frida-scripts/raptor_frida_linux_enum.js at master · 0xdea/frida-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
/*
 * raptor_frida_linux_enum.js - Module/function enumerator
 * Copyright (c) 2025 Marco Ivaldi <raptor@0xdeadbeef.info>
 *
 * "For all is like an ocean, all flows and connects;
 * touch it in one place and it echoes at the other end of the world."
 *                        -- Fyodor Dostoevsky, The Brothers Karamazov
 *
 * Frida.re JS code to enumerate modules and functions present in a Linux ELF
 * binary. See https://www.frida.re/ and https://codeshare.frida.re/ for
 * further information on this world-class dynamic instrumentation toolkit.
 *
 * Example usage:
 * $ uv tool install frida-tools
 * $ frida -f hello-vuln -l raptor_frida_linux_enum.js --pause
 *
 * Tested with:
 * Frida 17.2.1 on Ubuntu 24.0
 *
 * Get the latest version at:
 * https://github.com/0xdea/frida-scripts/
 */

// Enumerate all loaded modules
function enumAllModules()
{
	return Process.enumerateModules();
}

// Find all loaded modules that match a pattern
function findModules(pattern)
{
	var allModules = enumAllModules();
	var foundModules = [];

	allModules.forEach(function(aModule) {
		if (aModule.name.match(pattern)) {
			foundModules.push(aModule);
		}
	});

	return foundModules;
}

// Enumerate all functions using the `DebugSymbol` API
// NOTE: `Module.enumerateSymbols()` and `Module.findSymbolByName()` don't work
function enumAllFunctions()
{
	var allFunctions = [];

	for (const aFunction of DebugSymbol.findFunctionsMatching("*")) {
		allFunctions.push(DebugSymbol.fromAddress(ptr(aFunction)));
	}

	return allFunctions;
}

// Find all functions that match a glob using the `DebugSymbol` API
// NOTE: `Module.enumerateSymbols()` and `Module.findSymbolByName()` don't work
function findFunctions(glob)
{
	var foundFunctions = []

	for (const aFunction of DebugSymbol.findFunctionsMatching(glob)) {
		foundFunctions.push(DebugSymbol.fromAddress(ptr(aFunction)));
	}

	return foundFunctions;
}

// Enumerate all functions in a module using the `DebugSymbol` API
// NOTE: `Module.enumerateSymbols()` and `Module.findSymbolByName()` don't work
function enumModuleFunctions(moduleName)
{
	var moduleFunctions = [];

	for (const aFunction of enumAllFunctions()) {
		if (aFunction.moduleName === moduleName) {
			moduleFunctions.push(aFunction)
		}
	}

	return moduleFunctions;
}

// Enumerate the imports of a module
function enumModuleImports(moduleName)
{
	for (const aModule of enumAllModules()) {
		if (aModule.name === moduleName) {
			return aModule.enumerateImports();
		}
	}
}

// Enumerate the exports of a module
function enumModuleExports(moduleName)
{
	for (const aModule of enumAllModules()) {
		if (aModule.name === moduleName) {
			return aModule.enumerateExports();
		}
	}
}

// Usage examples

// Enumerate all modules
/*
var l = enumAllModules()
l.forEach(function(m) {
	//console.log(m.base, m.size, m.name, m.path);
	console.log(m.base, m.name, m.path);
});
*/

// Find modules that match a pattern
/*
var l = findModules(/lib/i);
l.forEach(function(m) {
	//console.log(m.base, m.size, m.name, m.path);
	console.log(m.base, m.name, m.path);
});
*/

// Enumerate all functions
/*
var l = enumAllFunctions()
l.forEach(function(f) {
	//console.log(f.address, f.name, f.moduleName, f.fileName, f.lineNumber);
	console.log(f.toString());
});
*/

// Find functions that match a glob
/*
var l = findFunctions("*printf*");
l.forEach(function(f) {
	//console.log(f.address, f.name, f.moduleName, f.fileName, f.lineNumber);
	console.log(f.toString())
});
*/

// Enumerate all functions in a module
/*
var l = enumModuleFunctions("hello-vuln")
l.forEach(function(f) {
	console.log(f);
});
*/

// Enumerate the imports of a module
/*
var l = enumModuleImports("hello-vuln");
l.forEach(function(i) {
	console.log(i.name);
});
*/

// Enumerate the exports of a module
/*
var l = enumModuleExports("libc.so.6");
l.forEach(function(e) {
	console.log(e.name);
});
*/