npm - @zsa233/frida-analykit-agent - Versions diffs - 2.0.0 → 2.0.2 - Mend

@zsa233/frida-analykit-agent 2.0.0 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/dist/api/android.d.ts +41 -0
package/dist/api/android.js +1 -0
package/dist/bridges.d.ts +4 -0
package/dist/bridges.js +8 -0
package/dist/cmodule/scan_adrp.d.ts +9 -0
package/{src/cmodule/scan_adrp.ts → dist/cmodule/scan_adrp.js} +19 -30
package/dist/config.d.ts +26 -0
package/dist/config.js +27 -0
package/dist/consts.d.ts +18 -0
package/dist/consts.js +23 -0
package/dist/elf/insn.d.ts +10 -0
package/dist/elf/insn.js +43 -0
package/dist/elf/module.d.ts +95 -0
package/dist/elf/module.js +632 -0
package/dist/elf/struct.d.ts +235 -0
package/{src/elf/struct.ts → dist/elf/struct.js} +63 -149
package/dist/elf/tools.d.ts +6 -0
package/dist/elf/tools.js +25 -0
package/dist/elf/verifier.d.ts +11 -0
package/dist/elf/verifier.js +57 -0
package/dist/elf/xref.d.ts +32 -0
package/dist/elf/xref.js +271 -0
package/dist/func.d.ts +7 -0
package/dist/func.js +23 -0
package/dist/helper.d.ts +130 -0
package/dist/helper.js +527 -0
package/{src/index.ts → dist/index.d.ts} +0 -1
package/dist/index.js +9 -0
package/dist/jni/env.d.ts +821 -0
package/dist/jni/env.js +1054 -0
package/{src/jni/struct.ts → dist/jni/struct.d.ts} +8 -54
package/dist/jni/struct.js +173 -0
package/dist/lib/libc.d.ts +68 -0
package/dist/lib/libc.js +125 -0
package/dist/lib/libssl.d.ts +23 -0
package/dist/lib/libssl.js +60 -0
package/dist/message.d.ts +18 -0
package/dist/message.js +21 -0
package/dist/net/ssl.d.ts +29 -0
package/dist/net/ssl.js +249 -0
package/dist/net/struct.d.ts +34 -0
package/{src/net/struct.ts → dist/net/struct.js} +4 -18
package/dist/net/tools.js +1 -0
package/dist/process.d.ts +43 -0
package/dist/process.js +77 -0
package/dist/rpc.d.ts +1 -0
package/dist/rpc.js +248 -0
package/dist/utils/array_pointer.d.ts +21 -0
package/dist/utils/array_pointer.js +81 -0
package/dist/utils/queue.d.ts +19 -0
package/dist/utils/queue.js +89 -0
package/dist/utils/scan.d.ts +35 -0
package/dist/utils/scan.js +72 -0
package/dist/utils/std.d.ts +40 -0
package/dist/utils/std.js +128 -0
package/dist/utils/text_endec.d.ts +8 -0
package/dist/utils/text_endec.js +29 -0
package/dist/utils/utils.d.ts +28 -0
package/dist/utils/utils.js +66 -0
package/package.json +18 -5
package/src/api/android.ts +0 -80
package/src/bridges.ts +0 -18
package/src/cmodule/scan_adrp.c +0 -81
package/src/config.ts +0 -56
package/src/consts.ts +0 -31
package/src/elf/insn.ts +0 -61
package/src/elf/module.ts +0 -751
package/src/elf/tools.ts +0 -33
package/src/elf/verifier.ts +0 -74
package/src/elf/xref.ts +0 -360
package/src/func.ts +0 -32
package/src/helper.ts +0 -685
package/src/jni/env.ts +0 -1439
package/src/lib/libc.ts +0 -161
package/src/lib/libssl.ts +0 -95
package/src/message.ts +0 -26
package/src/net/ssl.ts +0 -360
package/src/process.ts +0 -137
package/src/rpc.ts +0 -268
package/src/runtime-globals.d.ts +0 -11
package/src/utils/array_pointer.ts +0 -102
package/src/utils/queue.ts +0 -102
package/src/utils/scan.ts +0 -103
package/src/utils/std.ts +0 -165
package/src/utils/text_endec.ts +0 -35
package/src/utils/utils.ts +0 -111
/package/{src/net/tools.ts → dist/net/tools.d.ts} +0 -0

package/src/elf/tools.ts DELETED Viewed

@@ -1,33 +0,0 @@
-import { setGlobalProperties } from "../config.js"
-import { ElfFileFixer, ElfModuleX } from "./module.js"
-export class ElfTools {
-    static findModuleByName(name: string, tryFix: boolean = false): ElfModuleX | null {
-        const mod = Process.findModuleByName(name)
-        if (mod === null) {
-            return null
-        }
-        return this.loadFromModule(mod, tryFix)
-    }
-    static getModuleByName(name: string, tryFix: boolean = false): ElfModuleX {
-        const modx = this.findModuleByName(name, tryFix)
-        if (modx === null) {
-            throw new Error(`[getModuleByName] ${name} module not found.`)
-        }
-        return modx
-    }
-    static loadFromModule(mod: Module, tryFix: boolean = false): ElfModuleX {
-        const fixers = tryFix ? [new ElfFileFixer(mod.path)] : undefined
-        return new ElfModuleX(mod, fixers)
-    }
-}
-setGlobalProperties({
-    ElfTools,
-})

package/src/elf/verifier.ts DELETED Viewed

@@ -1,74 +0,0 @@
-import { setGlobalProperties } from "../config.js"
-import { InstructionSequence } from "./insn.js"
-type ScoreResult = {
-    instructions: Arm64Instruction[],
-    eoi?: Arm64Instruction,
-    score: number
-}
-export class Subroutine extends InstructionSequence {
-    constructor(entry: Arm64Instruction) {
-        super(entry)
-    }
-    scoreThunk(): ScoreResult {
-        const MAX_INSTR = 20
-        let score: number = 0
-        let i: number = 0
-        const insns: Arm64Instruction[] = []
-        loop: for (const insn of this) {
-            insns.push(insn)
-            const ops = insn.operands
-            switch (insn.mnemonic) {
-                case 'br':
-                case 'b':
-                    this.eoi = insn
-                    score += 100
-                    break loop
-                case 'stp':
-                case 'ldp':
-                    if (ops[2].type === 'mem' && ops[2].value.base === 'sp') {
-                        score -= 20
-                        break
-                    }
-                case 'ret':
-                    score = 0
-                    this.eoi = insn
-                    break
-                case 'sub':
-                case 'add':
-                    if (ops[0].value as string === 'sp') {
-                        score -= 20
-                        break
-                    }
-                    break
-            }
-            if (i >= 5) {
-                // 指令越多分数越低
-                score -= 5
-            }
-            i++
-            if (i >= MAX_INSTR) {
-                break
-            }
-        }
-        return {
-            instructions: insns,
-            eoi: this.eoi,
-            score: score,
-        }
-    }
-}
-setGlobalProperties({
-    Subroutine,
-})

package/src/elf/xref.ts DELETED Viewed

@@ -1,360 +0,0 @@
-import { help, MemoryPage, NativePointerObject } from "../helper.js"
-import { ScanAdrpCMod } from "../cmodule/scan_adrp.js"
-import { setGlobalProperties } from "../config.js";
-import { InstructionSequence } from "./insn.js";
-function countLeadingSignBits(input: number | bigint, width: number): number {
-    if(width < 1 || width > 64) {
-        throw new RangeError('width must be between 1 and 64');
-    }
-    const mask = (1n << BigInt(width)) - 1n
-    let value = BigInt(input) & mask
-    const signBit = (value >> BigInt(width - 1)) & 1n
-    let count = 0
-    for(let i = width - 1; i >= 0; i--) {
-        const bit = (value >> BigInt(i)) & 1n
-        if(bit === signBit) {
-            count ++
-        }else{
-            break
-        }
-    }
-    return count
-}
-function choiceMatchPattern(p: NativePointer, byteNum: number): string {
-    return p.toMatchPattern().split(/\s+/).slice(0, byteNum).join(' ')
-}
-function stripLeadingZeros(hexDump: string): { count: number, stripped: string}{
-    const parts = hexDump.trim().split(/\s+/)
-    let count = 0
-    for(const part of parts) {
-        if(part.toLowerCase() === '00') {
-            count++
-        }else{
-            break
-        }
-    }
-    const strippedParts = parts.slice(count)
-    return {
-        count,
-        stripped: strippedParts.join(' ')
-    }
-}
-export class AdrlXref {
-    /*  adr/adrp Xi, #{imm1}
-        ------------------------------------------------------------------
-        | 31  | 30 ─ 29 | 28 27 26 25 24 | 23 ──────────────── 5 | 4 ─ 0 |
-        | op  |  immlo  |    1 0 0 0 0   |     immhi (19b)       |  Rd   |
-        ------------------------------------------------------------------
-        adr : op=0
-        adrp: op=1
-    */
-    /*  add Xm, Xn, #{imm2}
-        ----------------------------------------------------------------------
-        | 31 | 30 | 29 | 28 27 26 25 24 | 23 ─ 22 | 21 ─ 10  | 9 ─ 5 | 4 ─ 0 |
-        | sf | op |  S |   1 0 0 0 1    |   sh    |   imm12  |  Rn   |  Rd   |
-        ----------------------------------------------------------------------
-    */
-    static readonly ADRP_FIXED28_24_BITSET_MASK = ptr(0b10000).shl(24)
-    target: NativePointer
-    constructor(target: NativePointer) {
-        this.target = target
-    }
-    get targetPage(): NativePointer{
-        return this.target.and(ptr('0xfff').not())
-    }
-    get targetPageOffset(): NativePointer {
-        return this.target.and('0xfff')
-    }
-    scanAdrl(
-        scanRange: { base: NativePointer, size: number },
-        maxGapToAdd: number = 16,
-    ): Adrl[] {
-        const { base, size } = scanRange
-        const targetPage = this.targetPage
-        // adrp
-        const op = ptr(0b1)
-        const adrpMatches: NativePointer[] = []
-        const pageMask = ptr(Process.pageSize - 1).not()
-        const adrpImmLenMask = ptr(0x1FFFFF)
-        type ScanTargetRange = {
-            base: NativePointer
-            size: number
-            high: boolean
-        }
-        help.memoryReadDo(base, size, (makeReadable, makeRecovery): void => {
-            makeReadable()
-            const ranges: ScanTargetRange[] = []
-            if (this.target <= base) {
-                ranges.push({ base, size, high: true })
-            } else if (this.target >= base.add(size)) {
-                ranges.push({ base, size, high: false })
-            } else {
-                ranges.push({ base, size: Number(this.target.sub(base)), high: false })
-                ranges.push({ base: this.target, size: size - Number(this.target.sub(base)), high: true })
-            }
-            for (let range of ranges) {
-                const minPage = range.base.and(pageMask)
-                const maxPage = range.base.add(range.size).and(pageMask)
-                const maxPageDelta = targetPage.sub(minPage).shr(12).and(adrpImmLenMask)
-                const minPageDelta = targetPage.sub(maxPage).shr(12).and(adrpImmLenMask)
-                let immVal: NativePointer
-                let leadingCount: number
-                if(range.high) {
-                    leadingCount = countLeadingSignBits(BigInt(minPageDelta.toString()), 21)
-                    immVal = adrpImmLenMask
-                }else{
-                    leadingCount = countLeadingSignBits(BigInt(maxPageDelta.toString()), 21)
-                    immVal = NULL
-                }
-                const immMask: NativePointer = ptr((((1n << BigInt(leadingCount)) - 1n) << BigInt(21 - leadingCount)).toString())
-                const B = ptr(1)
-                const immloMask = immMask.and(0b11)
-                const immhiMask = immMask.shr(2)
-                const anyRdMask = NULL
-                const adrpMask = choiceMatchPattern(
-                    NULL.or(B.shl(31))
-                        .or(immloMask.shl(29))
-                        .or(AdrlXref.ADRP_FIXED28_24_BITSET_MASK)
-                        .or(immhiMask.shl(5))
-                        .or(anyRdMask),
-                    4,
-                )
-                const { stripped: adrpMaskStripped, count: alignOffset } = stripLeadingZeros(adrpMask)
-                const immlo = immVal.and(0b11)
-                const immhi = immVal.shr(2)
-                const anyRd = NULL
-                const adrpSign = choiceMatchPattern(
-                    NULL.or(op.shl(31))
-                        .or(immlo.shl(29))
-                        .or(AdrlXref.ADRP_FIXED28_24_BITSET_MASK)
-                        .or(immhi.shl(5))
-                        .or(anyRd),
-                    4,
-                )
-                const adrpSignStripped = adrpSign.split(/\s+/).slice(alignOffset).join(' ')
-                const scanPattern = `${adrpSignStripped} : ${adrpMaskStripped}`
-                const scanRes = ScanAdrpCMod.scan(
-                    range, scanPattern, this.target, alignOffset,
-                )
-                if(scanRes.length) {
-                    adrpMatches.push(...scanRes)
-                }
-            }
-            makeRecovery()
-        })
-        const adrpInstructions = adrpMatches.reduce<Adrl[]>((acc, v) => {
-            const adrl = this.verify(v, maxGapToAdd)
-            if (adrl) {
-                acc.push(adrl)
-            }
-            return acc
-        }, [])
-        return adrpInstructions
-    }
-    // adrp + add
-    scanAdrlSlow(
-        scanRange: { base: NativePointer, size: number},
-        maxGapToAdd: number = 16,
-    ): Adrl[] {
-        const { base, size } = scanRange
-        const targetPage = this.targetPage
-        // adrp
-        const op = ptr(0b1)
-        const adrpPageMask = choiceMatchPattern(ptr(0x9fffffe0), 4)
-        const adrpMatches: MemoryScanMatch[] = []
-        help.memoryReadPageDo(base, size, (page: MemoryPage): boolean => {
-            const { readable } = page
-            const range = { base: page.base, size: page.size}
-            if(!range) {
-                return false
-            }else if (!readable) {
-                console.error(`[AdrlXref] scanAdrp base[${range.base} => ${range.base.add(range.size)}] is unreadable.`)
-                return false
-            }
-            const pcPage = range.base
-            const pageDelta = targetPage.sub(pcPage).shr(3*4).and(0x1FFFFF) // immhi:immlo = 21位
-            const immlo = pageDelta.and(0b11)
-            const immhi = pageDelta.shr(2)
-            const anyRd = NULL
-            const adrpSign = choiceMatchPattern(
-                NULL.or(op.shl(31))
-                    .or(immlo.shl(29))
-                    .or(AdrlXref.ADRP_FIXED28_24_BITSET_MASK)
-                    .or(immhi.shl(5))
-                    .or(anyRd),
-                4,
-            )
-            const scanPattern = `${adrpSign} : ${adrpPageMask}`
-            const scanResults = Memory.scanSync(range.base, range.size, scanPattern).filter(v => {
-                return v.address.and(0x3).isNull()
-            })
-            adrpMatches.push(...scanResults)
-            return false
-        })
-        const adrpInstructions = adrpMatches.reduce<Adrl[]>((acc, v) => {
-            const adrl = this.verify(v.address, maxGapToAdd)
-            if(adrl) {
-                acc.push(adrl)
-            }
-            return acc
-        }, [])
-        return adrpInstructions
-    }
-    verify(p: NativePointer, maxGapToAdd: number = 16): Adrl | null {
-        try {
-            const maybeAdrl = Adrl.loadFromPointer(p)
-            const adrpInsn = maybeAdrl.adrpInsn
-            if (adrpInsn.mnemonic !== 'adrp') {
-                return null
-            }
-            if (maybeAdrl.getTarget(false, maxGapToAdd)?.equals(this.target)) {
-                return maybeAdrl
-            }
-            return null
-        } catch (error) {
-        }
-        return null
-    }
-    scanAdr(): Adrl[] {
-        // TODO:
-        return []
-    }
-}
-type JumpScanRes = {
-    src: InstructionSequence
-    insn: Arm64Instruction
-    next: NativePointer
-}
-export class Adrl extends InstructionSequence {
-    readonly adrpInsn: Arm64Instruction
-    private addInsn?: Arm64Instruction
-    constructor(adrp: Arm64Instruction, add?: Arm64Instruction) {
-        super(adrp)
-        this.adrpInsn = adrp
-        this.addInsn = add
-    }
-    get instruction(): Arm64Instruction {
-        return Instruction.parse(this.$handle) as Arm64Instruction
-    }
-    scanBL(base?: NativePointer, maxGap: number = 16): JumpScanRes | null {
-        if(!base) {
-            base = this.$handle
-        }
-        let inc = 0
-        for (const insn of this) {
-            switch (insn.mnemonic) {
-                case 'bl':
-                    return {
-                        src: this,
-                        insn: insn,
-                        next: insn.next,
-                    }
-            }
-            inc++
-            if(inc >= maxGap) return null
-        }
-        return null
-    }
-    getTarget(mustFoundAdd: boolean = false, maxGapToAdd: number = 16): NativePointer | null {
-        const [op1, op2] = this.adrpInsn.operands
-        const target = ptr(op2.value.toString())
-        if (!this.addInsn) {
-            let inc = 0
-            verifyLoop: for (const insn of this) {
-                switch (insn.mnemonic) {
-                    case 'add':
-                        if (insn.operands.length !== 3) {
-                            break
-                        }
-                        const [addOp1, addOp2, addOp3] = insn.operands
-                        if (addOp1.value !== op1.value) {
-                            break
-                        }
-                        if (addOp2.value !== addOp1.value) {
-                            console.error(`[Adrl] findAdd [${insn}] op2，来源于另一个寄存器，无法预估目标地址。`)
-                            break
-                        }
-                        this.addInsn = insn
-                        break verifyLoop
-                }
-                inc++
-                if (inc >= maxGapToAdd) return mustFoundAdd ? null : target
-            }
-        }
-        if(!this.addInsn) {
-            return target
-        }
-        return target.add(this.addInsn.operands[2].value.toString())
-    }
-}
-setGlobalProperties({
-    AdrlXref,
-})

package/src/func.ts DELETED Viewed

@@ -1,32 +0,0 @@
-import { nativeFunctionOptions } from "./consts.js"
-export class FuncHelper {
-    static list: any[] = []
-    static $nativeWrapper<RetType extends NativeFunctionReturnType>(
-        retType: RetType, argTypes: any[],
-    ) {
-        return function (f: NativePointer, wrapFunc: AnyFunction) {
-            const impl = f.isNull() ? NULL : new NativeFunction(f, retType, argTypes, nativeFunctionOptions)
-            const wrapper = function () {
-                return wrapFunc(impl, ...Array.from(arguments))
-            }
-            const cb = new NativeCallback(wrapper, retType, argTypes)
-            FuncHelper.list.push(cb)
-            return cb
-        }
-    }
-    // int __cxa_atexit(void (*f)(void *), void *objptr, void *dso);
-    static atexit = this.$nativeWrapper('void', ['pointer'])
-    // int pthread_create(pthread_t *thread, const pthread_attr_t *attr, void *(*start_routine)(void *), void *arg);
-    static pthread_start_routine = this.$nativeWrapper('pointer', ['pointer'])
-    // void (*keylog_callback)(const SSL *ssl, const char *line)
-    static SSL_CTX_keylog_callback = this.$nativeWrapper('void', ['pointer', 'pointer'])
-}