-
Notifications
You must be signed in to change notification settings - Fork 858
Hacking
So you want to dig a little deeper into the project and its source code. Maybe to test out some changes, or better yet, for a pull request! This article aims to give you an overview on the project structure.
At its core, objection relies heavily on Frida to perform most of the magic. Frida, together with some purpose built hooks and the python REPL is what makes up objection.
A command is entered into the objection REPL, running a python method which may or may not expect arguments. Depending on the python method invoked, a call using the Frida RPC to the injected agent will be made.
Let's take a quick look at the project structure.
Command line argument parsing is handled with click, the REPL is handled by python-prompt-toolkit and the agent is written in TypeScript and compiled to ES5 compatible JavaScript. If you add the -d flag to the explore command, extra debugging information would be printed to the screen during normal operation.
- Python methods to invoke when matched to a command lives in objection/commands.
- The Frida agent performing the instrumentation magic lives in objection/agent.
- Classes and methods responsible for the command line interface, as well as the REPL live in objection/console.
When a command is entered in the objection explore REPL, the run_command() method is run to process the string input received from prompt_toolkit. The run_command() method 'explodes' the received command, honouring quotes just like a shell would, and tries to find a python method to execute with _find_command_exec_method .
Commands that can be run is defined in a repository located in the COMMANDS variable in repository.py, specifying an exec key with a value being the python method to execute. Any remaining tokens will be passed on to the python method that will get called as arguments.
Communications with a remote FridaGadget is handled in utils/agent.py. The compiled agent is injected as soon as the REPL is launched. Communications with Frida occurs via RPC calls, with entry points defined in the agents RPC directory and exposed via the agents main rpc.exports declaration.