Frida Game Hacking MCP

Instructions

Implementation Reference

• src/frida_game_hacking_mcp/server.py:1662-1683 (handler)

  The handler implementation for the 'intercept_module_function' MCP tool. This function resolves the target function's address using the 'resolve_symbol' tool and then hooks it by calling the 'hook_function' tool.
  @mcp.tool() def intercept_module_function(module_name: str, function_name: str, on_enter: str = "", on_leave: str = "") -> Dict[str, Any]: """ Hook a function by module and function name. Args: module_name: Name of the module (e.g., "game.dll") function_name: Name of the exported function on_enter: JavaScript for onEnter on_leave: JavaScript for onLeave Returns: Hook status with resolved address. """ result = resolve_symbol(module_name, function_name) if "error" in result: return result return hook_function(result["address"], on_enter, on_leave, f"{module_name}!{function_name}")
• src/frida_game_hacking_mcp/server.py:1454-1494 (helper)

  Helper tool 'resolve_symbol' used by 'intercept_module_function' to find the address of the exported function in the specified module using Frida's Module.findExportByName.
  def resolve_symbol(module_name: str, symbol_name: str) -> Dict[str, Any]: """ Resolve a symbol to its address. Args: module_name: Name of the module containing the symbol symbol_name: Name of the symbol/function Returns: Address of the symbol. """ global _session if not _session.is_attached(): return {"error": "Not attached. Use attach() first."} try: script_code = f""" var addr = Module.findExportByName("{module_name}", "{symbol_name}"); send(JSON.stringify(addr ? {{address: addr.toString()}} : {{error: "Symbol not found"}})); """ result_data = [] def on_message(message, data): if message['type'] == 'send': result_data.append(message['payload']) script = _session.session.create_script(script_code) script.on('message', on_message) script.load() script.unload() import json result = json.loads(result_data[0]) if result_data else {"error": "No response"} result["module"] = module_name result["symbol"] = symbol_name return result except Exception as e: return {"error": f"Failed to resolve symbol: {str(e)}"}
• src/frida_game_hacking_mcp/server.py:1500-1555 (helper)

  Core helper 'hook_function' that actually installs the Frida Interceptor hook at the given address with provided onEnter/onLeave JavaScript callbacks. Called by 'intercept_module_function' after address resolution.
  @mcp.tool() def hook_function(address: str, on_enter: str = "", on_leave: str = "", description: str = "") -> Dict[str, Any]: """ Hook a function at the specified address. Args: address: Address to hook (hex string) on_enter: JavaScript code for onEnter (has access to 'args' array) on_leave: JavaScript code for onLeave (has access to 'retval') description: Optional description Returns: Hook status. """ global _session if not _session.is_attached(): return {"error": "Not attached. Use attach() first."} if address in _session.hooks: return {"error": f"Hook exists at {address}. Use unhook_function() first."} try: addr = int(address, 16) if address.startswith("0x") else int(address) # Use empty statement if no code provided (comment would break JS syntax) on_enter_code = on_enter.strip() if on_enter else "" on_leave_code = on_leave.strip() if on_leave else "" script_code = f""" Interceptor.attach(ptr("{hex(addr)}"), {{ onEnter: function(args) {{ {on_enter_code} }}, onLeave: function(retval) {{ {on_leave_code} }} }}); send("Hook installed"); """ def on_message(message, data): if message['type'] == 'error': logger.error(f"Hook error: {message}") script = _session.session.create_script(script_code) script.on('message', on_message) script.load() _session.hooks[address] = HookInfo( address=address, script=script, hook_type="intercept", description=description or f"Hook at {address}" ) return {"success": True, "address": address, "message": f"Hook installed at {address}"} except Exception as e: return {"error": f"Failed to install hook: {str(e)}"}