Implement the 'ies' command

nowsecure · Dec 10, 2024 · e7ba497 · e7ba497
1 parent 6b59d1b
commit e7ba497
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 3 deletions.
diff --git a/src/agent/index.ts b/src/agent/index.ts
@@ -96,6 +96,7 @@ const commandHandlers = {
     ie: [info.listEntrypoint, 'show entrypoint of binary in current offset'],
     ieq: info.listEntrypointQuiet,
     'ie*': info.listEntrypointR2,
+    ies: info.listEntrypointSymbols,
     iej: info.listEntrypointJson,
     afs: [anal.analFunctionSignature, 'Show function signature', '[klass] [method]'],
     ii: [info.listImports, 'list imports'],

diff --git a/src/agent/lib/info/index.ts b/src/agent/lib/info/index.ts
@@ -11,6 +11,7 @@ import strings from '../strings.js';
 import { belongsTo, padPointer, sanitizeString } from '../utils.js';
 import { parseMachoHeader, hasMainLoop } from '../darwin/index.js';
 import { r2frida } from "../../plugin.js";
+import { listClassesLoaded } from './classes.js';
 
 
 export async function dumpInfo() {
@@ -186,6 +187,77 @@ export function listHeadersR2(args: string[]) : string {
     return "";
 }
 
+interface Symbol {
+    name: string;
+    address: string;
+}
+
+export function listEntrypointSymbols(args: string[]): string {
+    const validEntrypoints = [
+        "main", "_start", "_main", "Main",
+        "WinMain", "wmain", "DllMain", "wWinMain",
+        "UIApplicationMain",
+        "applicationDidFinishLaunching",
+        "application:didFinishLaunchingWithOptions",
+        "applicationWillResignActive",
+        "applicationDidEnterBackground",
+        "applicationWillEnterForeground",
+        "applicationDidBecomeActive",
+        "applicationWillTerminate",
+        "application:configurationForConnectingSceneSession:options",
+        "application:didDiscardSceneSessions",
+        "application:openURL:options",
+        "application:performFetchWithCompletionHandler",
+        "application:didReceiveRemoteNotification:fetchCompletionHandler",
+        "application:handleEventsForBackgroundURLSession:completionHandler",
+        "application:shouldSaveSecureApplicationState",
+        "application:shouldRestoreSecureApplicationState",
+        "application:didRegisterForRemoteNotificationsWithDeviceToken",
+        "application:didFailToRegisterForRemoteNotificationsWithError",
+        "application:didReceiveRemoteNotification",
+        "application:handleOpenURL",
+        "application:continueUserActivity:restorationHandler",
+        "application:didUpdateUserActivity",
+        "scene:willConnectToSession:options",
+        "sceneDidDisconnect",
+        "sceneDidBecomeActive",
+        "sceneWillResignActive",
+        "sceneWillEnterForeground",
+        "sceneDidEnterBackground",
+        "application:handleWatchKitExtensionRequest:reply",
+        "main",
+        "loadView",
+        "viewDidLoad"
+    ];
+    const symbols = new Array<Symbol>();
+    if (ObjC.available) {
+        const classes = ObjC.classes;
+        Object.keys(classes).forEach(function (className: string) {
+            var cls = ObjC.classes[className];
+            var methods = cls.$methods; // $ownMethods?
+            methods.forEach(function (methodName) {
+                try {
+                    var address = cls[methodName].implementation; // Get the implementation address
+                    console.log("  Method: " + methodName + " | Address: " + address);
+                    if (validEntrypoints.includes(methodName)) {
+                        symbols.push({ name: className + "." + methodName, address: address });
+                    }
+                } catch (e) {
+                    console.error("  [Error getting implementation address for method " + methodName + "]: " + e);
+                }
+            });
+        });
+    }
+
+    if (symbols.length === 0) {
+        return "";
+    }
+    const entries = symbols
+        .map((entry) => {
+            return 'f entry.' + entry.name + ' = ' + entry.address;
+        }).join('\n');
+    return "fs+symbols\n" + entries + "\nfs-";
+}
 export function listEntrypointR2(args: string[]) : string {
     let n = 0;
     const entries = listEntrypointJson()
@@ -631,6 +703,7 @@ export default {
     dumpInfoJson,
     listEntrypointJson,
     listEntrypointR2,
+    listEntrypointSymbols,
     listEntrypointQuiet,
     listEntrypoint,
     listImports,

diff --git a/src/io_frida.c b/src/io_frida.c
@@ -2147,7 +2147,7 @@ RIOPlugin r_io_plugin_frida = {
 	.close = __close,
 	.read = __read,
 	.check = __check,
-#if ((R2_VERSION_MAJOR == 5 && R2_VERSION_MINOR >= 4) || R2_VERSION_MAJOR > 5)
+#if R2_VERSION_NUMBER >= 50405
 	.seek = __lseek,
 #else
 	.lseek = __lseek,

diff --git a/test/db/extras/version b/test/db/extras/version
@@ -4,7 +4,7 @@ CMDS=<<EOF
 :?V
 EOF
 EXPECT=<<EOF
-16.5.7
+16.5.9
 EOF
 RUN
 
@@ -14,7 +14,7 @@ CMDS=<<EOF
 : Frida.version
 EOF
 EXPECT=<<EOF
-16.5.7
+16.5.9
 EOF
 RUN
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,7 +4,7 @@ CMDS=<<EOF @@
     :?V
     EOF
     EXPECT=<<EOF
-.5.7
+.5.9
     EOF
     RUN
@@ Expand All / @@ -14,7 +14,7 @@ CMDS=<<EOF @@
     : Frida.version
     EOF
     EXPECT=<<EOF
-.5.7
+.5.9
     EOF
     RUN
@@ Expand Down @@