We will read a method that has two arguments. For this purpose, we will write a sample program to call [fileManager fileExistsAtPath: isDirectory:].
We will also use FRIDA's REPL to get the method pointer differently.
int main(int arg...
Tools used: radare2 for disassembly, Frida for instrumentation.
Note: This is post is written from my understanding of the q3vm and is not meant to be a throughout explanation of it.
If you want a more detailed, accurate description of is internals...
Note: This is a quick blog post to answer the issue of an user from the FRIDA IRC / telegram channel.
In this case what we want to do is to hook the SearchPathW WINAPI:
We are able to read function arguments with FRIDA using the args:NativePointer array. However, this is not possible with arguments that are not simple types such as structs.
Where can we find structs? We can find structs in the Unix time libraries ...