Open Antoine-Gicquel opened 3 years ago
BLuFeNiX
commented
3 years ago I ran into a similar issue and have not yet found a good solution. I do not recall the specifics of my scenario, but if I look into it again, I will be sure to let you know. Please do the same.
forensicmike
commented
3 years ago Hi, check out this snippet from the Raptor tracing script for a workaround. I included the entire method so you could see how it sets things up, but note that the hook itself is done with this line: hook[targetMethod].overloads[i].implementation = function() {
If you grab the full raptor tracing script above you can check the bottom for usage examples.
// trace a specific Java Method
function traceMethod(targetClassMethod)
{
var delim = targetClassMethod.lastIndexOf(".");
if (delim === -1) return;
var targetClass = targetClassMethod.slice(0, delim)
var targetMethod = targetClassMethod.slice(delim + 1, targetClassMethod.length)
var hook = Java.use(targetClass);
var overloadCount = hook[targetMethod].overloads.length;
console.log("Tracing " + targetClassMethod + " [" + overloadCount + " overload(s)]");
for (var i = 0; i < overloadCount; i++) {
hook[targetMethod].overloads[i].implementation = function() {
console.warn("\n*** entered " + targetClassMethod);
// print backtrace
// Java.perform(function() {
// var bt = Java.use("android.util.Log").getStackTraceString(Java.use("java.lang.Exception").$new());
// console.log("\nBacktrace:\n" + bt);
// });
// print args
if (arguments.length) console.log();
for (var j = 0; j < arguments.length; j++) {
console.log("arg[" + j + "]: " + arguments[j]);
}
// print retval
var retval = this[targetMethod].apply(this, arguments); // rare crash (Frida bug?)
console.log("\nretval: " + retval);
console.warn("\n*** exiting " + targetClassMethod);
return retval;
}
}
}
Antoine-Gicquel
commented
3 years ago Thank you very much ! Now I run in another bug, which is that re-implementing methods with Frida breaks JDB (or any Java Debug Interface based debugger) debugging (in fact it makes JDB hang), even if the method is never called. I cannot understand why it all behaves this way, and am not smart enough to use GDB to determine the cause of the crash... So I thougth of Interceptor as a "ligther" approach with Frida. Indeed, very "light" scripts (like only console logging and calling java methods on objects) work like a charm with JDB.
forensicmike
commented
3 years ago Thank you very much ! Now I run in another bug, which is that re-implementing methods with Frida breaks JDB (or any Java Debug Interface based debugger) debugging (in fact it makes JDB hang), even if the method is never called. I cannot understand why it all behaves this way, and am not smart enough to use GDB to determine the cause of the crash... So I thougth of Interceptor as a "ligther" approach with Frida. Indeed, very "light" scripts (like only console logging and calling java methods on objects) work like a charm with JDB.
I have only limited experience with using frida and a debugger at the same time and never with Java, so can't provide much assistance there. The only idea that comes to mind is have you tried attaching JDB at different times, such as after installing the hook? Also, what is your intent with using the debugger simultaneously? Is there any chance you could accomplish the same thing with Frida alone?
Antoine-Gicquel
commented
3 years ago Thank you very much ! Now I run in another bug, which is that re-implementing methods with Frida breaks JDB (or any Java Debug Interface based debugger) debugging (in fact it makes JDB hang), even if the method is never called. I cannot understand why it all behaves this way, and am not smart enough to use GDB to determine the cause of the crash... So I thougth of Interceptor as a "ligther" approach with Frida. Indeed, very "light" scripts (like only console logging and calling java methods on objects) work like a charm with JDB.
I have only limited experience with using frida and a debugger at the same time and never with Java, so can't provide much assistance there. The only idea that comes to mind is have you tried attaching JDB at different times, such as after installing the hook? Also, what is your intent with using the debugger simultaneously? Is there any chance you could accomplish the same thing with Frida alone?
I did try attaching JDB before and after the re-implementation, and it did not change a thing. I am using a Java debugger to get a full stacktrace when a given method is called, with arguments as well as local variables (all being pointers to the heap, which I then try to inspect the objects they're pointing to) of each stackframe, which I think I cannot do with Frida alone.
Hello, I am currently working on the instrumentation of a Java project (a JAR file running on the HotSpot JVM), and I encountered an issue while using the Interceptor. The following script :
Running on the following Java project :
Does not produce the expected output. Indeed, nothing is output to the console when
Main.ais called.Is this a known issue ? Is there any workaround ? (I have a specific use-case, as I want to set a JDI breakpoint on
Main.alater. This is why I avoid the complete rewriting ofMain.a's implementation, which would be turned into native code into which I cannot set breakpoints. But for now I am just trying to make this simple example work)PS :
Java.available -> true