how can I access to the bytes returned by ReadByteArray?

[frapik99]

Hi,
how can I access to the bytes returned by ReadByteArray?

Example code:

a = Memory.readByteArray(this.buf, this.count);

should I use a[0]?

My goal is to identify the position of the first 0 in the array.

Thanks

[typoon]

Hey @frapik99

I don't know if you solved this already or not, but wanted to give you a way of doing that. Try this code:

'use strict';

var memory_regions = new Array();
var ranges = Process.enumerateRangesSync("r--");
for(var i = 0; i < ranges.length; i++) {
    memory_regions.push(ranges[i]);
}

console.log("Reading from address: " + ranges[0].base);
var a = Memory.readByteArray(ranges[0].base, 64);
console.log(a);

var b = new Uint8Array(a);
var str = "";

for(var i = 0; i < b.length; i++) {
    str += (b[i].toString(16) + " ");
}
console.log(str);

readByteArray returns an ArrayBuffer, you have to convert it to Uint8Array and then just access the indexes in that array. Here is the output of the above code:

frida -l read_memory.js Calculator.exe
     ____
    / _  |   Frida 10.5.8 - A world-class dynamic instrumentation framework
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at http://www.frida.re/docs/home/
Attaching...
Reading from address: 0x7ffe0000
           0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
00000000  00 00 00 00 00 00 a0 0f 75 f1 7a f4 a2 03 00 00  ........u.z.....
00000010  a2 03 00 00 8d 00 87 a4 2e 22 d3 01 2e 22 d3 01  ........."..."..
00000020  00 a0 11 87 21 00 00 00 21 00 00 00 64 86 64 86  ....!...!...d.d.
00000030  43 00 3a 00 5c 00 57 00 49 00 4e 00 44 00 4f 00  C.:.\.W.I.N.D.O.
0 0 0 0 0 0 a0 f 75 f1 7a f4 a2 3 0 0 a2 3 0 0 8d 0 87 a4 2e 22 d3 1 2e 22 d3 1 0 a0 11 87 21 0 0 0 21 0 0 0 64 86 64 86 43 0 3a 0 5c 0 57 0 49 0 4e 0 44 0 4f 0

Hope that helps.

[nalzok]

Alternatively, simply use hexdump.

[3xp10it]

I have another related question：
How can I decode the bytes by specific encoding( eg. GBK ) with an memory address? My thoughts:

var bytes_value=addr.ReadByteArray(length)
var string_result=bytes_value.decode('gbk')
console.log(string_result)

or

var string_result=addr.readString(encoding='gbk')
console.log(string_result)

I know it won't work,how should I make it ? Can someone help me?

[tyilo]

@3xp10it Please don't tag random people.

[3xp10it]

@typoon Would you please tell me can how can I get an Array(bug not Uint8Array) from ReadByteArray? I want to get an Array from ReadByteArray, because I want to send an Array to on_message.