Why exactly do you think Frida looks interesting?
On MacOSX, there is the SIMBL project which enables such a plugin architecture for any OSX apps. E.g. you can get extra features like window-always-on-top, window-transparency, etc. And you can automate / script some apps which would not be scriptable otherwise or to such extend. Or you could add specific features to applications. E.g. Dropbox on MacOSX uses a technic like this to display some state-icon of its Dropbox directory in Finder.
Some links to SIMBL:
SIMBL would inject other native code into to some app. In most cases you would inject other ObjC code.
I like the idea to dynamically script or mess around with an app. For that reason, I used SIMBL to inject Python + iTerm + PyObjC. That way, you can interactively interact with any app with Python. https://github.com/albertz/Pyjector
A similar project is this: https://github.com/albertz/FScriptAnywhereSIMBL
Speaking as its creator and maintainer, it's been a pet project for the last 5 years (7 if you start from frida-gum, the code instrumentation engine), but to this day it's still rather obscure considering its potential. I regret not spending more time marketing the project over the years, so these days I'm doing my best to make up for that. :)
I cannot reproduce on iPhone 5 which is NOT running any 64-bit kernel.
Possibly I have provided wrong prototypes, mach_vm is n/a in iOS: https://gist.github.com/cfr/425812debdb2a6d0449f
It doesn't work on my device running iOS 8.1.2
Can someone confirm?
Edit: It works now!
library = (char *) _dyld_get_image_header (1);
If you're unlucky library at index 1 contains mach_vm_read_overwrite and is suddenly no longer executable (since we change its second memory page from R-X to RW- due to stock kernels not allowing RWX pages).
It works now! Device restarts ;)
I get a kernel panic in Mac OSX Mavericks (10.9.4) running this
p = frida.attach("cat")
Not sure if this is a similar problem or not but doing print([x.name for x in p.enumerate_modules()]) instead works just fine.
Edit: Looks like the problem may be attaching to a program a second time. Not sure if I need to run some detach command or whatnot.
and thanks for checking it out! The currently released version of Frida, 1.6.8, doesn't have the work-around and triggers the kernel panic described in the blog post. The work-around landed in git last night and will be part of 1.6.9 to be released soon; hopefully by tomorrow if all goes to plan. Feel free to clone and build Frida yourself if you'd like to play with it in the meantime (or make sure you never attach more than once to any process). Sorry for the inconvenience!
Feel free to drop by #frida on irc.freenode.net, btw!
That is both wrong and mean. Non-programmers are 100% welcome on Hacker News. The only criterion is willingness to follow the site guidelines.
The mandate of HN is "stories for the intellectually curious", not "exclusive programmer tribe".
I kid, I kid. Down with the toxic, up with the awesome (with the definitions up to the people in power)!
Also, at the time of writing this, the #1 article on Hacker News is "Most types of cancer not due to “bad luck” [pdf]" which has little to do with computers or software.
Software has progressed to the point where the complexity and interconnectedness is far beyond what any one developer can do. Everyone just knows a few subsections.
I write Python for a living.
Kernel panics don't just happen on OSX unless you have some third party driver that is misbehaving or far more commonly you have a hardware fault.