search

freehuntx / frida-mono-api

All the mono c exports, ready to be used in frida!
MIT License
68 stars 23 forks source link

Function `mono_get_root_domain()` returns `0x0` if application is started using `device.spawn`. #4

Open tijme opened 4 years ago

tijme commented 4 years ago

Hi @freehuntx,

I created a program using frida-inject that spawns a certain Xamarin application and then injects a frida-mono-api based script. Everything works correctly if I use the frida-mono-api based script on a target application that is already running.

However, if the application is not yet running, I start it using Frida's await device.spawn(identifier), but the frida-mono-api based script throws an error.

Error: access violation accessing 0x60
    at node_modules/frida-mono-api/src/mono-api.js:804
    at o (node_modules/browser-pack/_prelude.js:1)
    at /script2.js:54
    at o (node_modules/browser-pack/_prelude.js:1)
    at scripts/intercept_pincode.js:1
    at o (node_modules/browser-pack/_prelude.js:1)
    at r (node_modules/browser-pack/_prelude.js:1)
    at /script2.js:1069

I found out that when I start the application using Frida's device.spawn function the MonoApi.mono_get_root_domain() returns 0x0. I think this is due to the fact that the Xamarin application is not fully initialised yet, but I can't find out how to fix it.

Have you experienced this problem before?

freehuntx commented 4 years ago

Hey @tijme Sadly i have no experience with Xamarin. Maybe you can catch the error and retry until it works?

tijme commented 4 years ago

Thanks for the response.

Unfortunately a try catch loop doesn't work. I don't have a lot of time to spend on debugging at the moment. When I have, I'll take a look at it again. Lets park the issue for now.

freehuntx commented 4 years ago

This does not work?

let attached = false;
const attachInterval = setInterval(() => {
  const domain = MonoApi.mono_get_root_domain()
  if (domain.equals(0)) return

  clearInterval(attachInterval)
  MonoApi.mono_thread_attach(domain)
}, 1000)
freehuntx commented 3 years ago

Im currently reworking "frida-mono" and it will contain everything needed to work with mono. This repo will become obsolete when thats done. You can follow the current state in this branch: https://github.com/freehuntx/frida-mono/tree/feature/v1

I wont concentrate on fixing things here since im not happy with the codebase. Keep an eye on frida-mono :)

xiaozhuai commented 1 year ago

I had the same issue recently, any progress or any suggestions? The target application on windows is https://www.cl.cam.ac.uk/research/rainbow/projects/unityeyes/