hook win32 messageBoxA ok.

Author: linjun

.idea/MultiWechat.iml

@@ -0,0 +1,57 @@
+import frida
+import sys
+from utils.utils import *
+class ProcessHooker:
+    def __init__(self,cmd):
+        self.pid=frida.spawn(cmd)
+        self.session=frida.attach(self.pid)
+
+
+    def _process_message(self, message, data):
+        """
+            Frida COMMS
+        """
+        if message['type'] == 'send':
+            stanza = message['payload']
+            if stanza['name'] == '+log':
+                msg=str(stanza["payload"])
+                logl("["+str(self.pid)+"]\t"+msg)
+                try:
+                    self.extract.post({ 'type': '+log-ack' })
+                except Exception as e:
+                    pass
+
+            elif stanza['name'] == '+pkill':
+                logl( "Kill Sub-Process: " + str(stanza['payload']))
+
+        else:
+            logl( "==========ERROR==========")
+            logl(message)
+            logl("=========================")
+
+    def inject_script(self,jsfile):
+        # TODO: upgade to use frida-compile
+        with open(jsfile) as fp:
+            script_js = fp.read()
+        self.extract = self.session.create_script(script_js, name="mw.js")
+        self.extract.on('message', self._process_message)
+        self.extract.load()
+        logl("js loaded.")
+
+    def go(self):
+        logl("resume pid:"+str(self.pid))
+        frida.resume(self.pid)
+
+
+def main():
+    cmd=[r"F:\projects\C++\win32\Release\win32.exe"]
+    jsfile="mw.js"
+    Hooker=ProcessHooker(cmd)
+    logl("process spwnded.");
+    Hooker.inject_script(jsfile)
+    logl("js injected.");
+    Hooker.go()
+    logl("go!");
+
+if __name__ == '__main__':
+    main()

.idea/misc.xml

@@ -0,0 +1,25 @@
+var DEBUG_FLAG = true;
+function log(msg)
+{
+    if(DEBUG_FLAG == true){
+        send({
+            name: '+log',
+            payload: msg
+        });
+        recv('+log-ack', function () {}).wait();
+    }
+};
+
+
+var ptrMessageBoxA = Module.findExportByName("user32.dll","MessageBoxA");
+var MessageBoxA=new NativeFunction(ptrMessageBoxA,'int',['int','pointer','pointer','int'],'stdcall');
+log("ptrMessageBoxA :"+ptrMessageBoxA);
+Interceptor.replace(ptrMessageBoxA,new NativeCallback(function (hwnd,pText,pTitle,type) {
+    strText=Memory.readUtf8String(pText);
+    strTitle=Memory.readUtf8String(pTitle);
+    log("MessageBoxA "+strText+" with title "+strTitle);
+    strHook=Memory.allocUtf8String("hooked!");
+    return MessageBoxA(hwnd,strHook,pTitle,type);
+
+},'int',['int','pointer','pointer','int'],'stdcall'));
+

.idea/modules.xml

@@ -0,0 +1,164 @@
+import os
+import subprocess
+import threading
+import time
+
+import chardet
+import sys
+
+
+def appendStrToFile(sstr, filepath):
+    f = open(filepath, "a+")
+    try:
+        sstr = sstr.encode('utf-8')
+    except Exception, e:
+        pass
+    f.write(sstr)
+    f.close()
+
+
+def logToFile(msg, filepath):
+    prefix = "[" + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) + "]"
+    logtext = prefix + "\t" + msg
+    appendStrToFile(msg, filepath)
+
+
+def loglToFile(msg, filepath):
+    logToFile(msg + "\n", filepath)
+
+
+def logBase(msg):
+    sys.stdout.write(msg)
+    appendStrToFile(msg, r"f:\bciBuild.log")
+
+
+def log(msg):
+    prefix = "[" + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) + "]"
+    logtext = prefix + "\t" + msg
+    logBase(logtext)
+
+
+def loglplus(msg):
+    log("[+] " + msg + "\n")
+
+
+def loglminer(msg):
+    log("[-] " + msg + "\n")
+
+
+def logldot(msg):
+    log("[.] " + msg + "\n")
+
+
+def logldebug(msg):
+    log("[D] " + msg + "\n")
+
+
+def logl(msg):
+    msg=str(msg)
+    log("[.] " + msg + "\n")
+
+
+
+
+
+def GetEncoding(data):
+    chardit1 = chardet.detect(data)
+    encoding = chardit1['encoding']
+    # logd("encode:"+encoding)
+    return encoding
+
+
+def DoCmd_pexpect(cmd):
+    logldebug("DoCmd_pexpect:[" + cmd + "]")
+    # print("spawn..%d")%(threading._get_ident())
+    # deadlock here sometimes,inside the ReadFile.
+    spawn = 0  # winpexpect.winspawn("cmd.exe /c "+cmd)
+    # print("spawn..done")
+    text = ""
+    bEmpty = True
+    while True:
+        out = spawn.read(16);
+        if out != "":
+            bEmpty = False
+            text += out
+
+        # print("empty:%d isalive:%d")%(bEmpty,spawn.isalive())
+        if bEmpty and not spawn.isalive():
+            break
+        bEmpty = True
+
+    # print(text)
+    if text == "":
+        ret = ""
+    else:
+        encoding = GetEncoding(text)
+        ret = text.decode(encoding)
+    ret = ret.strip()
+    logldebug("result_pexpect:[" + ret + "]")
+    return ret
+
+
+def DoCmd_OsPopen(cmd):
+    cmdLogFile = r"d:\bcicmd.log"
+    msg = "DoCmd_system:[" + cmd + "]"
+    loglToFile(msg, cmdLogFile)
+    ret = os.popen("%s 2>&1" % cmd).read()
+    msg = "result:[" + ret + "]"
+    loglToFile(msg, cmdLogFile)
+    return ret
+
+
+def DoCmd_popen(cmd):
+    logldebug("DoCmd_popen:[" + cmd + "]")
+    process = subprocess.Popen("cmd.exe /c " + cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    text = ""
+    bEmpty = True;
+    while True:
+        # print("reading... stdout")
+        out = process.stdout.read(16)
+        # print("reading... stderr")
+
+        # deadlock here sometimes
+        err = process.stderr.read(16)
+        # print("reading... done")
+
+        if out != '':
+            text += out
+            bEmpty = False
+            # print(out)
+        if err != '':
+            text += err
+            bEmpty = False
+            # print(err)
+        if bEmpty and process.poll() != None:
+            break
+        bEmpty = True
+        # print("poll..\n");
+    # print(text)
+    if text == "":
+        ret = ""
+    else:
+        encoding = GetEncoding(text)
+        ret = text.decode(encoding)
+    ret = ret.strip()
+    logldebug("result_popen:[" + ret + "]")
+    return ret
+
+
+def DoCmd(cmd, use_expect=False):
+    return DoCmd_OsPopen(cmd)
+    if not use_expect:
+        return DoCmd_popen(cmd)
+    return DoCmd_pexpect(cmd)
+
+
+# write "data" to file-filename
+def writeFile(filename, data):
+    f = open(filename, "w")
+    f.write(data)
+    f.close()
+
+def getFileMd5(filepath):
+    return DoCmd("md5sum " + filepath + "|grep -oE '[a-zA-Z0-9]{32}'").strip()
+    pass