Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Function mono_get_root_domain() returns 0x0 if application is started using device.spawn. #4

Open
tijme opened this issue Jan 29, 2020 · 5 comments
Labels
question Further information is requested

Comments

@tijme
Copy link

tijme commented Jan 29, 2020

Hi @freehuntx,

I created a program using frida-inject that spawns a certain Xamarin application and then injects a frida-mono-api based script. Everything works correctly if I use the frida-mono-api based script on a target application that is already running.

However, if the application is not yet running, I start it using Frida's await device.spawn(identifier), but the frida-mono-api based script throws an error.

Error: access violation accessing 0x60
    at node_modules/frida-mono-api/src/mono-api.js:804
    at o (node_modules/browser-pack/_prelude.js:1)
    at /script2.js:54
    at o (node_modules/browser-pack/_prelude.js:1)
    at scripts/intercept_pincode.js:1
    at o (node_modules/browser-pack/_prelude.js:1)
    at r (node_modules/browser-pack/_prelude.js:1)
    at /script2.js:1069

I found out that when I start the application using Frida's device.spawn function the MonoApi.mono_get_root_domain() returns 0x0. I think this is due to the fact that the Xamarin application is not fully initialised yet, but I can't find out how to fix it.

Have you experienced this problem before?

@freehuntx
Copy link
Owner

Hey @tijme
Sadly i have no experience with Xamarin.
Maybe you can catch the error and retry until it works?

@freehuntx freehuntx added the question Further information is requested label May 5, 2020
@tijme
Copy link
Author

tijme commented May 6, 2020

Thanks for the response.

Unfortunately a try catch loop doesn't work. I don't have a lot of time to spend on debugging at the moment. When I have, I'll take a look at it again. Lets park the issue for now.

@freehuntx
Copy link
Owner

This does not work?

let attached = false;
const attachInterval = setInterval(() => {
  const domain = MonoApi.mono_get_root_domain()
  if (domain.equals(0)) return
  
  clearInterval(attachInterval)
  MonoApi.mono_thread_attach(domain)
}, 1000)

@freehuntx
Copy link
Owner

Im currently reworking "frida-mono" and it will contain everything needed to work with mono.
This repo will become obsolete when thats done.
You can follow the current state in this branch: https://github.com/freehuntx/frida-mono/tree/feature/v1

I wont concentrate on fixing things here since im not happy with the codebase.
Keep an eye on frida-mono :)

@xiaozhuai
Copy link

xiaozhuai commented Jun 27, 2023

I had the same issue recently, any progress or any suggestions?
The target application on windows is https://www.cl.cam.ac.uk/research/rainbow/projects/unityeyes/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

3 participants