add support to hook child process too

[jivanirutvik]

Hi, thank you for your great project. Can you please add support to hook child process too. Thanks

[lico-n]

Hey,

this would indeed be an interesting feature but I fear it might not be as straightforward though. There is no out-of-the-box support for spawn-gating using the gadget that was more designed for being embedded.

Potentially an idea would be to hook into the fork process and then reload the gadget in the child process starting a frida thread within the child process. This is just me brainstorming some ideas with no regards of actual feasability.

Even if it was possible to load the gadget into the child process, there is the issue on how to configure the child gadget. If we were to load it in the default config, it would get into a port conflict and fail. A config with on_port_conflict: pick-next could potentially work.

I will probably experiment a bit when I have some more free time in my hands to see if it's in theory feasible. But if anybody has more ideas how this could potentially work/be configured, then it would great to hear.

[lico-n]

I have tested my theory and the general concept of hooking fork/vfork and loading a gadget into the child is working.

I will implement this as an experimental feature in the coming weeks, probably want to refactor configuring the module a bit as configuration becomes more complex with more features.

[jivanirutvik]

I have tested my theory and the general concept of hooking fork/vfork and loading a gadget into the child is working.

I will implement this as an experimental feature in the coming weeks, probably want to refactor configuring the module a bit as configuration becomes more complex with more features.

Thank you for your time

[lico-n]

I have created a new release v1.4.0 with experimental child gating support. Please read the configuration carefully before trying to use it.