search

frida / frida-core

Frida core library intended for static linking into bindings
https://frida.re
Other
618 stars 198 forks source link

py-Frida crashed when exhaustion on Windows #166

Open whklhh opened 6 years ago

whklhh commented 6 years ago

Hi.I am doing a CrackMe. When I use frida to try it one letter by one letter, it crashed.

0x00007FF8D381F515 (_frida.cp36-win_amd64.pyd) (python.exe 中)处有未经处理的异常: 0xC0000005: 读取位置 0x0000000000000002 时发生访问冲突。

Try it more times and it always happened on the 20th running.

I think it's about multiprocesses, but don't know how to decrease the fluence. I did detach() and kill().

My system is Win10-x64, python is 3.6.4-x64, the crackme.exe is 32bit.

Thanks for your great tools! Looking forward to your help~

Here is the code

import sys
import frida
import string
import subprocess

s = """
var printf = new NativeFunction(ptr('0x401410'), 'int', ['pointer', 'int']);

var target = ptr('0x401054');
var addrexit = ptr('0x401370');
var format = Memory.allocUtf8String('%d\\n');

var count = 0;

Interceptor.attach(target, function(args){
count++;
});

Interceptor.attach(addrexit, function(args){
printf(format, count);
});
"""

def hook():
    session = frida.get_local_device().attach("CrackMe.exe")
    script = session.create_script(s)
    script.load()

    return session

CMD = "F:\ctf\Whale\CrackMe\CrackMe.exe"
def main():
    global count
    global f
    global stat
    flag = ""
    f = 1
    stat = 0
    while(f):
        l = 0
        for i in (string.digits + string.ascii_letters + string.punctuation):
            count = 0
            f = 0
            p = subprocess.Popen(CMD, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
            session = hook()
            pin, pout = p.stdin, p.stdout
            pin.write((flag + i + '\n').encode())
            pin.flush()
            pout.readline()
            pout.readline()
            count = int(pout.readline().decode()[:2])
            pin.close()
            pout.close()
            p.kill()
            session.detach()
            print(flag + i + ":" + str(count))
            if(count-l>0 and l):
                flag += i
                print("find: ", flag)
                break
            l = count

main()
whklhh commented 6 years ago

I try again and find:

import frida
for i in range(25):
  s = frida.attach("notepad.exe")
  s.detach()

this will crashed too