function hook triggered dumping

README.md

@@ -21,6 +21,8 @@ The following are the main flags that can be used with fridump:
       -r, --read-only    dump read-only parts of memory. More data, more errors
       -s, --strings      run strings on all dump files. Saved in output dir.
       --max-size bytes   maximum size of dump file in bytes (def: 20971520)
+      --hook pattern     ApiResolver pattern specifying functions to hook with memory dumping action
+      -n, --count        maximum number of dumps to take
 
 To find the name of a local process, you can use:
 
@@ -34,7 +36,8 @@ Examples:
       fridump -u Safari   -   Dump the memory of an iOS device associated with the Safari app
       fridump -u -s com.example.WebApp   -  Dump the memory of an Android device and run strings on all dump files
       fridump -r -o [full_path]  -  Dump the memory of a local application and save it to the specified directory
-
+      fridump -n 3 --hook 'imports:*!write' - dump memory whenever an imported 'write' function is executed, limit to 3 times.
+
 More examples can be found [here](http://pentestcorner.com/introduction-to-fridump/)
 
 Installation

dumper.py

@@ -1,39 +1,39 @@
-import os
-import logging
-
-# Reading bytes from session and saving it to a file
-
-def dump_to_file(session,base,size,error,directory):
-        try:
-                filename = str(hex(base))+'_dump.data'
-                dump =  session.read_bytes(base, size)
-                f = open(os.path.join(directory,filename), 'wb')
-                f.write(dump)
-                f.close()
-                return error
-        except:
-               print "Oops, memory access violation!"
-
-               return error
-
-#Read bytes that are bigger than the max_size value, split them into chunks and save them to a file
-
-def splitter(session,base,size,max_size,error,directory):
-        times = size/max_size
-        diff = size % max_size
-        if diff is 0:
-            logging.debug("Number of chunks:"+str(times+1))
-        else:
-            logging.debug("Number of chunks:"+str(times))
-        global cur_base
-        cur_base = base
-
-        for time in range(times):
-                logging.debug("Save bytes: "+str(hex(cur_base))+" till "+str(hex(cur_base+max_size)))
-                dump_to_file(session, cur_base, max_size, error, directory)
-                cur_base = cur_base + max_size
-
-        if diff is not 0:
-            logging.debug("Save bytes: "+str(hex(cur_base))+" till "+str(hex(cur_base+diff)))
-            dump_to_file(session, cur_base, diff, error, directory)
-
+import os
+import logging
+
+# Reading bytes from session and saving it to a file
+
+def dump_to_file(session,base,size,error,directory):
+        try:
+                filename = str(hex(base))+'_dump.data'
+                dump =  session.read_bytes(base, size)
+                f = open(os.path.join(directory,filename), 'wb')
+                f.write(dump)
+                f.close()
+                return error
+        except:
+               print("Oops, memory access violation!")
+
+               return error
+
+#Read bytes that are bigger than the max_size value, split them into chunks and save them to a file
+
+def splitter(session,base,size,max_size,error,directory):
+        times = int(size/max_size)
+        diff = size % max_size
+        if diff is 0:
+            logging.debug("Number of chunks:"+str(times+1))
+        else:
+            logging.debug("Number of chunks:"+str(times))
+        global cur_base
+        cur_base = base
+
+        for time in range(times):
+                logging.debug("Save bytes: "+str(hex(cur_base))+" till "+str(hex(cur_base+max_size)))
+                dump_to_file(session, cur_base, max_size, error, directory)
+                cur_base = cur_base + max_size
+
+        if diff is not 0:
+            logging.debug("Save bytes: "+str(hex(cur_base))+" till "+str(hex(cur_base+diff)))
+            dump_to_file(session, cur_base, diff, error, directory)
+