Wire up some more

frida · Sep 27, 2024 · 58958b3 · 58958b3
1 parent a196a4b
commit 58958b3
Show file tree

Hide file tree

Showing 6 changed files with 63 additions and 13 deletions.
diff --git a/agents/tracer/agent.ts b/agents/tracer/agent.ts
@@ -141,9 +141,22 @@ class Agent {
     }
 
     resolveAddresses(addresses: string[]): string[] {
+        let cachedModules: ModuleMap | null = null;
         return addresses
             .map(ptr)
             .map(DebugSymbol.fromAddress)
+            .map(sym => {
+                if (sym.name === null) {
+                    if (cachedModules === null) {
+                        cachedModules = new ModuleMap();
+                    }
+                    const module = cachedModules.find(sym.address);
+                    if (module !== null) {
+                        return `${module.name}!${sym.address.sub(module.base)}`;
+                    }
+                }
+                return sym;
+            })
             .map(s => s.toString());
     }
 
@@ -359,7 +372,7 @@ class Agent {
         return [...cIds, ...objcIds, ...swiftIds];
     }
 
-    private async traceNativeEntries(flavor: NativeTargetType, groups: NativeTargetScopes, onError: TraceErrorEventHandler):
+    private async traceNativeEntries(flavor: NativeTargetFlavor, groups: NativeTargetScopes, onError: TraceErrorEventHandler):
             Promise<TraceTargetId[]> {
         if (groups.size === 0) {
             return [];
@@ -1050,13 +1063,13 @@ class TracePlan {
     }
 }
 
-type TargetType = NativeTargetType | "java";
+type TargetFlavor = NativeTargetFlavor | "java";
 type ScopeName = string;
 type MemberName = string | [string, string];
 
-type NativeTargetType = "insn" | "c" | "objc" | "swift";
+type NativeTargetFlavor = "insn" | "c" | "objc" | "swift";
 type NativeTargets = Map<NativeId, NativeTarget>;
-type NativeTarget = [type: NativeTargetType, scope: ScopeName, name: MemberName];
+type NativeTarget = [type: NativeTargetFlavor, scope: ScopeName, name: MemberName];
 type NativeTargetScopes = Map<ScopeName, NativeItem[]>;
 type NativeItem = [name: MemberName, address: NativePointer];
 type NativeId = string;
@@ -1088,7 +1101,7 @@ interface CommitResult {
 
 interface HandlerRequest {
     type: "handlers:get",
-    flavor: TargetType;
+    flavor: TargetFlavor;
     baseId: TraceTargetId;
     scopes: HandlerRequestScope[];
 }

diff --git a/apps/tracer/src/App.tsx b/apps/tracer/src/App.tsx
@@ -135,7 +135,7 @@ export default function App() {
                                     onClick={() => {
                                         setSelectedTabId("disassembly");
                                         setDisassemblyTarget({
-                                            type: "function",
+                                            type: (selectedHandler!.flavor === "insn") ? "instruction" : "function",
                                             name: selectedHandler!.display_name,
                                             address: selectedHandler!.address!
                                         });

diff --git a/apps/tracer/src/DisassemblyView.tsx b/apps/tracer/src/DisassemblyView.tsx
@@ -29,6 +29,7 @@ export type AddInstructionHookRequestHandler = (address: bigint) => void;
 
 export default function DisassemblyView({ target, handlers, onSelectHandler, onAddInstructionHook }: DisassemblyViewProps) {
     const [rawR2Output, setRawR2Output] = useState("");
+    const [r2Ops, setR2Ops] = useState(new Map<string, R2Operation>());
     const [r2Output, setR2Output] = useState<string[]>([]);
     const [isLoading, setIsLoading] = useState(false);
     const highlightedAddressAnchorRef = useRef<HTMLAnchorElement | null>(null);
@@ -52,20 +53,29 @@ export default function DisassemblyView({ target, handlers, onSelectHandler, onA
                     "af",
                     "afn base64:" + btoa(t.name),
                     "pdf",
+                    "pdfj",
                 ].join("; ")
-                : `s ${t.address}; pd`;
+                : `s ${t.address}; pd; pdj`;
             let result = await executeR2Command(command);
             if (ignore) {
                 return;
             }
-            if (result === "") {
-                result = await executeR2Command("pd");
+            let lines = result.trimEnd().split("\n");
+            if (lines[0] === "") {
+                result = await executeR2Command("pd; pdj");
+                lines = result.trimEnd().split("\n");
             }
             if (ignore) {
                 return;
             }
 
-            setRawR2Output(result);
+            setRawR2Output(lines.slice(0, lines.length - 1).join("\n"));
+
+            const meta = JSON.parse(lines[lines.length - 1]);
+            const opItems: R2Operation[] = Array.isArray(meta) ? meta : meta.ops;
+            const opByAddress = new Map<string, R2Operation>(opItems.map(op => [op.offset, op]));
+            setR2Ops(opByAddress);
+
             setIsLoading(false);
         }
 
@@ -137,7 +147,7 @@ export default function DisassemblyView({ target, handlers, onSelectHandler, onA
         </Menu>
     ), [onSelectHandler]);
 
-    const handleContextMenu = useCallback((event: React.MouseEvent) => {
+    const handleAddressClick = useCallback((event: React.MouseEvent) => {
         const target = event.target;
         if (!(target instanceof HTMLAnchorElement)) {
             return;
@@ -165,8 +175,32 @@ export default function DisassemblyView({ target, handlers, onSelectHandler, onA
     }
 
     return (
-        <div className="disassembly-view" onContextMenu={handleContextMenu}>
+        <div className="disassembly-view" onClick={handleAddressClick}>
             {r2Output.map((line, i) => <div key={i} dangerouslySetInnerHTML={{ __html: line }} />)}
         </div>
     );
 }
+
+interface R2Function {
+    name: string;
+    size: string;
+    addr: string;
+    ops: R2Operation[];
+}
+
+interface R2Operation {
+    offset: string;
+    esil: string;
+    refptr: number;
+    fcn_addr: string;
+    fcn_last: string;
+    size: number;
+    opcode: string;
+    disasm: string;
+    bytes: string;
+    family: string;
+    type: string;
+    type_num: string;
+    type2_num: string;
+    reloc: boolean;
+}
diff --git a/apps/tracer/src/EventView.tsx b/apps/tracer/src/EventView.tsx
@@ -124,7 +124,7 @@ export default function EventView({
                         }
                     </tbody>
                 </table>
-                <Button className="event-dismiss" intent="primary" onClick={() => onDeactivate(targetId, i)}>Dismiss</Button>
+                <Button className="event-dismiss" intent="primary" onClick={() => onDeactivate(targetId, selectedIndex)}>Dismiss</Button>
             </Card>
         );
     }

diff --git a/apps/tracer/src/model.ts b/apps/tracer/src/model.ts
@@ -305,11 +305,13 @@ type TraceSpecPattern = string;
 
 export interface Handler {
     id: HandlerId;
+    flavor: TargetFlavor;
     scope: ScopeId;
     display_name: string;
     address: string | null;
 }
 export type HandlerId = number;
+export type TargetFlavor = "insn" | "c" | "objc" | "swift" | "java";
 export type ScopeId = string;
 
 interface HandlerConfig {

diff --git a/frida_tools/tracer.py b/frida_tools/tracer.py
@@ -731,6 +731,7 @@ class TraceTarget:
     def to_json(self) -> dict:
         return {
             "id": self.identifier,
+            "flavor": self.flavor,
             "scope": self.scope,
             "display_name": self.display_name,
             "address": hex(self.address) if self.address is not None else None,