Overwrite or duplicate ?

Almost all Frida methods that modify files can be chosen to overwrite or to duplicate the input file. Overwriting the input is also designated as “in-place operation”.

There is no difference in execution speed between overwriting and duplicating mode. It is merely a question of workspace management. Duplicating files to often makes it difficult to keep track. When working on very large files, it may also exceed RAM, so that the system begins swapping. On the other hand, many operations are irreversible within Frida. If a file is overwritten accidentally, it may be necessary to redo an entire Frida session.

For these reasons, every Frida method has a suitably chosen default policy: Irreversible data modifications duplicate the input by default; methods that can easily be reverted overwrite their input.

The default behaviour can be overwritten by a command postfix. Use ! to force overwriting. Example:

  • 2 oi! y[,,0]

Without the postfix !, oi would duplicate.