Changes

Page history
Update Using API Monitor and Frida authored by Pruitt, David R. (S&T-Student)'s avatar Pruitt, David R. (S&T-Student)
Hide whitespace changes
Inline Side-by-side
Using-API-Monitor-and-Frida.md
View page @ f9bfec57
...@@ -78,15 +78,11 @@ def main(target_process): ...@@ -78,15 +78,11 @@ def main(target_process):
// When function is called, print out its parameters // When function is called, print out its parameters
onEnter: function (args) { onEnter: function (args) {
console.log(''); console.log('');
console.log('[+] Called CreateProcessW' + CreateProcessW); console.log('[+] Called CreateProcessW ' + CreateProcessW);
console.log('[+] AppName: ' + args[0]); console.log('[+] AppName: ' + args[0]);
console.log('[+] CmdLine: ' + args[1]); console.log('[+] CmdLine: ' + args[1]);
console.log('[+] CurrentDirectory: ' + args[7]); console.log('[+] CurrentDirectory: ' + args[7]);
dumpAddr('Input', args[1], 147); //146 dumpAddr('Input', args[1], 147); //146
this.outptr = args[2]; // Store arg2 and arg3 in order to see when we leave the function
var bSlash = '\\\\';
console.log(bSlash);
newAppName = 'F:\\\\Applications\\\\Steam\\\\steamapps\\\\common\\\\mcpixel\\\\McLauncher.exe'; newAppName = 'F:\\\\Applications\\\\Steam\\\\steamapps\\\\common\\\\mcpixel\\\\McLauncher.exe';
newCmdLine= '"F:\\\\Applications\\\\Steam\\\\steamapps\\\\common\\\\mcpixel\\\\McLauncher.exe"'; newCmdLine= '"F:\\\\Applications\\\\Steam\\\\steamapps\\\\common\\\\mcpixel\\\\McLauncher.exe"';
...@@ -98,6 +94,7 @@ def main(target_process): ...@@ -98,6 +94,7 @@ def main(target_process):
clearMem(args[1],147); clearMem(args[1],147);
clearMem(args[7],129); clearMem(args[7],129);
//Write New Strings to Memeory
Memory.writeUtf16String(args[0],newAppName); Memory.writeUtf16String(args[0],newAppName);
Memory.writeUtf16String(args[1],newCmdLine); Memory.writeUtf16String(args[1],newCmdLine);
Memory.writeUtf16String(args[7],newDir); Memory.writeUtf16String(args[7],newDir);
... ...
......