frida-mcp-workflow

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Frida MCP Workflow

Frida MCP 工作流

Run these phases in order. Do not skip phases.

按顺序执行以下阶段，请勿跳过任何阶段。

Phase 1: Idea

阶段1：构思

Define target: process/app identifier, platform, and session type.
Define objective: what signal/result must be observed.
Query docs before function use: call
```
search_frida_docs
```
for each non-trivial API/runtime assumption.
Record 2-5
```
Doc facts used
```
bullets before scripting.
Assume Frida 17 semantics only. Do not use Frida 16 assumptions.

Hard stop:

If docs are missing or ambiguous, narrow the query and retry before scripting.

定义目标：进程/应用标识符、平台以及会话类型。
定义目标：必须观测到的信号/结果。
使用函数前查阅文档：对于每个非基础的API/运行时假设，调用
```
search_frida_docs
```
。
编写脚本前记录2-5条“使用的文档事实”要点。
仅基于Frida 17的语义进行操作，请勿沿用Frida 16的假设。

强制终止条件：

如果文档缺失或表述模糊，请缩小查询范围并重试，之后再进行脚本编写。

Phase 2: Scripting

阶段2：脚本编写

Prefer saved files over inline scripts.
Allow inline only for short, read-only probes.
For hook scripts, require file-based scripts and
```
load_script
```
.
Declare
```
script_id
```
, purpose, and explicit target list (module/symbol or class/method).
Add idempotence guard to prevent duplicate install.
Define teardown path (
```
uninstall
```
RPC export or equivalent).

Script policy:

If script is more than 25 lines or writes hooks, save it to a file.
If modifying existing behavior, include rollback logic in the script.

优先使用已保存的文件，而非内联脚本。
仅允许将内联脚本用于简短的只读探针。
对于钩子脚本，要求使用基于文件的脚本并调用
```
load_script
```
。
声明
```
script_id
```
、用途以及明确的目标列表（模块/符号或类/方法）。
添加幂等性防护，防止重复安装。
定义清理路径（
```
uninstall
```
RPC导出或等效方式）。

脚本规范：

如果脚本超过25行或包含钩子逻辑，请将其保存为文件。
如果要修改现有行为，请在脚本中包含回滚逻辑。

Phase 3: Execution

阶段3：执行

Preflight checks before load/execute:
- session exists and is alive
- loaded scripts are listed
- target overlap is checked
If overlap exists, unload/replace old script before loading new one.
Do not attach multiple scripts to the same target unless explicitly intentional.
Prefer one script per purpose (probe, hook, tracer).

Failure handling:

On
```
Java is not defined
```
, stop retries and re-check docs/runtime assumptions.
On attach/spawn failures, run diagnostics before retrying instrumentation.
On oversized docs output, reduce query scope or paginate; do not guess.

加载/执行前的预检：
- 会话已存在且处于活跃状态
- 已加载脚本已被列出
- 已检查目标重叠情况
如果存在重叠，请先卸载/替换旧脚本，再加载新脚本。
除非有明确的意图，否则请勿为同一目标附加多个脚本。
优先为每个用途（探针、钩子、追踪器）单独编写一个脚本。

故障处理：

出现
```
Java is not defined
```
错误时，停止重试并重新检查文档/运行时假设。
出现附加/启动失败时，先运行诊断再重试插桩操作。
若文档输出过大，请缩小查询范围或分页，请勿猜测。

Phase 4: Notes

阶段4：记录

Persist notes to file after each execution cycle.
Record:
- doc facts used
- script ledger (loaded/unloaded/current active)
- observed output and verification status
- errors and root cause
- cleanup status and next action
Confirm teardown is complete when ending work.

每个执行周期后将记录保存到文件。
记录内容：
- 使用的文档事实
- 脚本台账（已加载/已卸载/当前活跃）
- 观测到的输出及验证状态
- 错误及根本原因
- 清理状态及下一步操作
结束工作时确认清理已完成。

Required Response Shape

要求的响应格式

For each task, output four sections in this order:

```
Idea
```
```
Scripting
```
```
Execution
```
```
Notes
```

Do not run tool calls in

Execution

before

Idea

and

Scripting

are present.

对于每个任务，请按以下顺序输出四个部分：

```
构思
```
```
脚本编写
```
```
执行
```
```
记录
```

在完成“构思”和“脚本编写”前，请勿在“执行”阶段调用工具。