const LIBNAME = "libmmv8.so"; const prefix = "_ZN2v87Isolate"; waitForModule(LIBNAME, hookAllExports); function waitForModule(moduleName, callback) { var module = Process.findModuleByName(moduleName); if (module !== null) { console.log(moduleName + " module found"); callback(moduleName, prefix); } else { console.log(moduleName + " module not found, waiting..."); setTimeout(function () { waitForModule(moduleName, callback); }, 100); // Check every 0.1 second } } function hookAllExports(moduleName, prefix) { console.log("Starting export enumeration for " + moduleName); var exports = Module.enumerateExports(moduleName); exports.forEach(exp => { try{ if (exp.type === "function" && (exp.name.toLowerCase().includes("isolate") || exp.name.toLowerCase().includes("startprofiling")|| exp.name.toLowerCase().includes("profiler") /* || exp.name.toLowerCase().includes("initialize")*/)) { console.log("Hooking", exp.name); Interceptor.attach(exp.address, { onEnter: function (args) { console.log(`Called ${exp.name}`); try{ console.log('Arguments:', args[0]); }catch(e){ console.log('Arguments:', args); } // console.log('from:\n' + // Thread.backtrace(this.context, Backtracer.ACCURATE) // .map(DebugSymbol.fromAddress).join('\n') + '\n'); // } }, onLeave: function (retval) { console.log(`Returned from ${exp.name}`); console.log('Return value:', retval); console.log('\n'); // You can add logic here to inspect or modify the return value } }); } } catch (e) { console.log(e); } }); }