function-interceptor

This project demonstrates how to hook functions through the funchook library

Requirements

• g++ / msvc compiler
• cmake
• python3
• frida: https://frida.re

Preparing (Linux)

# install dependencies
pip install frida

# change the ptrace_scope for frida
sudo sysctl kernel.yama.ptrace_scope=0

# build c++ project
./build.sh

Preparing (Windows)

REM install dependencies
pip install frida

REM build c++ project
build.bat

Running (Linux)

# run program (it is assumed that in different terminals)
LD_LIBRARY_PATH=./build/bin ./build/bin/program

# attach `./build/bin/libhook.so` to `$(pidof program)`
./scripts/loader.py $(pidof program) ./build/bin/libhook.so

Running (Windows)

REM run program (it is assumed that in different terminals)
.\build\bin\program.exe

REM find the PID
frida-ps

REM attach .\build\bin\hook.dll to PID
python .\scripts\loader.py PID .\build\bin\hook.dll

Output

exampleFunction(a=1, b=2, c=3)
ret = 48

handle = 0x7f79317921e0
exampleFunction_original = 0x7f793178e120

exampleFunction(a=1, b=2, c=3)
[+] org ret = 48
[+] exampleFunction_hook(a=1, b=2, c=3)
ret = 42