search

frida / frida-core

Frida core library intended for static linking into bindings
https://frida.re
Other
592 stars 187 forks source link

Trying to inject library in process on macos (14.1) leads to "module not found" error. #512

Open mostobriv opened 3 months ago

mostobriv commented 3 months ago

Sorry for opening an issue (i'm not totally sure if it's bug somewhere in my code/approach or frida-core).

So, i'm trying to inject library in another process with frida-core 16.2.1 and got Module not found at "/usr/lib/libresolv.9.dylib" error.

Here is code snippet of injector:

#include <stdlib.h>
#include <stdio.h>

#include "frida-core.h"

int main(int argc, char **argv) {
  if (argc != 3) {
    g_printerr("Usage: %s <pid> <payload_path>\n", argv[0]);
    return 1;
  }

  int target_pid = atoi(argv[1]);
  if (target_pid <= 0) {
    g_printerr("Invalid PID: %d\n", target_pid);
    return 1;
  }

  char *payload_path = argv[2];

  puts(payload_path);

  frida_init();

  FridaInjector *injector = frida_injector_new_inprocess();

  GError *error = NULL;
  frida_injector_inject_library_file_sync(injector, target_pid, payload_path,
                                          "fgpg_agent_main", "", NULL,
                                          &error);

  puts("[*] Injected");

  if (error != NULL) {
    puts(error->message);
    g_error_free(error);
  }

  frida_injector_close_sync(injector, NULL, NULL);
  g_object_unref(injector);
  frida_deinit();

  return 0;
}

And here is injected library:

#include "frida-gum.h"

extern void fgpg_agent_main(const char *data, int *stay_resident) {
  *stay_resident = 1;

  g_print("Hello from agent!\n");
}

And when i'm trying to inject, i get this output:

➜  build ./injector 10986 $PWD/libinject-payload.dylib
/Users/virbotsom/share/git-reps/dev/fgpg/build/libinject-payload.dylib
[*] Injected
Module not found at "/usr/lib/libresolv.9.dylib"

Also libresolv - is first dependency of libinject-payload.dylib, so it looks like frida-core got confused somewhere trying to load(?) injection payload in process:

➜  build otool -L libinject-payload.dylib                                       
libinject-payload.dylib:                                                        
        @rpath/libinject-payload.dylib (compatibility version 0.0.0, current version 0.0.0)                                                                     
        /usr/lib/libresolv.9.dylib (compatibility version 1.0.0, current version 1.0.0)                                                                         
        /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1345.100.2)

OS: MacOS 14.1 (Sonoma) CPU: M3

UPD: It works if injection-payload compiled without dependencies or just libSystem (at least it worked for me), but if i compile it with any other dependency (such as libresolv) then frida fails to load it in target process.