Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Function mono_get_root_domain() returns 0x0 if application is started using device.spawn. #4

Open
tijme opened this issue Jan 29, 2020 · 5 comments
Open

Function mono_get_root_domain() returns 0x0 if application is started using device.spawn. #4

tijme opened this issue Jan 29, 2020 · 5 comments
Labels
question Further information is requested

Comments

@tijme
Copy link

tijme commented Jan 29, 2020

Hi @freehuntx,

I created a program using frida-inject that spawns a certain Xamarin application and then injects a frida-mono-api based script. Everything works correctly if I use the frida-mono-api based script on a target application that is already running.

However, if the application is not yet running, I start it using Frida's await device.spawn(identifier), but the frida-mono-api based script throws an error.

Error: access violation accessing 0x60
    at node_modules/frida-mono-api/src/mono-api.js:804
    at o (node_modules/browser-pack/_prelude.js:1)
    at /script2.js:54
    at o (node_modules/browser-pack/_prelude.js:1)
    at scripts/intercept_pincode.js:1
    at o (node_modules/browser-pack/_prelude.js:1)
    at r (node_modules/browser-pack/_prelude.js:1)
    at /script2.js:1069

I found out that when I start the application using Frida's device.spawn function the MonoApi.mono_get_root_domain() returns 0x0. I think this is due to the fact that the Xamarin application is not fully initialised yet, but I can't find out how to fix it.

Have you experienced this problem before?
@freehuntx
Copy link
Owner

Hey @tijme
Sadly i have no experience with Xamarin.
Maybe you can catch the error and retry until it works?

@freehuntx freehuntx added the question Further information is requested label May 5, 2020
@tijme
Copy link
Author

tijme commented May 6, 2020

Thanks for the response.

Unfortunately a try catch loop doesn't work. I don't have a lot of time to spend on debugging at the moment. When I have, I'll take a look at it again. Lets park the issue for now.

@freehuntx
Copy link
Owner

This does not work?

let attached = false;
const attachInterval = setInterval(() => {
  const domain = MonoApi.mono_get_root_domain()
  if (domain.equals(0)) return
  
  clearInterval(attachInterval)
  MonoApi.mono_thread_attach(domain)
}, 1000)

@freehuntx
Copy link
Owner

Im currently reworking "frida-mono" and it will contain everything needed to work with mono.
This repo will become obsolete when thats done.
You can follow the current state in this branch: https://github.com/freehuntx/frida-mono/tree/feature/v1

I wont concentrate on fixing things here since im not happy with the codebase.
Keep an eye on frida-mono :)

@xiaozhuai
Copy link

xiaozhuai commented Jun 27, 2023
edited
Loading

I had the same issue recently, any progress or any suggestions?
The target application on windows is https://www.cl.cam.ac.uk/research/rainbow/projects/unityeyes/

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xiaozhuai @tijme @freehuntx