ScrapHacks/frida/frida_hook_net.js

var sendto = Module.getExportByName("WSOCK32.dll", "sendto")
var recvfrom = Module.getExportByName("WSOCK32.dll", "recvfrom")

Interceptor.attach(ptr("0x004f9300"), {
    onEnter: function (args) {
        console.log("[SendUsrString]", JSON.stringify({
            data: args[0].readCString(),
            dst: args[1].toInt32(),
            chat: args[2].toInt32()
        }));
    }
})

Interceptor.attach(ptr(sendto), {
    onEnter: function (args) {
        this.socket = args[0];
        this.buffer = args[1];
        this.size = args[2].toInt32();
        this.flags = args[3].toInt32();
        this.sock_addr = args[4];
        this.to_len = args[5].toInt32();
    },
    onLeave: function (ret) {
        var port = this.sock_addr.add(2).readU16();
        var addr = this.sock_addr.add(4).readU32();
        var data = Memory.readByteArray(this.buffer, ret.toInt32())
        send({
            type: "SEND",
            ptr: this.buffer.toInt32(),
            addr,
            port
        }, data);
        return ret;
    }
})

Interceptor.attach(ptr(recvfrom), {
    onEnter: function (args) {
        this.socket = args[0];
        this.buffer = args[1];
        this.size = args[2].toInt32();
        this.flags = args[3].toInt32();
        this.sock_addr = args[4];
        this.from_len = args[5].toInt32();
    },
    onLeave: function (ret) {
        if (!ret.equals(ptr("0xffffffff"))) {
            var port = this.sock_addr.add(2).readU16();
            var addr = this.sock_addr.add(4).readU32();
            var data = Memory.readByteArray(this.buffer, ret.toInt32())
            send({
                type: "RECV",
                ptr: this.buffer.toInt32(),
                addr,
                port
            }, data);
        }
        return ret;
    }
})
Lots of Updates (expand for more): - Started implementing new parser for chunked data - Started documenting data formats - Started dissector for network protocol - Added AI-Graph renderer (converts .pth files to python data you can import into Blender) - Added Script to convert savefile to JSON - Added (old) parser for chunked data format - Added basic parser for LFVF data section (Vertex Data) - Added script to analyze and filter read trace generated with frida script - Added various Frida scripts 2020-08-04 16:05:34 +00:00			`var sendto = Module.getExportByName("WSOCK32.dll", "sendto")`
			`var recvfrom = Module.getExportByName("WSOCK32.dll", "recvfrom")`

			`Interceptor.attach(ptr("0x004f9300"), {`
			`onEnter: function (args) {`
			`console.log("[SendUsrString]", JSON.stringify({`
			`data: args[0].readCString(),`
			`dst: args[1].toInt32(),`
			`chat: args[2].toInt32()`
			`}));`
			`}`
			`})`

			`Interceptor.attach(ptr(sendto), {`
			`onEnter: function (args) {`
			`this.socket = args[0];`
			`this.buffer = args[1];`
			`this.size = args[2].toInt32();`
			`this.flags = args[3].toInt32();`
			`this.sock_addr = args[4];`
			`this.to_len = args[5].toInt32();`
			`},`
			`onLeave: function (ret) {`
			`var port = this.sock_addr.add(2).readU16();`
			`var addr = this.sock_addr.add(4).readU32();`
			`var data = Memory.readByteArray(this.buffer, ret.toInt32())`
			`send({`
			`type: "SEND",`
			`ptr: this.buffer.toInt32(),`
			`addr,`
			`port`
			`}, data);`
			`return ret;`
			`}`
			`})`

			`Interceptor.attach(ptr(recvfrom), {`
			`onEnter: function (args) {`
			`this.socket = args[0];`
			`this.buffer = args[1];`
			`this.size = args[2].toInt32();`
			`this.flags = args[3].toInt32();`
			`this.sock_addr = args[4];`
			`this.from_len = args[5].toInt32();`
			`},`
			`onLeave: function (ret) {`
			`if (!ret.equals(ptr("0xffffffff"))) {`
			`var port = this.sock_addr.add(2).readU16();`
			`var addr = this.sock_addr.add(4).readU32();`
			`var data = Memory.readByteArray(this.buffer, ret.toInt32())`
			`send({`
			`type: "RECV",`
			`ptr: this.buffer.toInt32(),`
			`addr,`
			`port`
			`}, data);`
			`}`
			`return ret;`
			`}`
			`})`