Basic Usage

The Python API for Frida is fairly high-level and for the time being quite limited. It should be taken as an example at what you might build on top of the more flexible Frida Core APIs. We advise you to read the source code in frida/core.py and frida/tracer.py to dig deeper into the details.

Enumerating Modules

The enumerate_modules() method lists all modules (mostly shared/dynamic libraries) currently loaded in the target process’ session s.

Running:

print(s.enumerate_modules())

should give you something like:

[Module(name="cat", base_address=0x400000, size=20480, path="/bin/cat"), ...]

where base_address is the base address of the module.

Enumerating Memory Ranges

The enumerate_ranges(mask) method lists all memory ranges currently mapped by the target process’ session s.

Running:

print s.enumerate_ranges('rw-')

should give you something like:

[Range(base_address=0x2d4160a06000, size=1019904, protection='rwx'), ...]

where base_address is the base address of that range. The enumerate_ranges() method requires a protection mask on the form rwx where - can be taken to mean any (wildcard).

Reading/Writing Memory

The read_bytes(address, n) method reads n bytes from address in the target process’ session s. The write_bytes(address, data) method writes the bytes in data (a raw Python string) to address.

Running:

print s.read_bytes(49758817247232, 10).encode("hex")

should give you some binary data, e.g.:

454c4602010100000000

Running:

s.write_bytes(49758817247232, "frida")

should return after it has updated the memory in the target process.