Fix some small issues and experiment with C#
This commit is contained in:
Dimitris Zervas
@ -1,5 +1,5 @@
|
||||
#![cfg(feature = "frida")]
|
||||
use frida::{DeviceManager, Frida, ScriptHandler, ScriptOption, ScriptRuntime};
|
||||
use frida::{DeviceManager, DeviceType, Frida, ScriptHandler, ScriptOption, ScriptRuntime};
|
||||
use lazy_static::lazy_static;
|
||||
use serde::Deserialize;
|
||||
|
||||
@ -7,13 +7,13 @@ lazy_static! {
|
||||
pub static ref FRIDA: Frida = unsafe { Frida::obtain() };
|
||||
}
|
||||
|
||||
pub fn attach_pid(frida_code: String, pid: u32) {
|
||||
pub fn attach_pid(frida_code: &str, pid: u32) {
|
||||
println!("[+] Injecting into PID: {}", pid);
|
||||
|
||||
let device_manager = DeviceManager::obtain(&FRIDA);
|
||||
println!("[*] Device Manager obtained");
|
||||
|
||||
if let Some(device) = device_manager.enumerate_all_devices().first() {
|
||||
if let Ok(device) = device_manager.get_device_by_type(DeviceType::Local) {
|
||||
println!("[*] First device: {}", device.get_name());
|
||||
|
||||
let session = device.attach(pid).unwrap();
|
||||
@ -25,7 +25,7 @@ pub fn attach_pid(frida_code: String, pid: u32) {
|
||||
.set_runtime(ScriptRuntime::QJS);
|
||||
println!("[*] Script {}", frida_code);
|
||||
let script = session
|
||||
.create_script(&frida_code, &mut script_option)
|
||||
.create_script(frida_code, &mut script_option)
|
||||
.unwrap();
|
||||
|
||||
script.handle_message(&mut Handler).unwrap();
|
||||
@ -110,7 +110,7 @@ mod tests {
|
||||
}, "uint8", []));
|
||||
"#;
|
||||
|
||||
attach_pid(frida_script.to_string(), 0);
|
||||
attach_pid(frida_script, 0);
|
||||
assert_eq!(20, unsafe { mylib_foo() });
|
||||
}
|
||||
}
|
||||
|
||||
@ -2,11 +2,11 @@
|
||||
#[cfg(all(unix, not(feature = "frida")))]
|
||||
compile_error!("Only Frida injection is supported for Unix targets");
|
||||
|
||||
#[cfg(all(not(feature = "managed_lib"), not(feature = "frida")))]
|
||||
compile_error!("No injection method is selected - please enable either managed_lib (windows-only) and/or frida feature");
|
||||
#[cfg(all(not(feature = "dotnet"), not(feature = "frida")))]
|
||||
compile_error!("No injection method is selected - please enable either dotnet (windows-only) and/or frida feature");
|
||||
|
||||
#[cfg(all(not(windows), feature = "managed_lib"))]
|
||||
compile_error!("Managed library injection is only supported for Windows target");
|
||||
// #[cfg(all(not(windows), feature = "dotnet"))]
|
||||
// compile_error!("Managed library injection is only supported for Windows target");
|
||||
|
||||
#[cfg(feature = "frida")]
|
||||
use crate::frida_handler::attach_pid as frida_attach_pid;
|
||||
@ -15,7 +15,7 @@ use crate::frida_handler::attach_pid as frida_attach_pid;
|
||||
pub extern "C" fn attach(pid: u32) {
|
||||
#[cfg(feature = "frida")]
|
||||
{
|
||||
let frida_code = env!("FRIDA_CODE").to_string();
|
||||
let frida_code = env!("FRIDA_CODE");
|
||||
#[cfg(windows)]
|
||||
std::thread::spawn(move || frida_attach_pid(frida_code, pid));
|
||||
#[cfg(not(windows))]
|
||||
|
||||
25
src/lib.rs
25
src/lib.rs
@ -1,13 +1,15 @@
|
||||
pub mod injector;
|
||||
#[cfg(feature = "frida")]
|
||||
pub mod frida_handler;
|
||||
// #[cfg(feature = "dotnet")]
|
||||
// pub mod cs;
|
||||
|
||||
pub use injector::{attach, attach_self};
|
||||
pub use injector::attach_self;
|
||||
|
||||
#[cfg(all(unix, not(test)))]
|
||||
#[cfg(all(unix, not(test), not(feature = "dotnet")))]
|
||||
use ctor::ctor;
|
||||
|
||||
#[cfg(all(unix, not(test)))]
|
||||
#[cfg(all(unix, not(test), not(feature = "dotnet")))]
|
||||
#[ctor]
|
||||
fn _start() {
|
||||
println!("[+] frida-deepfreeze-rs library injected");
|
||||
@ -16,27 +18,24 @@ fn _start() {
|
||||
|
||||
// For some reason ctor doesn't work on Windows - it hangs the process
|
||||
// during DeviceManager::obtain. DllMain works fine though.
|
||||
#[cfg(all(windows, not(test)))]
|
||||
#[cfg(all(any(windows, feature = "dotenv"), not(test)))]
|
||||
use std::ffi::c_void;
|
||||
#[cfg(all(windows, not(test)))]
|
||||
#[cfg(all(any(windows, feature = "dotenv"), not(test)))]
|
||||
use winapi::um::winnt::DLL_PROCESS_ATTACH;
|
||||
|
||||
#[cfg(all(windows, feature = "dll_proxy", not(test)))]
|
||||
#[cfg(all(any(windows, feature = "dotenv"), not(test)))]
|
||||
use winapi::um::libloaderapi::LoadLibraryA;
|
||||
|
||||
#[cfg(all(windows, not(test)))]
|
||||
#[cfg(all(any(windows, feature = "dotenv"), not(test)))]
|
||||
#[no_mangle]
|
||||
#[allow(non_snake_case, unused_variables)]
|
||||
extern "system" fn DllMain(dll_module: *mut c_void, call_reason: u32, _: *mut ()) -> bool {
|
||||
pub extern "system" fn DllMain(dll_module: *mut c_void, call_reason: u32, _: *mut ()) -> bool {
|
||||
match call_reason {
|
||||
DLL_PROCESS_ATTACH => {
|
||||
println!("[+] frida-deepfreeze-rs DLL injected");
|
||||
|
||||
#[cfg(feature = "dll_proxy")]
|
||||
{
|
||||
unsafe { LoadLibraryA(env!("LIB_NAME").as_ptr() as *const i8); }
|
||||
println!("[+] Original DLL {} loaded", env!("LIB_NAME"));
|
||||
}
|
||||
unsafe { LoadLibraryA(env!("LIB_NAME").as_ptr() as *const i8); }
|
||||
println!("[+] Original DLL {} loaded", env!("LIB_NAME"));
|
||||
|
||||
attach_self();
|
||||
}
|
||||
|
||||
99
src/win_daemon.rs
Normal file
99
src/win_daemon.rs
Normal file
@ -0,0 +1,99 @@
|
||||
#![cfg(windows)]
|
||||
|
||||
use std::ffi::c_void;
|
||||
use winapi::shared::minwindef::DWORD;
|
||||
use winapi::um::evntprov::*;
|
||||
use winapi::um::evntcons::*;
|
||||
use winapi::um::evntprov::*;
|
||||
use winapi::um::winnt::{EVENT_TRACE_CONTROL_STOP, EVENT_TRACE_FLAG_PROCESS};
|
||||
|
||||
pub fn start_daemon() {
|
||||
// Create an event trace session
|
||||
let session_name = "frida-deepfreeze-rs";
|
||||
let session_handle = create_event_trace_session(session_name);
|
||||
if session_handle.is_null() {
|
||||
eprintln!("Failed to create event trace session");
|
||||
return;
|
||||
}
|
||||
|
||||
// Enable process creation events
|
||||
enable_process_creation_events(session_handle);
|
||||
|
||||
// Process events until a termination event is received
|
||||
process_events(session_handle);
|
||||
|
||||
// Stop the event trace session
|
||||
stop_event_trace_session(session_handle);
|
||||
}
|
||||
|
||||
fn create_event_trace_session(session_name: &str) -> TRACEHANDLE {
|
||||
let session_name = widestring::WideCString::from_str(session_name).expect("Failed to convert session name");
|
||||
|
||||
let mut session_handle: TRACEHANDLE = 0;
|
||||
let status = unsafe {
|
||||
StartTraceW(
|
||||
&mut session_handle,
|
||||
session_name.as_ptr(),
|
||||
ptr::null_mut(),
|
||||
)
|
||||
};
|
||||
|
||||
if status != ERROR_SUCCESS {
|
||||
println!("Failed to start event trace session: {}", status);
|
||||
}
|
||||
|
||||
session_handle
|
||||
}
|
||||
|
||||
fn enable_process_creation_events(session_handle: TRACEHANDLE) {
|
||||
let status = unsafe {
|
||||
EnableTraceEx2(
|
||||
session_handle,
|
||||
&EVENT_TRACE_GUID_PROCESS,
|
||||
EVENT_CONTROL_CODE_ENABLE_PROVIDER,
|
||||
TRACE_LEVEL_INFORMATION,
|
||||
EVENT_TRACE_FLAG_PROCESS,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
NULL,
|
||||
)
|
||||
};
|
||||
|
||||
if status != ERROR_SUCCESS {
|
||||
println!("Failed to enable process creation events: {}", status);
|
||||
}
|
||||
}
|
||||
|
||||
fn process_events(session_handle: TRACEHANDLE) {
|
||||
let mut buffer_size: DWORD = 64 * 1024;
|
||||
let mut buffer = vec![0u8; buffer_size as usize];
|
||||
|
||||
let status = unsafe {
|
||||
ProcessTrace(
|
||||
&mut session_handle,
|
||||
1,
|
||||
NULL,
|
||||
NULL,
|
||||
)
|
||||
};
|
||||
|
||||
if status != ERROR_SUCCESS && status != ERROR_CANCELLED {
|
||||
println!("Failed to process events: {}", status);
|
||||
}
|
||||
}
|
||||
|
||||
fn stop_event_trace_session(session_handle: TRACEHANDLE) {
|
||||
let status = unsafe {
|
||||
ControlTraceW(
|
||||
session_handle,
|
||||
NULL,
|
||||
NULL,
|
||||
EVENT_TRACE_CONTROL_STOP,
|
||||
)
|
||||
};
|
||||
|
||||
if status != ERROR_SUCCESS {
|
||||
println!("Failed to stop event trace session: {}", status);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user