search

frida / frida-clr

Frida .NET bindings
Other
82 stars 36 forks source link

Error with examples/HelloFrida #2

Open dreamx2 opened 9 years ago

dreamx2 commented 9 years ago

Hi. I'm trying to get the HelloFrida example working. Whenever I try to debug it, I get the following exception in Visual Studio:

"System.BadImageFormatException {"Could not load file or assembly 'Frida.dll' or one of its dependencies. is not a valid Win32 application. (Exception from HRESULT: 0x800700C1)"}".

The project builds successfully into a .exe, but whenever I try to open it I get:

"The exception unknown software exception (0xe0434352) occurred in the application at location 0x7670c52d."

I've also tried using the 64 bit .DLL but get a different exception:

"System.AccessViolationException {"Attempted to read or write protected memory. This is often an indication that other memory is corrupt."}".

Is there something I'm doing wrong or missing? Thank you.

oleavr commented 9 years ago

Hi,

Could you enable unmanaged debugging and see where it crashes? This is probably a regression in frida-clr where it's not up-to-date with the current frida-core API. Should be easy to fix though.

Cheers!

dreamx2 commented 9 years ago

Hi, thank you for the quick reply.

It seems to crash before the form even loads.

With native code debugging enabled I got this:

1

2

Output: 'HelloFrida.exe' (Win32): Loaded 'D:\src\frida\HelloFrida\bin\Release\HelloFrida.exe'. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\ntdll.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\mscoree.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\kernel32.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\KernelBase.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\advapi32.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msvcrt.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\sechost.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\rpcrt4.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\sspicli.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\cryptbase.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\shlwapi.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\gdi32.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\user32.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\lpk.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\usp10.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\imm32.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msctf.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\msvcr110_clr0400.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll'. 'HelloFrida.exe' (CLR v4.0.30319: DefaultDomain): Loaded 'C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0b77a5c561934e089\mscorlib.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\ole32.dll'. Symbols loaded. 'HelloFrida.exe' (CLR v4.0.30319: DefaultDomain): Loaded 'D:\src\frida\HelloFrida\bin\Release\HelloFrida.exe'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll'. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll'. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\cryptsp.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\rsaenh.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll'. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll'. 'HelloFrida.exe' (CLR v4.0.30319: DefaultDomain): Loaded 'C:\Windows\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.031bf3856ad364e35\PresentationFramework.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled. 'HelloFrida.exe' (CLR v4.0.30319: DefaultDomain): Loaded 'C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.031bf3856ad364e35\WindowsBase.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled. 'HelloFrida.exe' (CLR v4.0.30319: DefaultDomain): Loaded 'C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0b77a5c561934e089\System.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled. 'HelloFrida.exe' (CLR v4.0.30319: DefaultDomain): Loaded 'C:\Windows\Microsoft.Net\assembly\GAC_32\PresentationCore\v4.0_4.0.0.031bf3856ad364e35\PresentationCore.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll'. 'HelloFrida.exe' (CLR v4.0.30319: DefaultDomain): Loaded 'C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0b77a5c561934e089\System.Xaml.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\DWrite.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\oleaut32.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll'. Symbols loaded. Step into: Stepping over non-user code 'HelloFrida.App..ctor' 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll'. 'HelloFrida.exe' (CLR v4.0.30319: DefaultDomain): Loaded 'C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0b03f5f7f11d50a3a\System.Configuration.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled. 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll'. 'HelloFrida.exe' (CLR v4.0.30319: DefaultDomain): Loaded 'C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0b77a5c561934e089\System.Xml.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled. Step into: Stepping over non-user code 'HelloFrida.App.Main' Step into: Stepping over non-user code 'HelloFrida.App.InitializeComponent' 'HelloFrida.exe' (Win32): Loaded 'D:\src\frida\HelloFrida\bin\Release\Frida.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'D:\src\frida\HelloFrida\bin\Release\Frida.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Unloaded 'D:\src\frida\HelloFrida\bin\Release\Frida.dll' 'HelloFrida.exe' (Win32): Loaded 'C:\Windows\SysWOW64\RpcRtRemote.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Loaded 'D:\src\frida\HelloFrida\bin\Release\Frida.dll'. Symbols loaded. 'HelloFrida.exe' (Win32): Unloaded 'D:\src\frida\HelloFrida\bin\Release\Frida.dll' First-chance exception at 0x7555C42D in HelloFrida.exe: Microsoft C++ exception: EEFileLoadException at memory location 0x003AC30C. First-chance exception at 0x7555C42D in HelloFrida.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000. First-chance exception at 0x7555C42D in HelloFrida.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000. First-chance exception at 0x7555C42D in HelloFrida.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000. First-chance exception at 0x7555C42D in HelloFrida.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000. First-chance exception at 0x7555C42D in HelloFrida.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000. First-chance exception at 0x76F8E823 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0x52018B74. The Common Language Runtime cannot stop at this exception. Common causes include: incorrect COM interop marshalling and memory corruption. To investigate further use native-only debugging. First-chance exception at 0x76F8E823 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0x52018B74. The Common Language Runtime cannot stop at this exception. Common causes include: incorrect COM interop marshalling and memory corruption. To investigate further use native-only debugging. First-chance exception at 0x76F8E823 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0x52018B74. The Common Language Runtime cannot stop at this exception. Common causes include: incorrect COM interop marshalling and memory corruption. To investigate further use native-only debugging. First-chance exception at 0x76F8E823 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0x52018B74. The Common Language Runtime cannot stop at this exception. Common causes include: incorrect COM interop marshalling and memory corruption. To investigate further use native-only debugging. First-chance exception at 0x76F8E823 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0x52018B74. The Common Language Runtime cannot stop at this exception. Common causes include: incorrect COM interop marshalling and memory corruption. To investigate further use native-only debugging. First-chance exception at 0x76F8E823 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0x52018B74. The Common Language Runtime cannot stop at this exception. Common causes include: incorrect COM interop marshalling and memory corruption. To investigate further use native-only debugging. First-chance exception at 0x76F8E823 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0x52018B74. The Common Language Runtime cannot stop at this exception. Common causes include: incorrect COM interop marshalling and memory corruption. To investigate further use native-only debugging. First-chance exception at 0x76F8E823 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0x52018B74. The Common Language Runtime cannot stop at this exception. Common causes include: incorrect COM interop marshalling and memory corruption. To investigate further use native-only debugging. An unhandled exception of type 'System.Windows.Markup.XamlParseException' occurred in PresentationFramework.dll Additional information: The invocation of the constructor on type 'HelloFrida.MainWindow' that matches the specified binding constraints threw an exception.

First-chance exception at 0x76F8E823 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0x52018B74. The Common Language Runtime cannot stop at this exception. Common causes include: incorrect COM interop marshalling and memory corruption. To investigate further use native-only debugging. First-chance exception at 0x7555C42D in HelloFrida.exe: Microsoft C++ exception: [rethrow] at memory location 0x00000000.

Unhandled Exception: First-chance exception at 0x76F9A208 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0xABABABBB. Unhandled exception at 0x76F9A208 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0xABABABBB.

First-chance exception at 0x76F9A208 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0xABABABBB. Unhandled exception at 0x76F9A208 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0xABABABBB.

First-chance exception at 0x76F9A208 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0xABABABBB. Unhandled exception at 0x76F9A208 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0xABABABBB.

First-chance exception at 0x76F9A208 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0xABABABBB. Unhandled exception at 0x76F9A208 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0xABABABBB.

First-chance exception at 0x76F9A208 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0xABABABBB. Unhandled exception at 0x76F9A208 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0xABABABBB.

First-chance exception at 0x76F9A208 (ntdll.dll) in HelloFrida.exe: 0xC0000005: Access violation reading location 0xABABABBB. The thread 0x13d4 has exited with code 0 (0x0). The thread 0xae0 has exited with code 0 (0x0). The thread 0xd64 has exited with code 0 (0x0). The thread 0x116c has exited with code 0 (0x0). The thread 0x12a8 has exited with code 0 (0x0). The thread 0x11ac has exited with code 0 (0x0). The thread 0x1014 has exited with code 0 (0x0). The thread 0x7dc has exited with code 0 (0x0). The program '[4012] HelloFrida.exe' has exited with code 0 (0x0).

Cannot print exception string because Exception.ToString() failed.

th30c0der commented 4 years ago

Hi,

Could you enable unmanaged debugging and see where it crashes? This is probably a regression in frida-clr where it's not up-to-date with the current frida-core API. Should be easy to fix though.

Cheers!

I was faced this error , and i fixed by adding 0x to ptr