Manuscript

frida 库是在编写frida的hook脚本时必须引入的依赖，其在windows平台的编译过程如下。

1. 安装 visual studio 2022，Git，python3.10 64bit，python3.10 32bit，nodejs，nasm，7zip，其中，Git, python, nodejs, nasm, 7zip，要将这些工具加入环境变量。

2. 拉取frida源码

git clone --recurse-submodules https://github.com/frida/frida
git checkout 16.0.2

3. 修改配置项和部分源码

   1. 修改frida项目中的releng\frida.props文件中的如下部分为python的安装目录

   2. 原始:
          <PythonLocation Condition="'$(PythonLocation)'=='' AND '$(Platform)'=='x64'">$(ProgramFiles)\Python310< / PythonLocation>
          <PythonLocation Condition="'$(PythonLocation)'=='' AND '$(Platform)'=='Win32'">$(MSBuildProgramFiles32)\Python310< / PythonLocation>
          
      例如修改为:
          <PythonLocation Condition="'$(PythonLocation)'=='' AND '$(Platform)'=='x64'">C:\Users\29265\AppData\Local\Programs\Python\Python310< / PythonLocation>
          <PythonLocation Condition="'$(PythonLocation)'=='' AND '$(Platform)'=='Win32'">C:\Users\29265\AppData\Local\Programs\Python\Python310-32< / PythonLocation>
      

   3. 修正vala相关文件的“%s”修改为"%s"

   4. 例如
      
      原始:
          throw new Error.NOT_SUPPORTED ("Unsupported ABI: “%s”; please file a bug", abi);
      修改为:
          throw new Error.NOT_SUPPORTED ("Unsupported ABI: "%s"; please file a bug", abi);
      

注意: 如下的步骤需要在全局代理的情况下进行，同时对git设置代理，例如

git config --global http.proxy ``http:127.0.0.1:1080

4. 使用visual studio 2020打开frida.sln，先构建frida-deps，【资源管理器】->【frida-deps】-> 【生成】;
5. 编译完成后点击【生成】-> 【生成解决方案】，即编译完成;

Run:

编译完成后验证是否可用

1. 在\build\frida-windows\x64-Release\lib\python3.10\site-packages 目录下启动cmd，同时放入test.py验证文件。

验证脚本 test.py:

import sys

print(sys.path)
sys.path.append("/home/lds/project/python/frida/build/frida-linux-x86_64/lib/python3.10/site-packages")

import frida
proname = r'notepad.exe'
session = frida.attach(proname)
script = session.create_script('''
rpc.exports.eM = function (){
  return Process.enumerateModules();
};
''')
 
def on_msg(msg,data):
  print("[signal message] msg:", msg,"data:", data)
  
script.on('message',on_msg)
script.load()
 
ms = script.exports.e_m()
print([m['name'] for m in ms])

2. 打开一个记事本;
3. 在打开的cmd中输入python test.py，即可验证;

例如:

D:\frida_source\frida\build\frida-windows\x64-Release\lib\python3.10\site-packages>python test.py
['notepad.exe', 'ntdll.dll', 'KERNEL32.DLL', 'KERNELBASE.dll', 'GDI32.dll', 'win32u.dll', 'gdi32full.dll', 'msvcp_win.dll', 'ucrtbase.dll', 'USER32.dll', 'combase.dll', 'RPCRT4.dll', 'shcore.dll', 'msvcrt.dll', 'COMCTL32.dll', 'IMM32.DLL', 'bcryptPrimitives.dll', 'ADVAPI32.dll', 'sechost.dll', 'kernel.appcore.dll', 'uxtheme.dll', 'clbcatq.dll', 'MrmCoreR.dll', 'SHELL32.dll', 'windows.storage.dll', 'Wldp.dll', 'shlwapi.dll', 'MSCTF.dll', 'OLEAUT32.dll', 'TextShaping.dll', 'efswrt.dll', 'wintypes.dll', 'MPR.dll', 'twinapi.appcore.dll', 'oleacc.dll', 'textinputframework.dll', 'CoreUIComponents.dll', 'CoreMessaging.dll', 'WS2_32.dll', 'ntmarta.dll', 'frida-agent.dll', 'CRYPT32.dll', 'ole32.dll', 'bcrypt.dll', 'PSAPI.DLL', 'DNSAPI.dll', 'IPHLPAPI.DLL', 'WINMM.dll', 'NSI.dll']

Reference

Frida编译2022