taint-with-frida/foo.js at master · andreafioraldi/taint-with-frida · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
var taint = require("./taint");

taint.syscallPreHook = function(ctx) {
    var sn = ctx.rax.toInt32();
    taint.log("foo", "syscall index = " + sn);
    if(sn == 0) { //read
        taint.memory.taint(ctx.rsi, ctx.rdx);
        taint.report();
    }
    else if(sn == 60 || sn == 231) { //exit || exit_group
        taint.log("foo", "exiting");
        taint.stopTracing();
        taint.report()
    }
}

taint.syscallPostHook = function(ctx) {
    taint.log("foo", "syscall ret = " + ctx.rax);
}

Interceptor.attach(ptr("0x400643"), //main
    function() {
        taint.log("foo", "enter main()");
        taint.startTracing(true); //hook syscalls
    }
);