Closed oleavr closed 7 years ago
ChiChou
commented
7 years ago I didn't choose npm module macho because it needs memcpy before parsing the macho header, and I am planning to implement that with pure frida Memory api.
Some (crazy) guy has already rewritten dumpdecrypted with frida: https://codeshare.frida.re/@lichao890427/dump-ios/
Anyways, it a big surprise to see you here!
oleavr
commented
7 years ago I didn't choose npm module macho because it needs memcpy before parsing the macho header, and I am planning to implement that with pure frida Memory api.
Awesome! Totally agree that the memcpy() isn't ideal – I limited it to 64 kB as this tends to be enough to cover the headers, but it's not a nice solution.
Some (crazy) guy has already rewritten dumpdecrypted with frida: https://codeshare.frida.re/@lichao890427/dump-ios/
Cool!
Anyways, it a big surprise to see you here!
:-) Btw, feel free to drop by Frida with PRs whenever you see things missing or broken.
ChiChou
commented
6 years ago @oleavr Here it is! In-memory Mach-O parsing with just a simple trick. https://gist.github.com/ChiChou/cc9b95a7c42bd0988a453716f18a2aaf
The frida-load module is deprecated and should not be used. This is however my fault for not making this clear in the Frida documentation, so I'm submitting this PR to make up for it. :-)
I also replaced passionfruit_checksec() written in C with JavaScript, by using the macho module. I did however not port the lsof functionality as it isn't currently used by the UI. This would be easy to port though if needed in the future.