search

frida / frida-node

Frida Node.js bindings
279 stars 65 forks source link

Java.enumerateLoadedClasses throws an error (access violation) #22

Closed TelmoNeves closed 7 years ago

TelmoNeves commented 7 years ago

While trying to use Java.enumerateLoadedClasses I get the following error:

{ type: 'error', description: 'Error: access violation accessing 0x0', stack: 'Error: access violation accessing 0x0\n at _enumerateLoadedClasses (frida/node_modules/frida-java/index.js:98:30)\n at Runtime.value [as enumerateLoadedClasses] (frida/node_modules/frida-java/index.js:145:7)\n at agent.js:446:8\n at VM.perform (frida/node_modules/frid a-java/lib/vm.js:35:7)\n at performPending (frida/node_modules/frida-java/index.js:221:14)\n at frida/node_modules/frida-java/index.js:196:15\n at VM.perform (frida/node_modules/frida-java/lib/vm.js:35:7)\n at Runtime.perform (frida/node_modules/frida-java/index.js:191:14)\n at Object .1 (agent.js:5:7)\n at s (node_modules/frida-load/node_modules/browserify/node_modules/browser-pack/_prelude.js:1:1)', fileName: 'frida/node_modules/frida-java/index.js', lineNumber: 98, columnNumber: 30 }

I remember using this function at the beginning of the year and it worked.

My device is a Samsung Note 3 rooted running android 4.3

I also tested with an emulator and I got the same error.

oleavr commented 7 years ago

Let's keep tracking this at frida/frida-java#7.

enovella commented 6 years ago

Getting something very similar with latest Frida & r2frida (all in latest versions v12.2.12)

Unhandled message: {"type":"error","description":"Error: access violation accessing 0x0","stack":"Error: access violation accessing 0x0\n    at input:1\n    at frida/node_modules/frida-java/index.js:339\n    at input:1","fileName":"input","lineNumber":1,"columnNumber":1}

Any regression or something? It is only happens in the newer version of the app I'm working with. With the previous everything works fine.

enovella commented 6 years ago

If I clear the cache and data of the app before starting the app, the error doesn't show up anymore. But this need to be done everytime before running Frida/r2frida.

oleavr commented 6 years ago

Interesting. The only recent change is that we hook one additional method when Java.perform() is called early in the process lifetime. However, I have heard of such crashes happening randomly in other cases, so my gut feeling is that the recent change just amplified an existing bug. Now we just have to find it. ;-) At least it's gotten more reproducible.

Did you try running the code on our V8-based runtime just for kicks? If you want to try this on r2frida you can add frida_session_enable_jit_sync (session, NULL); before the first script is created.