Make the injector work on windows - dll proxying still behaving weird

Cargo.lock

@@ -226,6 +226,7 @@ dependencies = [
  "frida",
  "goblin",
  "lazy_static",
+ "winapi",
 ]
 
 [[package]]

Cargo.toml

@@ -12,15 +12,12 @@ path = "src/main.rs"
 
 [dependencies]
 # frida = { version = "0.4.0", features = ["auto-download"] }
-# frida-sys = { version = "0.4.0", features = ["auto-download", "frida-build"] }
 frida = { git = "https://github.com/dzervas/frida-rust", features = ["auto-download"] }
-# frida-sys = { git = "https://github.com/frida/frida-rust", features = ["auto-download"] }
 lazy_static = "1.4.0"
 ctor = "0.2.0"
 
-# [target.'cfg(unix)'.build-dependencies]
+[target.'cfg(windows)'.dependencies]
+winapi = { version = "0.3.9", features = ["winnt"] }
 
-# [target.'cfg(windows)'.build-dependencies]
-# pelite = "0.10.0"
 [build-dependencies]
 goblin = "0.6.1"

build.rs

@@ -2,20 +2,10 @@ use std::env;
 
 fn main() {
 	println!("cargo:rerun-if-env-changed=FRIDA_CODE");
-	println!("cargo:rerun-if-env-changed=FRIDA_CODE_FILE");
 	println!("cargo:rerun-if-env-changed=DLL_PROXY");
 
-	if let Ok(code_file) = env::var("FRIDA_CODE_FILE") {
-		env::set_var("FRIDA_CODE", &std::fs::read_to_string(&code_file).unwrap());
-		println!("cargo:warning=Using code from file: {}", &code_file);
-	} else if env::var("FRIDA_CODE").is_ok() {
-		println!("cargo:warning=Using code from environment variable: FRIDA_CODE");
-	} else {
-		println!("Please set FRIDA_CODE or FRIDA_CODE_FILE environment variable");
-		std::process::exit(1);
-	}
-
 	if let Ok(lib_path) = env::var("DLL_PROXY") {
+		println!("cargo:rerun-if-changed={}", &lib_path);
 		use goblin::Object::{self, PE};
 
 		let path = std::path::Path::new(&lib_path);
@@ -38,9 +28,9 @@ fn main() {
 		};
 
 		for e in exports.iter() {
-			println!("cargo:warning=Exported function: {}", e);
+			// println!("cargo:warning=Exported function: {} => {}-orig.{}", e, lib_name, e);
-			// println!("cargo:rustc-link-lib=dylib={}-orig", lib_name);
 			println!("cargo:rustc-link-arg=/export:{}={}-orig.{}", e, lib_name, e);
+			// println!("cargo:rustc-link-lib=dylib={}-orig", lib_name);
 		}
 		println!("cargo:warning=Expected library name: {}-orig.dll", lib_name);
 	}

src/injector.rs

@@ -5,51 +5,55 @@ lazy_static! {
 	static ref FRIDA: Frida = unsafe { Frida::obtain() };
 }
 
-const FRIDA_CODE: &str = env!("FRIDA_CODE", "Please set FRIDA_CODE environment variable");
-
 #[no_mangle]
-pub fn inject(pid: u32) {
+pub fn attach(pid: u32) {
-	let device_manager = DeviceManager::obtain(&FRIDA);
+	let frida_code = env!("FRIDA_CODE").to_string();
+	println!("[*] Injecting into PID: {}", pid);
 
-	if let Some(device) = device_manager.enumerate_all_devices().first() {
+	std::thread::spawn(move || {
-		println!("[*] First device: {}", device.get_name());
+		let device_manager = DeviceManager::obtain(&FRIDA);
+		println!("[*] Device Manager obtained");
 
-		let session = device.attach(pid).unwrap();
+		if let Some(device) = device_manager.enumerate_all_devices().first() {
+			println!("[*] First device: {}", device.get_name());
 
-		if !session.is_detached() {
+			let session = device.attach(pid).unwrap();
-			println!("[*] Attached");
 
-			let mut script_option = ScriptOption::new()
+			if !session.is_detached() {
-				// .set_name("frida-deepfreeze-rs")
+				println!("[*] Attached");
-				.set_runtime(ScriptRuntime::QJS);
-			let script = session
-				.create_script(FRIDA_CODE, &mut script_option)
-				.unwrap();
 
-			script.handle_message(&mut Handler).unwrap();
+				let mut script_option = ScriptOption::new()
+					.set_name("frida-deepfreeze-rs")
+					.set_runtime(ScriptRuntime::QJS);
+				println!("[*] Script {}", frida_code);
+				let script = session
+					.create_script(&frida_code, &mut script_option)
+					.unwrap();
 
-			script.load().unwrap();
+				script.handle_message(&mut Handler).unwrap();
-			println!("[*] Script loaded");
 
-			script.unload().unwrap();
+				script.load().unwrap();
-			println!("[*] Script unloaded");
+				println!("[*] Script loaded");
-
+			}
-			session.detach().unwrap();
+		} else {
-			println!("[*] Session detached");
+			println!("[!] No device found!");
-		}
+		};
-	};
+	});
 }
 
 #[no_mangle]
-pub fn inject_self() {
+pub fn attach_self() {
-	println!("[*] Attaching to self (pid 0)");
+	println!("[*] Attaching to self");
-	inject(0);
+	// #[cfg(windows)]
+	// attach(std::process::id());
+	// #[cfg(unix)]
+	attach(0);
 }
 
 struct Handler;
 
 impl ScriptHandler for Handler {
 	fn on_message(&mut self, message: &str) {
-		println!("[<] {message}");
+		eprintln!("[<] {message}");
 	}
 }

src/lib.rs

@@ -1,11 +1,38 @@
 pub mod injector;
 
-pub use injector::{inject, inject_self};
+pub use injector::{attach, attach_self};
 
+#[cfg(unix)]
 use ctor::ctor;
 
+#[cfg(unix)]
 #[ctor]
 fn _start() {
-	println!("[+] frida-deepfreeze-rs SO injected");
+	println!("[+] frida-deepfreeze-rs library injected");
-	inject_self();
+	attach_self();
+}
+
+// For some reason ctor doesn't work on Windows - it hangs the process
+// during DeviceManager::obtain. DllMain works fine though.
+#[cfg(windows)]
+use std::ffi::c_void;
+
+#[cfg(windows)]
+use winapi::um::winnt::DLL_PROCESS_ATTACH;
+
+#[cfg(windows)]
+#[no_mangle]
+#[allow(non_snake_case, unused_variables)]
+extern "system" fn DllMain(dll_module: *mut c_void, call_reason: u32, _: *mut ()) -> bool {
+	match call_reason {
+		DLL_PROCESS_ATTACH => {
+			println!("[+] frida-deepfreeze-rs DLL injected");
+			attach_self();
+
+		}
+		// Maybe we should detach? Is it useful?
+		_ => ()
+	}
+
+	true
 }

src/main.rs

@@ -1,5 +1,5 @@
 pub mod injector;
-pub use injector::inject;
+pub use injector::attach;
 
 fn main() {
 	let args: Vec<String> = std::env::args().collect();
@@ -10,5 +10,5 @@ fn main() {
 	}
 
 	let pid: u32 = args[1].parse().unwrap();
-	inject(pid);
+	attach(pid);
 }