frida-ps

Search…
frida-ps
Frida-ps, included with the standard frida tools suite, is a helpful way of listing running apps on your target device. Out of the box, an iPhone will have hundreds of running processes at first boot. Thankfully, frida-ps provides several command line options to make this process easier.
Remember to utilize the-U flag to tell Frida you want to see apps on the device connected via USB / emulator. If you don't, you'll instead see processes running on your host machine.
Examples:
List running apps (-a)
List all installed apps (-a -i)
List all running processes
1
C:\>frida-ps -U -a
2
  PID  Name                      Identifier
3
-----  ------------------------  ---------------------------------------
4
 1797  AnalyticsService          org.android_x86.analytics
5
 1411  Android Keyboard (AOSP)   com.android.inputmethod.latin
6
 6765  Android Setup             com.google.android.setupwizard
7
 1285  Android System            android
8
20054  Blocked Numbers Storage   com.android.providers.blockednumber
9
20054  Contacts Storage          com.android.providers.contacts
10
19534  Download Manager          com.android.providers.downloads
11
 5617  ES File Explorer          com.estrongs.android.pop
12
 5438  External Storage          com.android.externalstorage
13
 5399  Files                     com.android.documentsui
14
 1285  Fused Location            com.android.location.fused
15
 5102  Gallery                   com.android.gallery3d
16
 1792  Google App                com.google.android.googlequicksearchbox
17
15496  Google Partner Setup      com.google.android.partnersetup
18
 6219  Google Play Store         com.android.vending
19
 1874  Google Play services      com.google.android.gms
20
 6274  Google Services Framew…   com.google.android.gsf
21
20089  MTP Host                  com.android.mtp
22
19534  Media Storage             com.android.providers.media
23
 1510  Mobile Data               com.android.phone
24
 1510  Mobile Network Configur…  com.android.providers.telephony
25
 5477  Package installer         com.google.android.packageinstaller
26
 6551  Photo Vault               com.enchantedcloud.photovault
27
 1832  Quickstep                 com.android.launcher3
28
 1285  Settings Storage          com.android.providers.settings
29
 1422  System UI                 com.android.systemui
30
 3360  Terminal Emulator         com.termoneplus
31
20054  User Dictionary           com.android.providers.userdictionary 
Copied!
1
C:\>frida-ps -U -a -i
2
  PID  Name                         Identifier
3
-----  ---------------------------  ----------------------------------------------------
4
 1797  AnalyticsService             org.android_x86.analytics
5
 1411  Android Keyboard (AOSP)      com.android.inputmethod.latin
6
 6765  Android Setup                com.google.android.setupwizard
7
 1285  Android System               android
8
20054  Blocked Numbers Storage      com.android.providers.blockednumber
9
20054  Contacts Storage             com.android.providers.contacts
10
19534  Download Manager             com.android.providers.downloads
11
 5617  ES File Explorer             com.estrongs.android.pop
12
 5438  External Storage             com.android.externalstorage
13
 5399  Files                        com.android.documentsui
14
 1285  Fused Location               com.android.location.fused
15
 5102  Gallery                      com.android.gallery3d
16
 1792  Google App                   com.google.android.googlequicksearchbox
17
15496  Google Partner Setup         com.google.android.partnersetup
18
 6219  Google Play Store            com.android.vending
19
 1874  Google Play services         com.google.android.gms
20
 6274  Google Services Framew…      com.google.android.gsf
21
20089  MTP Host                     com.android.mtp
22
19534  Media Storage                com.android.providers.media
23
 1510  Mobile Data                  com.android.phone
24
 1510  Mobile Network Configur…     com.android.providers.telephony
25
 5477  Package installer            com.google.android.packageinstaller
26
 6551  Photo Vault                  com.enchantedcloud.photovault
27
 1832  Quickstep                    com.android.launcher3
28
 1285  Settings Storage             com.android.providers.settings
29
 1422  System UI                    com.android.systemui
30
 3360  Terminal Emulator            com.termoneplus
31
20054  User Dictionary              com.android.providers.userdictionary
32
    -  Android Easter Egg           com.android.egg
33
    -  Android Services Library     com.google.android.ext.services
34
    -  Android Setup                com.google.android.apps.restore
35
    -  Android Shared Library       com.google.android.ext.shared
36
    -  Android System WebView       com.google.android.webview
37
    -  Basic Daydreams              com.android.dreams.basic
38
    -  Bluetooth                    com.android.bluetooth
39
    -  Bluetooth MIDI Service       com.android.bluetoothmidiservice
40
    -  Bookmark Provider            com.android.bookmarkprovider
41
    -  BusyBox Free                 stericson.busybox
42
    -  Calculator                   com.android.calculator2
43
    -  Calendar                     com.android.calendar
44
    -  Calendar Storage             com.android.providers.calendar
45
    -  Calibration                  org.zeroxlab.util.tscal
46
    -  Call Log Backup/Restore      com.android.calllogbackup
47
    -  Camera                       com.android.camera2
48
    -  CaptivePortalLogin           com.android.captiveportallogin
49
    -  CarrierDefaultApp            com.android.carrierdefaultapp
50
    -  Cell Broadcasts              com.android.cellbroadcastreceiver
51
    -  Certificate Installer        com.android.certinstaller
52
    -  Chrome                       com.android.chrome
53
    -  Clock                        com.android.deskclock
54
    -  Companion Device Mana…       com.android.companiondevicemanager
55
    -  Contacts                     com.android.contacts
56
    -  Corner display cutout        com.android.internal.display.cutout.emulation.corner
57
    -  Dark                         com.android.systemui.theme.dark
58
    -  Default Print Service        com.android.bips
59
    -  Dev Tools                    com.android.development
60
    -  Double display cutout        com.android.internal.display.cutout.emulation.double
61
    -  Downloads                    com.android.providers.downloads.ui
62
    -  Emergency information        com.android.emergency
63
    -  Gmail                        com.google.android.gm
64
    -  Google Account Manager       com.google.android.gsf.login
65
    -  Google Backup Transport      com.google.android.backuptransport
66
    -  Google Calendar Sync         com.google.android.syncadapters.calendar
67
    -  Google Contacts Sync         com.google.android.syncadapters.contacts
68
    -  Google One Time Init         com.google.android.onetimeinitializer
69
    -  HTML Viewer                  com.android.htmlviewer
70
    -  Input Devices                com.android.inputdevices
71
    -  Intent Filter Verification…  com.android.statementservice
72
    -  Key Chain                    com.android.keychain
73
    -  Live Wallpaper Picker        com.android.wallpaper.livepicker
74
    -  Market Feedback Agent        com.google.android.feedback
75
    -  MmsService                   com.android.mms.service
76
    -  Music                        org.lineageos.eleven
77
    -  NotePad                      com.example.android.notepad
78
    -  PacProcessor                 com.android.pacprocessor
79
    -  Package Access Helper        com.android.defcontainer
80
    -  Phone                        com.android.dialer
81
    -  Print Service Recommen…      com.google.android.printservice.recommendation
82
    -  Print Spooler                com.android.printspooler
83
    -  ProxyHandler                 com.android.proxyhandler
84
    -  RSS Reader                   com.example.android.rssreader
85
    -  Settings                     com.android.settings
86
    -  Settings Suggestions         com.android.settings.intelligence
87
    -  Shell                        com.android.shell
88
    -  Sim App Dialog               com.android.simappdialog
89
    -  Simple message receiver      com.android.basicsmsreceiver
90
    -  Storage Manager              com.android.storagemanager
91
    -  SuperSU                      eu.chainfire.supersu
92
    -  System Tracing               com.android.traceur
93
    -  Tall display cutout          com.android.internal.display.cutout.emulation.tall
94
    -  Taskbar                      com.farmerbb.taskbar.androidx86
95
    -  VpnDialogs                   com.android.vpndialogs
96
    -  Work profile setup           com.android.managedprovisioning
97
    -  com.android.backupcon…       com.android.backupconfirm
98
    -  com.android.carrierconfig    com.android.carrierconfig
99
    -  com.android.cts.ctsshim      com.android.cts.ctsshim
100
    -  com.android.cts.priv.cts…    com.android.cts.priv.ctsshim
101
    -  com.android.providers.p…     com.android.providers.partnerbookmarks
102
    -  com.android.sharedstor…      com.android.sharedstoragebackup
103
    -  com.android.wallpaperb…      com.android.wallpaperbackup
104
    -  com.android.wallpapercr…     com.android.wallpapercropper
105
    -  com.android.wallpaperpi…     com.android.wallpaperpicker
106
    -  com.google.android.gms…      com.google.android.gms.setup      
Copied!
1
C:\>frida-ps -U
2
  PID  Name
3
-----  --------------------------------------------------
4
 3678  adbd
5
 1130  [email protected]
6
 1131  [email protected]
7
 1132  [email protected]
8
 1133  [email protected]
9
 1134  [email protected]
10
 1135  [email protected]
11
 1136  [email protected]
12
 1137  [email protected]
13
 1138  [email protected]
14
 1139  [email protected]
15
 1140  [email protected]
16
 1128  [email protected]
17
20054  android.process.acore
18
19534  android.process.media
19
 1141  audioserver
20
 1148  cameraserver
21
 6622  com.android.chrome:sandboxed_process0
22
 5399  com.android.documentsui
23
 5438  com.android.externalstorage
24
 5102  com.android.gallery3d
25
 1411  com.android.inputmethod.latin
26
 1832  com.android.launcher3
27
20089  com.android.mtp
28
 1510  com.android.phone
29
 1422  com.android.systemui
30
 6219  com.android.vending
31
 6551  com.enchantedcloud.photovault
32
 5617  com.estrongs.android.pop
33
 1874  com.google.android.gms
34
 1768  com.google.android.gms.persistent
35
 6835  com.google.android.gms.unstable
36
 1792  com.google.android.googlequicksearchbox:interactor
37
18157  com.google.android.googlequicksearchbox:search
38
 5477  com.google.android.packageinstaller
39
15496  com.google.android.partnersetup
40
 6765  com.google.android.setupwizard
41
 6274  com.google.process.gservices
42
 3360  com.termoneplus
43
 1149  drmserver
44
11689  frida-helper-32
45
11670  frida-server
46
 1162  gatekeeperd
47
 1129  healthd
48
 1059  hwservicemanager
49
 1150  incidentd
50
    1  init
51
 1044  init
52
 1045  init
53
 1151  installd
54
 1189  ip6tables-restore
55
 1188  iptables-restore
56
 1152  keystore
57
 6024  libestool2.so
58
 1142  lmkd
59
11672  logcat
60
 1057  logd
61
 1181  mdnsd
62
 1160  media.codec
63
 1154  media.extractor
64
 1155  media.metrics
65
 1153  mediadrmserver
66
 1156  mediaserver
67
 1124  netd
68
 1797  org.android_x86.analytics
69
 1163  perfprofd
70
 1161  rild
71
 1058  servicemanager
72
 1145  sh
73
 3388  sh
74
 3424  sh
75
11667  sh
76
 1157  statsd
77
 1158  storaged
78
 1147  su
79
 3405  su
80
 3406  su
81
 3411  su
82
 3418  su
83
 1143  surfaceflinger
84
 1285  system_server
85
 1144  thermalserviced
86
 1164  tombstoned
87
 1046  ueventd
88
 1102  v86d
89
 1060  vndservicemanager
90
 1117  vold
91
 1458  webview_zygote
92
 1159  wificond
93
 1406  wpa_supplicant
94
 1126  zygote
95
 1125  zygote64
Copied!
Locating an app with frida-ps
Locate a specific app using frida-ps
If you are finding yourself needing to know an app's identifier, frida-ps can be a good way to find it. It will also get us the application's current Process ID (PID) if it's running.
On your host machine, open a Command Prompt. 
Type frida-ps -U -a. These switches will limit our list greatly and make it easier to spot our target.
For more info on frida-ps, see frida-ps.
In the case of Photo Vault, the bundle identifier is com.enchantedcloud.photovault. You may optionally note down the PID (Process ID) however, the application identifier is primarily what we are after since we may re-launch the app several times throughout the lab (resulting in a different PID).
Great, now we’ve established our application identifier, and can see that it is running. We also know that since frida-ps gave us the data we needed, we indeed have connectivity between the host machine and frida-server on the device (or emulator).
Frida-tools Reference - Previous
frida
Next - Frida-tools Reference
frida-trace
Last modified 2yr ago
Copy link
Contents
Locate a specific app using frida-ps