Hacking

Architecture

Porting

The first step is setting up the build system. Let’s assume you’re about to port Frida to run on Linux/MIPS. As Frida already supports Linux, all we need to do is add the architecture-specific bits.

Porting the build system

Depending on the architecture, you may need to tweak releng/machine_spec.py. Review the generated machine file in build/, e.g. build/frida-linux-mips.txt, to make sure the toolchain is configured correctly.

Building frida-gum

This is the lowest level component and where most of the porting effort is typically needed. To build it, run:

$ git clone https://github.com/frida/frida-gum.git
$ cd frida-gum
$ make

This will probably not succeed, but should at least get the environment set up.

Once you get the code to compile, it’s time to focus on getting tests passing:

$ make test

You can also run a single test, e.g.

$ FRIDA_TEST_OPTIONS="--test-args='-p /Core/Process/process_modules' -v" make test

Porting frida-gum

Add the directory gum/backend-mips by duplicating for example gum/backend-arm64, and then search-replace everything. The important part to port here is guminterceptor-mips.c and gumspinlock-mips.c. You should leave gumstalker-mips.c as a stub, as it’s an advanced feature that takes a lot of effort to port.

Building frida-core

Now that frida-gum works, it’s time to repeat the same process for frida-core.

Porting frida-core

This should only be a matter of porting the injector. The implementation is here and the recommended approach is to follow the #if X86 breadcrumbs to port the architecture-specific bits. For a walkthrough of the Linux injector, check out our presentation here.