Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

README.md

frida-cfg-hook

This is a sample instrumentation script based on the Frida instrumentation toolkit which leverages Control Flow Guard to intercept indirect calls in CFG-enabled Windows binaries.

This is based on an idea by @deroko_, who first implemented it in C.

This sample instrumentation script will attach to a running process and hook the ntdll!LdrpValidateUserCallTarget function, and every time it's called it will log the address from which it was invoked, and the function pointer that CFG is about to validate. Hopefully you should be able to customize it to meet your needs by modifying the Javascript part of the code.

frida-cfg-hook has been tested on 32-bit Windows 8.1 Update 3.

Usage

Just run the Python script specifying the PID or the name of the running process you want to instrument. Examples:

python frida-cfg-hook.py 1234

or

python frida-cfg-hook.py calc.exe

Dependencies

About

An instrumentation script based on Frida which leverages Control Flow Guard to intercept indirect calls in CFG-enabled Windows binaries.

Resources

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.