Find function name in Frida

Find function name in Frida

I open binary file with Ida and see function name called send_packet.

I tried to hook this function with frida

Module.findExportByName(null, "send_packet")

Or

Module.findExportByName("send_packet")

But both of them return null, so I need to use

var base =Module.findBaseAddress("your_binary_name");
var addr = base.add(0xOFFSET_HERE);

Why is that? Why if I see the function name in Ida I cannot find that with Frida?

Answer

How to Fix This

1. Use the Offset Method (Reliable for Non-Exported Functions)

Since the function isn’t exported, calculate its address using the base address + offset seen in IDA:

var base = Module.findBaseAddress("your_binary_name");
var send_packet = base.add(0x1234); // Replace 0x1234 with the offset from IDA
Interceptor.attach(send_packet, {
   onEnter: function(args) {
      console.log("send_packet called!");
   }
});

Enjoyed this article?

Check out more content on our blog or follow us on social media.

Browse more articles