Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

findExportByName is cleaning up injected module #177

Open
Xoffio opened this issue Nov 6, 2024 · 0 comments
Open

findExportByName is cleaning up injected module #177

Xoffio opened this issue Nov 6, 2024 · 0 comments

Comments

@Xoffio
Copy link
Contributor

Xoffio commented Nov 6, 2024

Hi!

I am loading a js script and then injecting a lib into a program.

...
        // Load the script into the target process.
        session.create_script(script_source, &mut script_option);
        script.load();

        println!("[*] Script loaded.");
...
        let injected_id = match frida_cmds_handle_error(
            local_device_for_inj.inject_library_file_sync(
                pid,
                &inj_lib_path,
                "injected",
                Vec::new(),
            ),
            &cmd_res_tx,
            false,
        ) {
            Some(id) => id,
            None => continue,
        };
        println!("[*] Injected library: {}", injected_id);
...

I want to leave the injected lib loaded at all times to send commands to it.

I want to send commands to it by having a function in my Js script, so I can call the function in the injected lib. Like this:

function callFn(modPath, fnName) {
	// Get the address of the function
	var fn_addr = Module.findExportByName(modPath, fnName);

	// Create the function
	var fn = new NativeFunction(ptr(fn_addr), 'void', []);

	// Call the function
	fn();
}

I noticed that every time I do Module.findExportByName or Module.getExportByName the injected lib gets unloaded or cleaned up...
Even when I do it with the frida cli

The way I am testing this is the next:

  • Execute the target program.
  • Execute the rust program that injects a lib (libinjected.so)
  • Once the lib is injected I check that it is still loaded by typing lsof -p (ps -ax | grep TARGET_PROGRAM | grep -v "grep" | awk '{print $1}') | grep inject
  • Then I connect with frida cli or call the js function with rust Module.findExportByName
  • Check with lsof you will see that the lib stop showing up.

Is there anything I am doing wrong? or a better way to do this? I think this is a bug but let me know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant