How can I intercept a symbol from Assembly-CSharp.dll inside an APK ?

[iddoeldor]

mono_assembly_load_from_full loads Assembly-CSharp.dll I want to get the dynamic address of SomeMethod

static address :

$ rabin2 -zzz Assembly-CSharp.dll | grep SomeMethod
3306 0x0004080a 0x0044240a  12  13 (.text) ascii SomeMethod

[freehuntx]

Take a look inside of this file: https://github.com/freehuntx/frida-mono-api/blob/master/src/mono-api.js Search for the api you want (mono_assembly_load_from_full)

If its typedefinition is null, it means its not implemented yet. I can do that for you now. You simply describe the NativeFunction.

Then if its ready, you can do the following:

import { MonoApi } from 'frida-mono-api'

MonoApi.mono_assembly_load_from_full.intercept({
  onEnter: function() {}
})

or

MonoApi.mono_assembly_load_from_full.replace((...args) => {
  return MonoApi.mono_assembly_load_from_full(...args)
})

(Take a look at https://github.com/freehuntx/frida-ex-nativefunction)

[freehuntx]

Implemented in this commit: https://github.com/freehuntx/frida-mono-api/commit/6d4cce02f6675ff0112fd872e1d0901fc46b886c

[iddoeldor]

Thanks, great repo ! I will test it on android app and update It would be easier to test as single script to attach to Frida via $ frida -Uf com.app --no-pause -l script.js

I will need to install node.js dependencies and understand how to execute it tomorrow

related https://github.com/frida/frida/issues/572

Any chance to contact you via Mail/Telegram ?

[freehuntx]

I mainly wrote this to be used programatically. You can look at the source and copy its behaviour to fit your needs.

You can contact me via:

[iddoeldor]

I had read the entire source. Sending mail, thanks.

[iddoeldor]

Thank you !