frida 错误 - Githubissues

QQBackup / qq-win-db-key

全平台 QQ 聊天数据库解密

Other

392 stars 50 forks source link

frida 错误 #15

Closed shenjackyuanjie closed 8 months ago

shenjackyuanjie commented 8 months ago

❯ python3.10 pcqq_dump.py
QQ pid is: 44980
Traceback (most recent call last):
  File "V:\githubs\qqdb\pcqq_dump.py", line 178, in <module>
    session = frida.get_local_device().attach(QQ_PID)
  File "D:\APPS\CPython\Python310\lib\site-packages\frida\core.py", line 86, in wrapper
    return f(*args, **kwargs)
  File "D:\APPS\CPython\Python310\lib\site-packages\frida\core.py", line 1010, in attach
    return Session(self._impl.attach(self._pid_of(target), **kwargs))  # type: ignore
frida.PermissionDeniedError: error creating directory C:\Users\SHENJA~1.SHE\AppData\Local\Temp\frida-d0ee0fb3c91dec79c5b4bd5f26cdb016\32: Permission denied

shenjackyuanjie commented 8 months ago

修改

session = frida.get_local_device().attach(QQ_PID)

为

session = frida.attach(QQ_PID)

可修复问题怪欸

Young-Lord commented 8 months ago

啊？我没发现哪里有区别 https://github.com/frida/frida-python/blob/ebd797e4bc248b8d895d68ebf244a34744cb3ea9/frida/__init__.py#L87-L95

def attach(
    target: core.ProcessTarget, realm: Optional[str] = None, persist_timeout: Optional[int] = None
) -> core.Session:
    """
    Attach to a process
    :param target: the PID or name of the process
    """

    return get_local_device().attach(target, realm=realm, persist_timeout=persist_timeout)

并且这行上次更改是 3 years ago，也能排除是不同版本实现有差异也就是说，这更像是一个偶然问题

shenjackyuanjie commented 8 months ago

我也不清楚，但是只要没有去掉 get_local_device() 就一定会报错，我感觉是个frida问题？

Young-Lord commented 8 months ago

报下版本或者把init.py#L87-L95贴出来

shenjackyuanjie commented 8 months ago

16.1.7 要命.png

Young-Lord commented 8 months ago

core.py line 1010 return Session(self._impl.attach(self._pid_of(target), **kwargs)) # type: ignore 这一句前加个print(target, kwargs) 分别看看输出

shenjackyuanjie commented 8 months ago

更神奇的事情出现了


qqdb [ master][!?][ v18.17.1][🐍 ][⏱ 2m10s]
❯ python3.10 pcqq_dump.py
QQ pid is: 61924
61924 {}
hooked.
Traceback (most recent call last):
  File "V:\githubs\qqdb\pcqq_dump.py", line 234, in <module>
    sys.stdin.read()
KeyboardInterrupt

qqdb [ master][!?][ v18.17.1][🐍 ][⏱ 4s]
❯ python3.10 pcqq_dump.py
QQ pid is: 61924
61924 {}
hooked.
[+] key found:
process exited.

第一次运行不带 local device 第二次带然后他hook 成功了神奇

Young-Lord commented 8 months ago

这不就行了

Young-Lord commented 8 months ago

要不要看看有没有 frida 相关服务进程残留一类的