Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

windows: Use RW/RX permissions for injection #513

Merged
merged 1 commit into from
May 13, 2024

Conversation

yjugl
Copy link
Contributor

@yjugl yjugl commented Mar 27, 2024

This makes Frida injection compatible with more software. In particular, Mozilla Firefox rejects thread startup if the start address is RWX.

@oleavr
Copy link
Member

oleavr commented Apr 2, 2024

Yay, thanks for doing this! 🙌 Will land this as soon as I get the CI back in working order, so we can cut releases once again 😊

@yjugl
Copy link
Contributor Author

yjugl commented Apr 4, 2024

I can reproduce the failure locally and I'm taking a look.

@yjugl yjugl force-pushed the windows-rw-rx-injection branch from 7e29ca0 to 7e9046c Compare April 4, 2024 11:58
@yjugl
Copy link
Contributor Author

yjugl commented Apr 4, 2024

The issue was that the code below requires (one byte of) the FridaRemoteWorkerContext to be writable:

void
frida_agent_main (const char * data, bool * stay_resident)
{
  (void) data;

  *stay_resident = true;

  append_to_log ('m');
}

I changed my patch to put the code and the FridaRemoteWorkerContext on different memory pages, so that they can have different permissions. This seemed like the easiest option. Alternatively we could probably make FridaRemoteWorkerContext readonly if we remove the stay_resident field. But then we would need to propagate that information in a different way, e.g. with the thread exit code or with a Windows event object.

- Use a dedicated memory page for the injected code.
- Use RW permissions when writing the injected code and data.
- Switch the code page to RX permissions after writing.

This makes Frida injection compatible with more software. In particular,
Mozilla Firefox rejects thread startup if the start address is RWX.
@oleavr oleavr force-pushed the windows-rw-rx-injection branch from 7e9046c to 50a40c8 Compare May 13, 2024 13:29
@oleavr oleavr merged commit 298bed5 into frida:main May 13, 2024
26 of 29 checks passed
@oleavr
Copy link
Member

oleavr commented May 13, 2024

Thanks! 🔥

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants