frida-python icon indicating copy to clipboard operation
frida-python copied to clipboard
verified publisher icon frida

add a `repl()` function that you can be called from within __handler__ scripts

Open dpnishant opened this issue 9 years ago • 3 comments 

[01:03] <@oleavr> dpnishant: I've been wanting to add a `repl()` function that you can call from those scripts to drop in a REPL that's blocking in the current location
[01:03] <dpnishant> kinda an interactive
[01:04] <@oleavr> dpnishant: so you'd get a REPL on the host side, and the native thread calling onEnter (for example) is blocked and you can inspect args etc.
[01:04] <dpnishant> yes
[01:04] <dpnishant> that would be very powerful
[01:07] -fridaposten:#frida- [frida-gum] oleavr pushed 1 new commit to master: https://github.com/frida/frida-gum/commit/d654588309f66b305d281b3b49ee3fd01448ec7c
[01:07] -fridaposten:#frida- frida-gum/master d654588 Ole André Vadla Ravnås: Don't tell GCC that we're clobbering ebx...
[01:08] -fridaposten:#frida- [frida] oleavr pushed 1 new commit to master: https://github.com/frida/frida/commit/2f16d89e5e795270740abea0d3d2e922eb032d74
[01:08] -fridaposten:#frida- frida/master 2f16d89 Ole André Vadla Ravnås: Update frida-gum
[01:08] <@oleavr> dpnishant: shouldn't be too hard to implement.. the biggest part of the job is refactoring frida-repl so the core functionality of the REPL can be used by both frida-repl and frida-trace
[01:09] <@oleavr> dpnishant: and the implementation is easy; we just need to const operation = recv(...); operation.wait(); in the repl() function, so we block the thread until it receives a specific message (which might be sent if you Ctrl+D from the REPL)
[01:10] <dpnishant> true!
[01:12] <dpnishant> should I create a github feature-request?
[01:13] <@oleavr> dpnishant: that would be great! please file it in frida-python

dpnishant avatar Mar 05 '16 19:03 dpnishant

is this feature implemented yet?

H4oK3 avatar Apr 05 '18 02:04 H4oK3

No. This is not hard to implement though – Frida already provides the necessary APIs.

@H4oK3 did you just say "challenge accepted"? ;-)

oleavr avatar Apr 05 '18 10:04 oleavr

@oleavr Right on, but i do need ask some pointers; how would you think it should be implemented and what API should be used here?

An easy coarse-grained draft implementation might be sth like this:

# ask for user command in on_message function

def on_message(message, data):
    if message['type'] == 'send':
        post_data = raw_input("-> ")
        script.post({'type': 'repl', 'payload': post_data})
    elif message['type'] == 'error':
        print(message['stack'])

And in the frida script:

while (true) {
    var op = recv('repl', function(value) {
        recv_data = value.payload
        console.log("[App Recv:]  " + recv_data)
    });
    op.wait();

    // get the result back
    send(JSON.stringify(eval(recv_data)))
    if (recv_data === "exit"){
        break;
    }
}

But of course nobody want sth like this; 2 things I need to figure out a way to achieve:

  1. How to make the repl auto-complete; I took a quick look at frida.repl, I guess I might need to read more about it so I know how that works; like how frida gets the context to do the auto completion, maybe you can give me some tips on this?

  2. Example above simply used eval(); that would be stupid and buggy, it might need a better way to get the result of expressions that passed in, I do not know how Frida did it; I guess I might also need to read frida.repl code when I got time, and I'd love to ask for some pointers as well.

I am also on IRC as n0ps if you want to hit me up there, thanks!

H4oK3 avatar Apr 05 '18 14:04 H4oK3