-
Notifications
You must be signed in to change notification settings - Fork 45
Home
FrenchYeti edited this page Oct 2, 2022
·
6 revisions
Welcome to the interruptor wiki!
"Interruptor" is a human-friendly interrupts hook library based on Frida's Stalker. This tool can perform some basic tasks such as system call tracing, but it is designed to do lot of more with system calls such as context tampering or to generate coverage.
| Architecture | OS | Syscall names | Args parsing | Struct/ptr args parsing | Error Code | Signals | Descriptors lookup |
|---|---|---|---|---|---|---|---|
| arm64 | Linux/Android | ✔️ | ✔️ | 20% | 30% | 30% | ✔️ |
| arm64 | MacOS | WiP | - | - | - | - | - |
| armv7 | Linux/Android | ✔️ | ✔️ | 0% | 0% | 0% | 0% |
| x64 | Linux/Android | ✔️ | ✔️ | 0% | 0% | 0% | 0% |
| x64 | MacOS | WiP | - | - | - | - | - |
*Important : * Interruptor behavior highly depends on the moment where the tracing starts :
- If you start to trace lot of system calls early, then it can slow down a lot the application bootstrap and cause a crash or a fatal timeout.
- If you start to late, some calls can be missing or not traced if they are trigged from another thread
- If you start from a terminal thread (a leaf) or a child process, then "follow thread" option will not be able to follow threads spawned by parent thread or processes spawned by the parent.