From f87a669aa3535d6228c92913b48c52b9b1ebc06a Mon Sep 17 00:00:00 2001 From: Vincent Andrae Date: Tue, 11 Feb 2025 07:38:41 +0100 Subject: [PATCH] Add conditional compiler flag for Frida 16.6+ compatibility --- frida_mode/GNUmakefile | 9 +++++++++ frida_mode/src/asan/asan.c | 25 +++++++++++++++++++++++++ frida_mode/src/lib/lib.c | 17 +++++++++++++++++ frida_mode/src/lib/lib_apple.c | 18 ++++++++++++++++++ frida_mode/src/prefetch.c | 6 +++++- frida_mode/src/ranges.c | 21 +++++++++++++++++++++ 6 files changed, 95 insertions(+), 1 deletion(-) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index d4f437ad..df474c6d 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -169,6 +169,15 @@ GUM_DEVKIT_VERSION=16.6.5 GUM_DEVKIT_FILENAME=frida-gumjs-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)" +IS_GUM_16_6_PLUS := $(shell VERSION="$(GUM_DEVKIT_VERSION)"; \ + MAJOR=$${VERSION%%.*}; \ + MINOR=$${VERSION#*.}; MINOR=$${MINOR%%.*}; \ + if [ $$MAJOR -gt 16 ] || { [ $$MAJOR -eq 16 ] && [ $$MINOR -ge 6 ]; }; then \ + echo 1; \ + fi) + +CFLAGS += $(if $(IS_GUM_16_6_PLUS),-DGUM_16_6_PLUS) + GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME) ifdef FRIDA_SOURCE GUM_DEVIT_LIBRARY=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gumjs-1.0.a diff --git a/frida_mode/src/asan/asan.c b/frida_mode/src/asan/asan.c index 20d2b4f2..66ff7eac 100644 --- a/frida_mode/src/asan/asan.c +++ b/frida_mode/src/asan/asan.c @@ -27,6 +27,7 @@ void asan_init(void) { } +#ifdef GUM_16_6_PLUS static gboolean asan_exclude_module(GumModule *module, gpointer user_data) { @@ -48,6 +49,30 @@ static gboolean asan_exclude_module(GumModule *module, return FALSE; } +#else +static gboolean asan_exclude_module(const GumModuleDetails *details, + gpointer user_data) { + + gchar *symbol_name = (gchar *)user_data; + GumAddress address; + + address = gum_module_find_export_by_name(details->name, symbol_name); + if (address == 0) { return TRUE; } + + /* If the reported address of the symbol is outside of the range of the module + * then ignore it */ + if (address < details->range->base_address) { return TRUE; } + if (address > (details->range->base_address + details->range->size)) { + + return TRUE; + + } + + ranges_add_exclude((GumMemoryRange *)details->range); + return FALSE; + +} +#endif void asan_exclude_module_by_symbol(gchar *symbol_name) { diff --git a/frida_mode/src/lib/lib.c b/frida_mode/src/lib/lib.c index 34a3af6a..f774333d 100644 --- a/frida_mode/src/lib/lib.c +++ b/frida_mode/src/lib/lib.c @@ -39,6 +39,7 @@ typedef struct { static guint64 text_base = 0; static guint64 text_limit = 0; +#ifdef GUM_16_6_PLUS static gboolean lib_find_exe(GumModule *module, gpointer user_data) { @@ -56,6 +57,22 @@ static gboolean lib_find_exe(GumModule *module, return FALSE; } +#else +static gboolean lib_find_exe(const GumModuleDetails *details, + gpointer user_data) { + + lib_details_t *lib_details = (lib_details_t *)user_data; + + strncpy(lib_details->name, details->name, PATH_MAX); + strncpy(lib_details->path, details->path, PATH_MAX); + lib_details->name[PATH_MAX] = '\0'; + lib_details->path[PATH_MAX] = '\0'; + lib_details->base_address = details->range->base_address; + lib_details->size = details->range->size; + return FALSE; + +} +#endif static void lib_validate_hdr(Elf_Ehdr *hdr) { diff --git a/frida_mode/src/lib/lib_apple.c b/frida_mode/src/lib/lib_apple.c index 90db7b48..5046c34f 100644 --- a/frida_mode/src/lib/lib_apple.c +++ b/frida_mode/src/lib/lib_apple.c @@ -12,6 +12,7 @@ extern void gum_darwin_enumerate_modules(mach_port_t task, static guint64 text_base = 0; static guint64 text_limit = 0; +#ifdef GUM_16_6_PLUS static gboolean lib_get_main_module(GumModule *module, gpointer user_data) { @@ -29,6 +30,23 @@ static gboolean lib_get_main_module(GumModule *module, return FALSE; } +#else +static gboolean lib_get_main_module(const GumModuleDetails *details, + gpointer user_data) { + + GumDarwinModule **ret = (GumDarwinModule **)user_data; + GumDarwinModule *module = gum_darwin_module_new_from_memory( + details->path, mach_task_self(), details->range->base_address, + GUM_DARWIN_MODULE_FLAGS_NONE, NULL); + + FVERBOSE("Found main module: %s", module->name); + + *ret = module; + + return FALSE; + +} +#endif gboolean lib_get_text_section(const GumDarwinSectionDetails *details, gpointer user_data) { diff --git a/frida_mode/src/prefetch.c b/frida_mode/src/prefetch.c index dfe2529c..74291859 100644 --- a/frida_mode/src/prefetch.c +++ b/frida_mode/src/prefetch.c @@ -262,9 +262,13 @@ static int prefetch_on_fork(void) { } static void prefetch_hook_fork(void) { - +#ifdef GUM_16_6_PLUS void *fork_addr = GSIZE_TO_POINTER(gum_module_find_global_export_by_name("fork")); +#else + void *fork_addr = + GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); +#endif intercept_hook(fork_addr, prefetch_on_fork, NULL); } diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index cb0abf97..8f335c7e 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -116,6 +116,7 @@ static void convert_address_token(gchar *token, GumMemoryRange *range) { } +#ifdef GUM_16_6_PLUS static gboolean convert_name_token_for_module(GumModule *module, gpointer user_data) { @@ -136,6 +137,26 @@ static gboolean convert_name_token_for_module(GumModule *module, return false; } +#else +static gboolean convert_name_token_for_module(const GumModuleDetails *details, + gpointer user_data) { + + convert_name_ctx_t *ctx = (convert_name_ctx_t *)user_data; + if (details->path == NULL) { return true; }; + + if (!g_str_has_suffix(details->path, ctx->suffix)) { return true; }; + + FVERBOSE("Found module - prefix: %s, 0x%016" G_GINT64_MODIFIER + "x-0x%016" G_GINT64_MODIFIER "x %s", + ctx->suffix, details->range->base_address, + details->range->base_address + details->range->size, details->path); + + *ctx->range = *details->range; + ctx->done = true; + return false; + +} +#endif static void convert_name_token(gchar *token, GumMemoryRange *range) {