Linux command
frida-trace 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Trace
frida-trace -i "[pattern]" [process_name]
Trace
frida-trace -I "[module]" [process_name]
Trace Objective-C
frida-trace -m "[pattern]" [process_name]
Trace Java
frida-trace -U -f [com.example.app] -j "[pattern]"
Spawn
frida-trace -T -f [/path/to/binary]
Trace
frida-trace -p [pid] -a "[module]![0xoffset]"
Trace
frida-trace -U --decorate -i "[pattern]" [app_name]
Attach
frida-trace -U -F -i "[pattern]"
说明
frida-trace is a tool for dynamically tracing function calls in running processes. It can hook native functions (C/C++), Objective-C methods, Swift functions, and Java methods, logging their invocation with arguments and return values. When you trace a function, frida-trace auto-generates JavaScript handler stubs in a \_\_handlers\_\_/ directory that you can customize to log arguments, modify return values, or implement arbitrary instrumentation logic. If a handler file already exists, it will not be overwritten. The include (-i, -I) and exclude (-x, -X) options are procedural; each operates on the current working set of functions, so their order matters.
参数
- -i _FUNCTION_, --include _FUNCTION_
- Include MODULE!FUNCTION (glob pattern)
- -x _FUNCTION_, --exclude _FUNCTION_
- Exclude MODULE!FUNCTION (glob pattern)
- -I _MODULE_, --include-module _MODULE_
- Include all functions in MODULE (glob pattern)
- -X _MODULE_, --exclude-module _MODULE_
- Exclude all functions in MODULE (glob pattern)
- -a _MODULE!OFFSET_, --add _MODULE!OFFSET_
- Add function at OFFSET in MODULE (for stripped binaries)
- -T, --include-imports
- Include the program's imports
- -t _MODULE_, --include-module-imports _MODULE_
- Include MODULE's imports
- -m _METHOD_, --include-objc-method _METHOD_
- Include Objective-C METHOD (glob pattern)
- -M _METHOD_, --exclude-objc-method _METHOD_
- Exclude Objective-C METHOD (glob pattern)
- -y _FUNC_, --include-swift-func _FUNC_
- Include Swift FUNC (glob pattern)
- -Y _FUNC_, --exclude-swift-func _FUNC_
- Exclude Swift FUNC (glob pattern)
- -j _METHOD_, --include-java-method _METHOD_
- Include Java METHOD (glob pattern)
- -J _METHOD_, --exclude-java-method _METHOD_
- Exclude Java METHOD (glob pattern)
- -d, --decorate
- Add module name to generated onEnter log statement
- -q, --quiet
- Do not format output messages
- -o _FILE_, --output _FILE_
- Dump messages to file
- -S _PATH_, --init-session _PATH_
- Path to JavaScript file used to initialize session
- -s _DEBUG_SYMBOL_, --include-debug-symbol _DEBUG_SYMBOL_
- Include DEBUG_SYMBOL (glob pattern)
- -f _TARGET_, --file _TARGET_
- Spawn FILE as a new process
- -F, --attach-frontmost
- Attach to frontmost application
- -n _NAME_, --attach-name _NAME_
- Attach to process by name
- -N _IDENTIFIER_, --attach-identifier _IDENTIFIER_
- Attach to process by identifier
- -p _PID_, --attach-pid _PID_
- Attach to process by PID
- -W _PATTERN_, --await _PATTERN_
- Await spawn matching PATTERN
FAQ
What is the frida-trace command used for?
frida-trace is a tool for dynamically tracing function calls in running processes. It can hook native functions (C/C++), Objective-C methods, Swift functions, and Java methods, logging their invocation with arguments and return values. When you trace a function, frida-trace auto-generates JavaScript handler stubs in a \_\_handlers\_\_/ directory that you can customize to log arguments, modify return values, or implement arbitrary instrumentation logic. If a handler file already exists, it will not be overwritten. The include (-i, -I) and exclude (-x, -X) options are procedural; each operates on the current working set of functions, so their order matters.
How do I run a basic frida-trace example?
Run `frida-trace -i "[pattern]" [process_name]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -i _FUNCTION_, --include _FUNCTION_ do in frida-trace?
Include MODULE!FUNCTION (glob pattern)