-
Notifications
You must be signed in to change notification settings - Fork 35
That Hooker Got NIDs
dots-tb edited this page Mar 27, 2018
·
1 revision
Dependencies: zlib, libyaml
Run: ./THGN binary <all/library_name/exports/imports> <kernel/user> db.yml <sys:1/0>
Options:
All: Every NID will be hooked. This will try to hook as an export at first, then attempt hook it as an import.
Library_name: Every NID of a library (such as “SceCtrl”) within the module specified will be hooked. This will try to hook as an export at first, then attempt hook it as an import.
Exports: Every export NID will be hooked.
Imports: Every import NID will be hooked.
Kernel: The generated code will work in kernel space.
User: The generated code will work in user space.
Sys: You may choose 1 or 0 to enable or disable syscall mode. You may omit this argument. Some functions will not log unless it enters syscall mode. If you do not see anything within your logs, you may try this option. Try not to use it.