Skip to main content
Glama
cbxss

frida-mcp

by cbxss
OverviewSchemaRelated ServersScoreDiscussions
Python
Local

hook_native

Hook a native function in an Android app by specifying the module name and hex offset. Collect hooked function calls and messages using get_hook_messages() for analysis.

Instructions

Hook a native function by module+offset. Messages collected via get_hook_messages().

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
moduleYesModule name (partial match ok)
offsetYesHex offset from module base (e.g., '0x1234')
nameNoOptional hook name for identification

Implementation Reference

  • src/frida_mcp/hooks.py:153-201 (handler)
    The main handler function for hook_native tool. Creates a Frida script to hook a native function by module name + offset using Interceptor.attach.
    def hook_native(module: str, offset: str, name: str = None) -> dict:
    """Hook a native function by module name + offset."""
    fs = get_session()

    hook_name = name or f"native_{module}_{offset}"

    js_code = '''
        var mod = null;
        var pattern = ''' + json.dumps(module.lower()) + ''';
        Process.enumerateModules().forEach(function(m) {
            if (m.name.toLowerCase().indexOf(pattern) !== -1) mod = m;
        });
        if (mod) {
            var addr = mod.base.add(''' + offset + ''');
            Interceptor.attach(addr, {
                onEnter: function(args) {
                    var msg = "[''' + hook_name + '''] called";
                    try {
                        var a = [];
                        for (var i = 0; i < 6; i++) {
                            a.push("arg" + i + "=" + args[i]);
                        }
                        msg += " " + a.join(", ");
                    } catch(e) {}
                    send(msg);
                },
                onLeave: function(ret) {
                    send("[''' + hook_name + '''] returned: " + ret);
                }
            });
            send("[+] Hooked " + mod.name + " @ " + addr);
        } else {
            send("[-] Module not found: ''' + module + '''");
        }
    '''

    script = fs.session.create_script(js_code)

    def on_message(message, data):
        if message["type"] == "send":
            fs.add_message(hook_name, message["payload"])
        elif message["type"] == "error":
            fs.add_message(hook_name, message["stack"], is_error=True)

    script.on("message", on_message)
    script.load()
    fs.persistent_scripts.append({"name": hook_name, "script": script})

    return {"status": "installed", "name": hook_name, "module": module, "offset": offset, "session_id": fs.id}
  • src/frida_mcp/tools.py:316-328 (schema)
    Tool definition with inputSchema for hook_native, declaring module, offset, and optional name parameters.
    Tool(
    name="hook_native",
    description="Hook a native function by module+offset. Messages collected via get_hook_messages().",
    inputSchema={
        "type": "object",
        "properties": {
            "module": {"type": "string", "description": "Module name (partial match ok)"},
            "offset": {"type": "string", "description": "Hex offset from module base (e.g., '0x1234')"},
            "name": {"type": "string", "description": "Optional hook name for identification"},
        },
        "required": ["module", "offset"],
    },
),
  • src/frida_mcp/server.py:122-123 (registration)
    Server dispatcher that routes the 'hook_native' tool name to the hooks.hook_native function call.
    elif name == "hook_native":
    return hooks.hook_native(arguments["module"], arguments["offset"], arguments.get("name"))
  • tests/test_dispatcher.py:55-55 (helper)
    Mock setup for hook_native in test dispatcher, used for testing the dispatching logic.
    hook_native=MagicMock(return_value={}),

Tool Definition Quality

A3.6/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided; description lacks details on side effects, persistence, or permissions needed for hooking.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two concise sentences with no wasted words; front-loaded with action and key dependency.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Covers main action and links to related tool; lacks return value info but schema suffices for parameters.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, and description adds no extra meaning beyond the schema descriptions for module, offset, and name.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states it hooks a native function by module and offset, distinguishing from sibling tools like android_hook_method and install_hook.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No explicit when-to-use or alternatives guidance; only implies usage via reference to get_hook_messages.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cbxss/frida-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server