Skip to content

Interruptor 0.1.3
Compare
Choose a tag to compare
@FrenchYeti FrenchYeti released this 17 May 00:30
· 98 commits to main since this release
v0.1.3
b370003

Android / arm64 Only

Improvement of stability and add a ways to map a type to a complex custom structure.
Structures are parsed automatically in memory for each syscall using this type.

Kernel structures involved into syscall API will be published into separate repository:
https://github.com/FrenchYeti/frida-systruct

🔥 Improvements :

  • Fix issue when file descriptor origin cannot be retirved
  • Add a way to define structures for complex arguments, to parse and dump it
  • Internals : add a callback to execute code only when the device is virtual

Supported:

  • Close to 100% of coverage for Flag/Bitmap textual decomposition
  • Parsing of syscall args (near of 100% for primitive types) : ORed flags, mode, descriptors, ..
  • Start to retrieve name of error code
  • More than 950 constants from Kernel supported
  • Implement all descriptors : fd, dfd, wd, sockfd, msqd, ..
  • API to use constant from Kernel API inside hooks, including error code
  • Follow Threads
  • Module filtering by name, by regexp, by properties
  • System call filtering by name, by regexp, by properties
  • Thread coloring
  • Android/Arm64 syscalls according to AOSP
  • Include deprecated syscalls/flags from linux kernel 2.x -> 5.x
  • SVC hooking
  • Dynamic loading
  • Callback function when start() happens

📆 Partially supported:

  • socket, ...
  • Signals
  • Error code retrieving / returned value parsing
  • Contextual args hint : exploring cmd/opts as in prctl()
  • Coverage

🛰️ Not supported:

  • HVC, SMC, ...
  • follow fork
Assets 3
Loading