replace_function
Modify game behavior by intercepting function calls to return predetermined values, enabling memory manipulation for reverse engineering and debugging purposes.
Instructions
Replace a function to always return a specific value.
Args:
address: Address of function to replace
return_value: Value to return
Returns:
Replacement status.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| address | Yes | ||
| return_value | No |
Implementation Reference
- Implements the replace_function MCP tool using Frida Interceptor.replace to override a native function to always return a specified value. Stores the hook in session state.@mcp.tool() def replace_function(address: str, return_value: Union[int, str] = 0) -> Dict[str, Any]: """ Replace a function to always return a specific value. Args: address: Address of function to replace return_value: Value to return Returns: Replacement status. """ global _session if not _session.is_attached(): return {"error": "Not attached. Use attach() first."} if address in _session.hooks: return {"error": f"Hook exists at {address}. Use unhook_function() first."} try: addr = int(address, 16) if isinstance(address, str) and address.startswith("0x") else int(address) ret_val = int(return_value, 16) if isinstance(return_value, str) and return_value.startswith("0x") else int(return_value) script_code = f""" Interceptor.replace(ptr("{hex(addr)}"), new NativeCallback(function() {{ return {ret_val}; }}, 'int', [])); send("Function replaced"); """ script = _session.session.create_script(script_code) script.on('message', lambda m, d: None) script.load() _session.hooks[address] = HookInfo( address=address, script=script, hook_type="replace", description=f"Returns {ret_val}" ) return {"success": True, "address": address, "return_value": ret_val} except Exception as e: return {"error": f"Failed to replace function: {str(e)}"}