-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathenableDebug.js
More file actions
63 lines (46 loc) · 1.58 KB
/
Copy pathenableDebug.js
File metadata and controls
63 lines (46 loc) · 1.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
/*
frida -f StreetsOfRogue.exe -l enableDebug.js
*/
const MONO_DLL = "mono-2.0-bdwgc.dll";
const debuggerAgent = Memory.allocAnsiString("--debugger-agent=transport=dt_socket,server=y,address=127.0.0.1:55555,suspend=n")
var MONO_DEBUG_ARG = Memory.alloc(0x10)
MONO_DEBUG_ARG.writePointer(debuggerAgent)
var mono_debug_init_call
var mono_debug_enabled_call
var mono_jit_parse_options_call
Interceptor.attach(Module.getExportByName(null, 'LoadLibraryW'), {
onEnter: function (args) {
var f = args[0].readUtf16String()
//console.log("LoadLibraryW",f)
if(f.includes(MONO_DLL))
{
this.is_1=1
}
},
onLeave: function (retval) {
if(this.is_1)
{
hookMono()
}
}
});
function hookMono()
{
var mono_jit_init_version = Module.findExportByName(MONO_DLL,"mono_jit_init_version")
var mono_debug_init_address = Module.findExportByName(MONO_DLL,"mono_debug_init")
var mono_jit_parse_options = Module.findExportByName(MONO_DLL,"mono_jit_parse_options")
mono_debug_init_call = new NativeFunction(Module.findExportByName(MONO_DLL,"mono_debug_init"), 'void', ['int32']);
mono_debug_enabled_call = new NativeFunction(Module.findExportByName(MONO_DLL,"mono_debug_enabled"), 'uint32', []);
mono_jit_parse_options_call = new NativeFunction(Module.findExportByName(MONO_DLL,"mono_jit_parse_options"), 'void', ['int32','pointer']);
Interceptor.attach(mono_jit_init_version, {
onEnter: function (args) {
mono_jit_parse_options_call(0x1, MONO_DEBUG_ARG)
if(mono_debug_enabled_call()!=1)
{
mono_debug_init_call(1)
}
},
onLeave: function (retval) {
}
});
}