简书链接:frida初探hook之操作windownotepadexe
文章字数:234,阅读全文大约需要1分钟
为了方便需要环境python3.7,使用Anaconda3 Prompt

1
pip install frida-tools

打开notepad.exe

在e判编写一个test.py
填写如下内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
import frida

def on_message(message, data):
    print("[on_message] message:", message, "data:", data)

session = frida.attach("notepad.exe")

script = session.create_script("""'use strict';

rpc.exports.enumerateModules = function () {
  return Process.enumerateModulesSync();
};
""")
script.on("message", on_message)
script.load()

print([m["name"] for m in script.exports.enumerate_modules()])

执行
python test.py
下图分别演示进程不存在,和存在的不同操作结果。

image.png

mac切换环境

1
source activate

创建环境

1
conda create env_name -n luozheng

必须退出环境才能创建

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23


aaadeMacBook-Pro:~ aaa$ conda create -n luozheng
Solving environment: done


==> WARNING: A newer version of conda exists. <==
  current version: 4.5.4
  latest version: 4.5.8

Please update conda by running

    $ conda update -n base conda



## Package Plan ##

  environment location: /Users/aaa/anaconda3/envs/luozheng


Proceed ([y]/n)?

查看所有环境

1
2
3
4
5
aaadeMacBook-Pro:~ aaa$ conda info -e
# conda environments:
#
base                  *  /Users/aaa/anaconda3
luozheng                 /Users/aaa/anaconda3/envs/luozheng

mac进入环境

1
2
aaadeMacBook-Pro:~ aaa$ source activate luozheng
(luozheng) aaadeMacBook-Pro:~ aaa$

如果不填写环境名,默认进入的是base.
输入python发现环境是3.6.5
https://blog.csdn.net/lq_547762983/article/details/81003528