Si13ntV0ice
Si13ntV0ice
As said in title, trcapi sample not use DetourCreateProcessWithDll in CreateProcessAsUser and CreateProcessWithToken. process may escape from detours hook if they didn't create process with CreateProcessA/W
Use frida-server X86-64 and try to attach X64 target on Apple M1 within MacOS 12.0.1, Always failed with error: `Failed to attach: unexpected error while starting thread (set_thread_state returned '(os/kern)...
Example Code: `#include int64_t sub(int *x) { if(*x) { return 0 ; } int32_t a1 = 1 ; int64_t a2 = 2 ; a2 = a1 ; return a2 ;...
including different os. trace child process automatically
what about the performance ? Whole system emulation would be very slow , i think :(