frida-read-process-memory v1.0.0

frida-read-process-memory

Stream the memory of a running process.

Example

var frida = require('frida');
var Read = require('frida-read-process-memory');
var bytes = require('bytes');

var session = // frida process session
var reader = Read(session);

reader.on('total', function(t){
  console.log('reading a total of %s', bytes(t));
});
reader.on('range', function(r){
  console.log('reading %s (%s)', r.baseAddress, bytes(r.size));
});
reader.on('skip', function(r){
  console.log('skip %s', r.baseAddress);
});
reader.on('progress', function(p){
  console.log(
    'read %s%',
    Math.round(p.bytesRead/p.bytesTotal*100*100)/100
  )
});
reader.on('end', function(){
  session.detach();
});

reader.pipe(yourDestination);

Check example.js for a script that connects to a phone via USB and dumps the foremost application's memory to dump.out.

Installation

$ npm install frida-read-process-memory

API

Read(session)

Create a read stream streaming data from given session.

#on('total', fn)

Called once with the total number of bytes to read.

#on('range', fn)

Called when about to read a range.

#on('skip', fn)

Called when skipping a rance because of an access violation.

#on('progress', fn)

Called after successfully reading a range, with .bytesRead and .bytesTotal.

Caveats

There is a race condition where process memory is remapped after the memory ranges are fetched, but before they're read. Memory not available anymore will simply be ignored.

License

MIT