search

frida / frida-gum

Cross-platform instrumentation and introspection library written in C
https://frida.re
Other
733 stars 242 forks source link

Can't find Go binary symbols when running in Linux using Docker + Virtiofs + macOS host #749

Open aviramha opened 1 year ago

aviramha commented 1 year ago

I know I keep finding the odd stuff, but really it's our users 🤣 We found out that for some reason, when our .so loads into a Go process running in a Docker container using Virtiofs it can't find any of it's symbols.

Sample code:

        let modules =     Module::enumerate_modules()
        .iter()
        .map(|m| m.name.clone())
        .collect();
        let module = modules.first().unwrap().clone();
        let symbols = Module::enumerate_symbols(&module);
        for symbol in symbols {
            trace!("{}", symbol.name);
        }

Prints nothing when Docker is using virtiofs but works great when using other file system virtualization.

I tried running with latest Frida (16.1.3) as I saw there was a lot of refactoring going on in related code, but didn't help. Related issue: https://github.com/metalbear-co/mirrord/issues/1803

aviramha commented 1 year ago

The symbols can be found from lldb attached to same process.

aviramha commented 1 year ago

It seems that we reach gum_elf_module_load with source_path {source_path:"/host_virtiofs/Users/aviramhassan/Code/mirrord/mirrord/layer/tests/apps/app_go/20.go_test_app", ...} which is probably the issue. I guess the file isn't accessible from that path.

aviramha commented 1 year ago

Okay, I found the root cause when running cat /proc/mypid/maps I can see the /host_virtiofs which leads me to believe that Frida gets the same

fffff657b000-fffff657c000 rw-p 00014000 fe:01 7092423                    /lib/aarch64-linux-gnu/libresolv-2.31.so
fffff657c000-fffff657e000 rw-p 00000000 00:00 0 
fffff657e000-fffff7dcb000 r-xp 00000000 00:8a 76256                      /host_virtiofs/Users/aviramhassan/Code/mirrord/target/debug/libmirrord_layer.so
fffff7dcb000-fffff7dda000 ---p 0184d000 00:8a 76256                      /host_virtiofs/Users/aviramhassan/Code/mirrord/target/debug/libmirrord_layer.so
fffff7dda000-fffff7fc4000 r--p 0184c000 00:8a 76256                      /host_virtiofs/Users/aviramhassan/Code/mirrord/target/debug/libmirrord_layer.so
fffff7fc4000-fffff7fca000 rw-p 01a36000 00:8a 76256                      /host_virtiofs/Users/aviramhassan/Code/mirrord/target/debug/libmirrord_layer.so
fffff7fca000-fffff7fcc000 rw-p 00000000 00:00 0 
fffff7fcc000-fffff7fed000 r-xp 00000000 fe:01 7092366                    /lib/aarch64-linux-gnu/ld-2.31.so
fffff7fef000-fffff7ff1000 rw-p 00000000 00:00 0 
fffff7ff2000-fffff7ff3000 r--p 00000000 00:00 0 
fffff7ff3000-fffff7ff4000 rw-p 00000000 00:00 0 
fffff7ff4000-fffff7ff5000 r--p 00000000 00:00 0 
fffff7ff5000-fffff7ff6000 rw-p 00000000 00:00 0 
fffff7ff6000-fffff7ff7000 r--p 00000000 00:00 0 
fffff7ff7000-fffff7ffa000 rw-p 00000000 00:00 0 
fffff7ffa000-fffff7ffc000 r--p 00000000 00:00 0                          [vvar]
fffff7ffc000-fffff7ffd000 r-xp 00000000 00:00 0                          [vdso]
fffff7ffd000-fffff7ffe000 r--p 00021000 fe:01 7092366                    /lib/aarch64-linux-gnu/ld-2.31.so
fffff7ffe000-fffff8000000 rw-p 00022000 fe:01 7092366                    /lib/aarch64-linux-gnu/ld-2.31.so
fffffffd9000-1000000000000 rw-p 00000000 00:00 0                         [stack]
vscode ➜ /workspaces/mirrord (virtiofs) $ cat /proc/29234/maps