原先用frida 做了个api 追踪,批量把frida的js脚本载入,可以自己添加要追踪的api和返回的信息

把脚本返回的json 存起来,并且绘制流程图。

部分:

def on_message(message, data):
    global log_list
    global verbose_flag
    
    if message['type'] == 'send':
        payload = message['payload']
        log_list.append(payload)
        if verbose_flag == 1:
            print(payload)

def load_js_script(session):
    script_folder = "./apis_js/"
    script_list = []
    
    listdir = os.listdir(script_folder)
    for name in listdir:
        full_path = os.path.join(script_folder, name)
        script_list.append(full_path)
        
    print(script_list)
    
    for path in script_list:     
        script = session.create_script(read_script(path))
        script.on('message', on_message)
        script.load()

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/b460af7e-e792-46f6-b7d4-bb6fa6ec511c/Untitled.png

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/cbc35e22-fe6e-424a-ac8c-2656f013c508/Untitled.png

追踪绘图(reverse_tcp meterpreter)

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/d1125a81-df73-49e2-97b9-541a26bc4aa0/GraphTraceApi.jpg

https://github.com/Nek0y4nSu/win-api-tracer-frida