frida Stalker.follow 死循环

charleyha · 发表于 2022-10-31 17:49

我希望通过Stalker.follow 去读一段汇编的寄存器。现在这种写法会导致一直在几个指令里循环，如果我不去看寄存器，而是通过console.log(instruction.address.sub(base_addr) + "\t:\t" + instruction); 去看执行的指令，是可以正常执行。

有没有大佬能给解答一下。

    var mou = Process.getModuleByName(MODULE_NAME)
    var tid = Process.getCurrentThreadId()
    Stalker.follow(tid, {

        transform: (iterator) => {
            const instruction = iterator.next();
            const startAddress = instruction.address;
            const isModuleCode = startAddress.compare(mou.base) >= 0 &&  (mou.base.add(mou.size)).sub(startAddress) > 0;
            do {
                iterator.keep();
                if (isModuleCode) {
                                                //console.log(instruction.address.sub(base_addr) + "\t:\t" + instruction);
                    iterator.putCallout((context) => {
                        let funcAddress = getFuncAddress(context.pc, exportTable);
                        console.log(JSON.stringify({
                            fromAddress: funcAddress,
                            x1 : context.x1,
                            x19:context.x19
                        }))
                    })
                }
            } while (iterator.next() !== null);
        }
    })

部分死循环的log

{"fromAddress":"0x1ca8f340","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f344","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f348","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f33c","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f340","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f344","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f348","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f33c","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f340","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f344","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f348","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f33c","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f340","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f344","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f348","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f33c","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f340","x1":"0x16f795577","x19":"0x11c66fe40"}
{"fromAddress":"0x1ca8f344","x1":"0x16f795577","x19":"0x11c66fe40"}

帐号		自动登录	找回密码
密码			注册[Register]

[iOS 求助] frida Stalker.follow 死循环