ScrapHacks/frida/frida_stalker_test.py

import frida
import sys
import psutil
import subprocess as SP
import threading
from multiprocessing import JoinableQueue
import msgpack


q = JoinableQueue()


def db_worker(q):
    events = 0
    with open("trace.mp", "wb") as of:
        while True:
            args = q.get()
            if args is None:
                q.task_done()
                break
            events += 1
            msgpack.dump(args, of)
            q.task_done()
    print("Wrote", events, "events")


db_w = threading.Thread(target=db_worker, args=(q,))

db_w.start()
modules = {}
mem_range = None


def on_message(msg, data=None):
    global mem_range
    data = msg["payload"]
    if "stalker" in data:
        for val in data["stalker"]:
            q.put(val)


def main():
    pid = frida.spawn(sys.argv[1:])
    session = frida.attach(pid)
    session.enable_jit()
    script = session.create_script(open("frida_stalker_test.js").read())
    script.on("message", on_message)
    script.load()
    frida.resume(pid)
    proc = psutil.Process(pid)
    proc.wait()
    session.detach()
    q.put(None)
    q.join()
    q.close()
    db_w.join()


"""
import msgpack as mp
from collections import Counter
data=list(mp.Unpacker(open("trace.mp","rb"), raw=False))
Counter(v[1] for v in data).most_common(10)
"""

if __name__ == "__main__":
    main()
Lots of Updates (expand for more): - Started implementing new parser for chunked data - Started documenting data formats - Started dissector for network protocol - Added AI-Graph renderer (converts .pth files to python data you can import into Blender) - Added Script to convert savefile to JSON - Added (old) parser for chunked data format - Added basic parser for LFVF data section (Vertex Data) - Added script to analyze and filter read trace generated with frida script - Added various Frida scripts 2020-08-04 16:05:34 +00:00			`import frida`
			`import sys`
			`import psutil`
			`import subprocess as SP`
			`import threading`
			`from multiprocessing import JoinableQueue`
			`import msgpack`


			`q = JoinableQueue()`


			`def db_worker(q):`
			`events = 0`
			`with open("trace.mp", "wb") as of:`
			`while True:`
			`args = q.get()`
			`if args is None:`
			`q.task_done()`
			`break`
			`events += 1`
			`msgpack.dump(args, of)`
			`q.task_done()`
			`print("Wrote", events, "events")`


			`db_w = threading.Thread(target=db_worker, args=(q,))`

			`db_w.start()`
			`modules = {}`
			`mem_range = None`


			`def on_message(msg, data=None):`
			`global mem_range`
			`data = msg["payload"]`
			`if "stalker" in data:`
			`for val in data["stalker"]:`
			`q.put(val)`


			`def main():`
			`pid = frida.spawn(sys.argv[1:])`
			`session = frida.attach(pid)`
			`session.enable_jit()`
			`script = session.create_script(open("frida_stalker_test.js").read())`
			`script.on("message", on_message)`
			`script.load()`
			`frida.resume(pid)`
			`proc = psutil.Process(pid)`
			`proc.wait()`
			`session.detach()`
			`q.put(None)`
			`q.join()`
			`q.close()`
			`db_w.join()`


			`"""`
			`import msgpack as mp`
			`from collections import Counter`
			`data=list(mp.Unpacker(open("trace.mp","rb"), raw=False))`
			`Counter(v[1] for v in data).most_common(10)`
			`"""`

			`if __name__ == "__main__":`
			`main()`