windows: Use RW/RX permissions for injection

This makes Frida injection compatible with more software. In particular, Mozilla Firefox rejects thread startup if the start address is RWX.
frida · Mar 27, 2024 · 7e29ca0 · 7e29ca0
1 parent 7d325a7
commit 7e29ca0
Showing 1 changed file with 19 additions and 5 deletions.
diff --git a/src/windows/frida-helper-backend-glue.c b/src/windows/frida-helper-backend-glue.c
@@ -309,6 +309,8 @@ frida_remote_worker_context_init (FridaRemoteWorkerContext * rwc, FridaInjection
   const gchar * loadlibrary_failed = "loadlibrary_failed";
   const gchar * skip_unload = "skip_unload";
   const gchar * return_result = "return_result";
+  SIZE_T alloc_size;
+  DWORD old_protect;
 
   gum_init ();
 
@@ -403,10 +405,10 @@ frida_remote_worker_context_init (FridaRemoteWorkerContext * rwc, FridaInjection
   StringCbCopyA (rwc->entrypoint_name, sizeof (rwc->entrypoint_name), details->entrypoint_name);
   StringCbCopyA (rwc->entrypoint_data, sizeof (rwc->entrypoint_data), details->entrypoint_data);
 
-  rwc->entrypoint = VirtualAllocEx (details->process_handle, NULL,
-      code_size + data_alignment + sizeof (FridaRemoteWorkerContext), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+  alloc_size = code_size + data_alignment + sizeof (FridaRemoteWorkerContext);
+  rwc->entrypoint = VirtualAllocEx (details->process_handle, NULL, alloc_size, MEM_COMMIT, PAGE_READWRITE);
   if (rwc->entrypoint == NULL)
-    goto virtual_alloc_failed;
+    goto virtual_alloc_ex_failed;
 
   if (!WriteProcessMemory (details->process_handle, rwc->entrypoint, code, code_size, NULL))
     goto write_process_memory_failed;
@@ -416,6 +418,9 @@ frida_remote_worker_context_init (FridaRemoteWorkerContext * rwc, FridaInjection
   if (!WriteProcessMemory (details->process_handle, rwc->argument, rwc, sizeof (FridaRemoteWorkerContext), NULL))
     goto write_process_memory_failed;
 
+  if (!VirtualProtectEx(details->process_handle, rwc->entrypoint, alloc_size, PAGE_EXECUTE_READ, &old_protect))
+    goto virtual_protect_ex_failed;
+
   gum_free_pages (code);
   return TRUE;
 
@@ -428,12 +433,12 @@ frida_remote_worker_context_init (FridaRemoteWorkerContext * rwc, FridaInjection
         "Unexpected error while resolving kernel32 functions");
     goto error_common;
   }
-virtual_alloc_failed:
+virtual_alloc_ex_failed:
   {
     g_set_error (error,
         FRIDA_ERROR,
         FRIDA_ERROR_NOT_SUPPORTED,
-        "Unexpected error allocating memory in target process (VirtualAlloc returned 0x%08lx)",
+        "Unexpected error allocating memory in target process (VirtualAllocEx returned 0x%08lx)",
         GetLastError ());
     goto error_common;
   }
@@ -446,6 +451,15 @@ frida_remote_worker_context_init (FridaRemoteWorkerContext * rwc, FridaInjection
         GetLastError ());
     goto error_common;
   }
+virtual_protect_ex_failed:
+  {
+    g_set_error (error,
+        FRIDA_ERROR,
+        FRIDA_ERROR_NOT_SUPPORTED,
+        "Unexpected error changing memory permission in target process (VirtualProtectEx returned 0x%08lx)",
+        GetLastError ());
+    goto error_common;
+  }
 error_common:
   {
     frida_remote_worker_context_destroy (rwc, details);