agent_script:
contents = agent_script.read()
script = session.create_script(contents)
script.on('message', on_message)
if not script:
print('Could not load _agent.js script.')
sys.exit(1)
script.on('message', on_message)
script.load()
try:
script.exports.dump_process_memory(PROTECTION)
except frida.InvalidOperationError:
print('InvalidOperationError: Process is not running anymore.')
session.detach()
if __name__ == '__main__':
if not os.path.isfile('_agent.js'):
print('ERROR: Please build the agent first by running `npm run build`')
sys.exit(1)
if len(sys.argv) != 2:
print("Usage: %s <process name or PID> " % __file__)
sys.exit(1)
try:
target_process = int(sys.argv[1])
except ValueError:
target_process = sys.argv[1]
main(target_process)