Leanpub Header

Skip to main content
Go to Leanpub.comLeanpub

Frida handbook

Learn about binary instrumentation with the Frida toolkit.

Fernando Diaz (@entdark_)

Learn about binary instrumentation using the Frida toolkit using practical examples. This book is not deeply focused in theory but practical use cases instead, from basic uses of the API to how to apply it in real-world scenarios.

We will apply instrumentation under Linux, Windows and MacOS systems.

Minimum price

Free!

$12.00

You pay

$12.00

Author earns

$9.60
$

...Or Buy With Credits!

You can get credits monthly with a Reader Membership
PDF
EPUB
WEB
1,301
Readers
220
Pages
35,250Words
About

About

About the Book

This book is about binary instrumentation using the Frida toolkit. Frida is an open-source binary instrumentation framework developed by @oleavr.

We will learn about binary instrumentation under Linux, MacOs and Windows systems, what it is and how it can be useful for us as well as how to work with the Frida toolkit in a practical way. The book includes basic examples and descriptions of Frida's APIs as well as more complex examples such as parsing structs, obtaining decrypted text and CModule.

Share this book

Categories

Computer SecurityC and C++JavaScript

Feedback

Email the Author

Author

About the Author

Fernando Diaz (@entdark_)

Software Engineer at VirusTotal.

Contents

Table of Contents

1Introduction

  1. 1.1Handbook structure

2What we will need

  1. 2.1System requirements
  2. 2.2Software requirements
  3. 2.3Programming language requirements

3Binary instrumentation and Frida

  1. 3.1Application and code-level instrumentation
  2. 3.2Frida: a binary instrumentation toolkit
  3. Supported architectures and systems
  4. 3.3Instrumentation tool structure under Frida
  5. 3.4Frida architecture basics
  6. Projects using Frida

4Frida usage basics

  1. 4.1JavaScript vs TypeScript
  2. 4.2An overview of Frida API
  3. 4.3Main features
  4. 4.3.1Stalker: a code tracing engine
  5. 4.3.2Hooks and the Interceptor API
  6. 4.4frida-tools
  7. 4.4.1Frida command line interface
  8. Runtimes in Frida
  9. 4.4.2frida-trace

5Dealing with data types with Frida

  1. 5.1Dealing with strings: Reading and allocation
  2. 5.1.1Practical use case: Reading a WinAPI UTF16 string parameter
  3. 5.2Numbers
  4. 5.2.1Numerical arguments passed by value.
  5. 5.2.2Numerical values by reference
  6. 5.2.3Writing numbers
  7. 5.3Pointers
  8. About NativePointers
  9. 5.4Pointer to offsets
  10. Finding process’s modules
  11. 5.5Getting pointers to exports
  12. 5.5.1findExportByName vs getExportByName
  13. 5.6Pointer to ArrayBuffers
  14. Size of pointers
  15. 5.7Hexdump: getting a picture from a memory region
  16. 5.8Writing our first agent.
  17. 5.8.1Writing the control script
  18. 5.9Injecting our scripts using Frida’s command line
  19. 5.10Remote instrumentation
  20. The Frida CodeShare repository

6Intermediate usage

  1. 6.1Defining globals in Frida’s REPL
  2. 6.2Following child processes
  3. 6.3Creating NativeFunctions
  4. 6.3.1Using NativeFunction to call system APIs
  5. 6.4Modifying return values
  6. 6.5Access values after usage
  7. 6.6CryptDecrypt: A practical case.
  8. 6.7Modifying values before execution
  9. 6.8Undoing instrumentation
  10. 6.9std::string
  11. 6.9.1std::vector in MSVC
  12. 6.10Operating with ArrayBuffers

7Advanced usage

  1. 7.1NOP functions
  2. 7.1.1Using the replace API
  3. 7.1.2Patching memory
  4. 7.2Memory scanning
  5. 7.2.1Reacting on memory patterns
  6. 7.3Using custom libraries (DLL/.so)
  7. 7.3.1Creating a custom DLL
  8. 7.3.2Using our custom library
  9. 7.4Reading and writing registers
  10. 7.5Reading structs
  11. 7.5.1Reading from a user-controlled struct.
  12. 7.6SYSCALL struct
  13. 7.7WINAPI struct.
  14. 7.8Tips for calculating structure offsets
  15. 7.9CModule
  16. 7.9.1CModule: A practical use case
  17. 7.9.2CModule: Reading return values
  18. 7.9.3CModule vs JavaScript agent performance
  19. 7.9.4CModule: Sharing state between JS and C
  20. 7.10Sharing state between two CModule objects
  21. 7.10.1Notifying from C code
  22. 7.11CModule boilerplates
  23. 7.12Stalker
  24. 7.12.1Getting a thread id
  25. 7.12.2Stalker: Tracing from a known function call
  26. 7.12.3Tracing instructions
  27. 7.12.4Getting RET addresses

8MacOS

  1. 8.1ObjC
  2. 8.2Intercepting NSURL InitWithString
  3. 8.3Obj-C: Intercepting fileExistsAtPath
  4. 8.4ObjC: Methods with multiple arguments.
  5. 8.5ObjC: Reading a CFDataRef
  6. 8.6Getting CryptoKit’s AES.GCM.seal data before encryption
  7. 8.7Swift.String

9Android instrumentation

  1. 9.1Setting up the environment
  2. 9.1.1Android emulator
  3. 9.1.2frida-server
  4. 9.1.3Java API
  5. 9.2Java.perform() API
  6. 9.2.1Instrumenting Android applications
  7. 9.2.2Reading values
  8. 9.2.3Replacing return values
  9. 9.2.4Replacing arguments
  10. 9.2.5Instrumenting constructors
  11. 9.2.6Bytearray values
  12. 9.3Method overloads
  13. 9.3.1Stacktraces
  14. 9.4Frida detection mechanisms
  15. 9.4.1/data/local/tmp/frida-server
  16. 9.4.2/proc/self/maps

10r2frida

  1. r2frida commands
  2. 10.0.1Testing r2frida
  3. Attaching to running processes
  4. 10.1Tracing functions
  5. 10.1.1Tracing functions from imports/exports
  6. 10.1.2Tracing functions by using offsets
  7. 10.2Disassembling functions in memory
  8. 10.3Replace return values
  9. 10.4Replacing return values (hijacking)
  10. 10.5Allocating strings
  11. 10.6Calling functions

11Optimizing our Frida setup

  1. 11.1Building an optimized Frida agent

12A real-world use case: Building an anti-cheat with Frida

  1. 12.1Background
  2. 12.2Anti-cheat Requirements
  3. 12.2.1Timenudge
  4. 12.3Quick environment setup
  5. 12.4Anti-cheat architecture
  6. 12.5Extending the banlist
  7. 12.5.1Monitoring userinfo changes
  8. 12.5.2Predicting timenudge values
  9. 12.6Optimizing G_RunFrame calls
  10. 12.6.1Persistence across map changes
  11. 12.6.2Conclusions

13Resources

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub