leo/usbFilter
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-07-17. You can view files and clone it, but cannot push or open issues or pull requests.
dev
usbFilter/testScripts/libusb/testSubmit.js

211 lines
9.3 KiB
JavaScript
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

console.log("Starting libusb_submit_transfer hook script...");
// libusb_transfer结构体定义 (根据libusb源码)
/*
struct libusb_transfer {
libusb_device_handle *dev_handle; // 0x00
uint8_t flags; // 0x08 (64位) / 0x04 (32位)
unsigned char endpoint; // 0x09 / 0x05
unsigned char type; // 0x0A / 0x06
unsigned int timeout; // 0x0C / 0x08
enum libusb_transfer_status status; // 0x10 / 0x0C
int length; // 0x14 / 0x10
int actual_length; // 0x18 / 0x14
libusb_transfer_cb_fn callback; // 0x20 / 0x18
void *user_data; // 0x28 / 0x1C
unsigned char *buffer; // 0x30 / 0x20
int num_iso_packets; // 0x38 / 0x24
struct libusb_iso_packet_descriptor iso_packet_desc[0]; // 0x40 / 0x28
};
*/
// 传输类型枚举
const LIBUSB_TRANSFER_TYPE = {
0: "LIBUSB_TRANSFER_TYPE_CONTROL",
1: "LIBUSB_TRANSFER_TYPE_ISOCHRONOUS",
2: "LIBUSB_TRANSFER_TYPE_BULK",
3: "LIBUSB_TRANSFER_TYPE_INTERRUPT"
};
// 传输状态枚举
const LIBUSB_TRANSFER_STATUS = {
0: "LIBUSB_TRANSFER_COMPLETED",
1: "LIBUSB_TRANSFER_ERROR",
2: "LIBUSB_TRANSFER_TIMED_OUT",
3: "LIBUSB_TRANSFER_CANCELLED",
4: "LIBUSB_TRANSFER_STALL",
5: "LIBUSB_TRANSFER_NO_DEVICE",
6: "LIBUSB_TRANSFER_OVERFLOW"
};
// 传输标志
const LIBUSB_TRANSFER_FLAGS = {
1: "LIBUSB_TRANSFER_SHORT_NOT_OK",
2: "LIBUSB_TRANSFER_FREE_BUFFER",
4: "LIBUSB_TRANSFER_FREE_TRANSFER",
8: "LIBUSB_TRANSFER_ADD_ZERO_PACKET"
};
function parseTransferFlags(flags) {
var flagStrings = [];
for (var flag in LIBUSB_TRANSFER_FLAGS) {
if (flags & parseInt(flag)) {
flagStrings.push(LIBUSB_TRANSFER_FLAGS[flag]);
}
}
return flagStrings.length > 0 ? flagStrings.join(" | ") : "None";
}
function dumpBuffer(buffer, length, maxBytes = 64) {
if (!buffer || buffer.isNull()) {
console.log("Buffer is NULL");
return;
}
try {
var nLen = length.toInt32 ? length.toInt32() : parseInt(length);
var bytesToPrint = Math.min(nLen, maxBytes);
if (buffer && nLen > 0) {
console.log("数据十六进制输出(前" + bytesToPrint + "字节):");
// 最原始的读取方法
var hexOutput = "";
for (var i = 0; i < bytesToPrint; i++) {
try {
// 尝试使用ptr对象的属性
var byteValue = buffer.add(i).readU8();
var hexByte = byteValue.toString(16).padStart(2, "0");
hexOutput += hexByte + " ";
if ((i + 1) % 16 === 0) {
hexOutput += "\n";
}
} catch (readErr) {
console.log("读取字节" + i + "时出错:", readErr);
break;
}
}
console.log(hexOutput);
if (nLen > maxBytes) {
console.log("... (truncated, showing " + bytesToPrint + " of " + nLen + " bytes)");
}
} else {
console.log('buffer 指针无效 或 length <= 0');
}
} catch (e) {
console.log('读取buffer时出错:', e);
console.log('错误详情:', e.stack || e.toString());
}
}
// Hook libusb_submit_transfer
const submit_transfer_symbol = DebugSymbol.fromName("libusb_submit_transfer");
console.log("libusb_submit_transfer symbol info:", submit_transfer_symbol);
if (submit_transfer_symbol && submit_transfer_symbol.address && !submit_transfer_symbol.address.isNull()) {
Interceptor.attach(submit_transfer_symbol.address, {
onEnter: function(args) {
console.log("\n================================");
console.log("[LIBUSB] libusb_submit_transfer called");
console.log("================================");
var transfer = args[0];
if (!transfer || transfer.isNull()) {
console.log("Transfer structure is NULL!");
return;
}
try {
// 检测系统架构
var ptrSize = Process.pointerSize;
var is64bit = (ptrSize === 8);
// 根据实际的libusb_transfer结构体布局调整偏移量
// 64位系统的正确偏移量
if (is64bit) {
var dev_handle = transfer.readPointer(); // 0x00
var flags = transfer.add(8).readU8(); // 0x08
var endpoint = transfer.add(9).readU8(); // 0x09
var type = transfer.add(10).readU8(); // 0x0A
var timeout = transfer.add(12).readU32(); // 0x0C
var status = transfer.add(16).readU32(); // 0x10
var length = transfer.add(20).readU32(); // 0x14
var actual_length = transfer.add(24).readU32(); // 0x18
var callback = transfer.add(32).readPointer(); // 0x20
var user_data = transfer.add(40).readPointer(); // 0x28
var buffer = transfer.add(48).readPointer(); // 0x30
var num_iso_packets = transfer.add(56).readU32(); // 0x38
} else {
// 32位系统的偏移量
var dev_handle = transfer.readPointer(); // 0x00
var flags = transfer.add(4).readU8(); // 0x04
var endpoint = transfer.add(5).readU8(); // 0x05
var type = transfer.add(6).readU8(); // 0x06
var timeout = transfer.add(8).readU32(); // 0x08
var status = transfer.add(12).readU32(); // 0x0C
var length = transfer.add(16).readU32(); // 0x10
var actual_length = transfer.add(20).readU32(); // 0x14
var callback = transfer.add(24).readPointer(); // 0x18
var user_data = transfer.add(28).readPointer(); // 0x1C
var buffer = transfer.add(32).readPointer(); // 0x20
var num_iso_packets = transfer.add(36).readU32(); // 0x24
}
console.log("Transfer Structure Details:");
console.log(" - Architecture: " + (is64bit ? "64-bit" : "32-bit"));
console.log(" - Transfer Address: " + transfer);
console.log(" - Device Handle: " + dev_handle);
console.log(" - Flags: 0x" + flags.toString(16) + " (" + parseTransferFlags(flags) + ")");
console.log(" - Endpoint: 0x" + endpoint.toString(16) + " (" +
(endpoint & 0x80 ? "IN" : "OUT") + ", EP" + (endpoint & 0x7F) + ")");
console.log(" - Type: " + type + " (" + (LIBUSB_TRANSFER_TYPE[type] || "Unknown") + ")");
console.log(" - Timeout: " + timeout + " ms");
console.log(" - Status: " + status + " (" + (LIBUSB_TRANSFER_STATUS[status] || "Unknown") + ")");
console.log(" - Length: " + length + " bytes");
console.log(" - Actual Length: " + actual_length + " bytes");
console.log(" - Callback: " + callback);
console.log(" - User Data: " + user_data);
console.log(" - Buffer: " + buffer);
console.log(" - Num ISO Packets: " + num_iso_packets);
// 调试打印buffer指针的具体值
console.log(" - Buffer pointer value: " + buffer.toString());
console.log(" - Buffer is null: " + buffer.isNull());
// 如果有数据缓冲区打印前64字节
if (!buffer.isNull() && length > 0) {
console.log("\nBuffer Data:");
dumpBuffer(buffer, length);
} else {
console.log("\nBuffer is null or length is 0");
console.log(" - Buffer null check: " + buffer.isNull());
console.log(" - Length: " + length);
}
// 对于同步传输,打印更多详细信息
if (num_iso_packets > 0) {
console.log("\nIsochronous Transfer - Packet Count: " + num_iso_packets);
// 可以进一步解析ISO包描述符
}
} catch (e) {
console.log("Error reading transfer structure: " + e.message);
console.log('错误详情:', e.stack || e.toString());
}
},
onLeave: function(retval) {
console.log("\n[LIBUSB] libusb_submit_transfer returned: " + retval);
if (retval.toInt32() !== 0) {
console.log(" - Error occurred during transfer submission");
}
console.log("================================\n");
}
});
console.log("Successfully hooked libusb_submit_transfer");
} else {
console.log("libusb_submit_transfer not found");
}
console.log("libusb_submit_transfer hook script loaded successfully!");
Reference in New Issue View Git Blame Copy Permalink