Frida官方文檔-快速入門指南

對於不耐煩的人， 這裏是使用Frida進行跟蹤的方法

~ $ pip install frida-tools
~ $ frida-trace -i "recv*" -i "read*" *twitter*
recv: Auto-generated handler: …/recv.js
#(snip)
recvfrom: Auto-generated handler: …/recvfrom.js
Started tracing 21 functions. Press Ctrl+C to stop.
    39 ms	recv()
   112 ms	recvfrom()
   128 ms	recvfrom()
   129 ms	recvfrom()

如您所見，Frida將自己注入Twitter，枚舉已加載的共享庫，並鉤住名稱以recv或read開頭的所有函數。 它還生成了一些樣板腳本，用於在函數調用發生時檢查它們。 現在，這些腳本只是您要進行編輯以使其具有品味的示例，隨着它們在文件系統上的更改，它們將自動重新加載。 默認情況下，它們僅打印函數的名稱，如您在上面的輸出中所見
現在，讓我們看一下生成的recvfrom.js:

/*
 * Auto-generated by Frida. Please modify to match the
 * signature of recvfrom.
 *
 * This stub is somewhat dumb. Future verions of Frida
 * could auto-generate based on OS API references, manpages,
 * etc. (Pull-requests appreciated!)
 *
 * For full API reference, see:
 * http://www.frida.re/docs/javascript-api/
 */

{
    /**
     * Called synchronously when about to call recvfrom.
     *
     * @this {object} - Object allowing you to store state for
     * use in onLeave.
     * @param {function} log - Call this function with a string
     * to be presented to the user.
     * @param {array} args - Function arguments represented as
     * an array of NativePointer objects.
     * For example use args[0].readUtf8String() if the first
     * argument is a pointer to a C string encoded as UTF-8.
     * It is also possible to modify arguments by assigning a
     * NativePointer object to an element of this array.
     * @param {object} state - Object allowing you to keep
     * state across function calls.
     * Only one JavaScript function will execute at a time, so
     * do not worry about race-conditions. However, do not use
     * this to store function arguments across onEnter/onLeave,
     * but instead use "this" which is an object for keeping
     * state local to an invocation.
     */
    onEnter: function onEnter(log, args, state) {
        log("recvfrom()");
    },

    /**
     * Called synchronously when about to return from recvfrom.
     *
     * See onEnter for details.
     *
     * @this {object} - Object allowing you to access state
     * stored in onEnter.
     * @param {function} log - Call this function with a string
     * to be presented to the user.
     * @param {NativePointer} retval - Return value represented
     * as a NativePointer object.
     * @param {object} state - Object allowing you to keep
     * state across function calls.
     */
    onLeave: function onLeave(log, retval, state) {
    }
}

現在，使用下面的代碼代替log()

log("recvfrom(socket=" + args[0].toInt32()
    + ", buffer=" + args[1]
    + ", length=" + args[2].toInt32()
    + ", flags=" + args[3]
    + ", address=" + args[4]
    + ", address_len=" + args[5].readPointer().toInt32()
    + ")");

Save the file (it will be reloaded automatically) and perform some action in your Twitter application to trigger some network activity. You should now see something along the lines of:
保存文件（該文件將自動重新加載），然後在您的Twitter應用程序中執行某些操作以觸發某些網絡活動。 現在，您應該可以看到以下內容：

  8098 ms	recvfrom(socket=70,
                         buffer=0x32cc018, length=65536,
                         flags=0x0,
                         address=0xb0420bd8, address_len=16)

That’s nothing, though. The real magic happens when you start building your own tools using the Python API that frida-trace is built on top of.
沒什麼 當您開始使用在frida-trace構建於Python之上的Python API來構建自己的工具時，真正的魔力就會發生。
這裏保留英文，總是不能明確的翻譯出意思來。