gxpc
gxpc copied to clipboard
ReverseApple
Add Spawn Gating
References #23, however crashes
⚡ Using device iPad (8802dab560c608734ce59b2305ae5f857e89109e)
⚡ Enable spawn gating
panic: reflect.Value.Convert: value of type string cannot be converted to type *frida.Spawn
goroutine 17 [running, locked to thread]:
reflect.Value.Convert({0x1054b0980?, 0x1400011c3c0?, 0x1054b0dc0?}, {0x1054ef4a8, 0x1054c12e0})
/opt/homebrew/opt/go/libexec/src/reflect/value.go:3084 +0x104
github.com/frida/frida-go/frida.goMarshalCls(0x14000076e38?, 0x100fc1cc0?, 0x2, 0x16eed2070, 0x14000076e01?, 0x100fc1ba0?)
/Users/bluk/go/pkg/mod/github.com/frida/[email protected]/frida/closure.go:79 +0x240
exit status 2
Crash likely happens here:
lock := sync.Mutex{}
lock.Lock()
dev.On("spawn_added", func(spawn *frida.Spawn) {
logger.Infof("%d", spawn.PID())
if spawn.Identifier() == spawnGate {
procPid = spawn.PID()
lock.Unlock()
} else {
logger.Infof("Ignore Spawn(pid=%d, identifier=%s)", spawn.PID(), spawn.Identifier())
}
spawn.Clean()
})
lock.Lock()
According to https://gist.github.com/pellaeon/3925b0fd2d8939e12b38325d16c0003b, spawn_added looks like a typo, but spawn-added gives me the same error.
This is the callstack(with regards to the panic) so far, if it help @NSEcho
runtime.fatalpanic (/opt/homebrew/opt/go/libexec/src/runtime/panic.go:1301)
runtime.gopanic (/opt/homebrew/opt/go/libexec/src/runtime/panic.go:811)
reflect.Value.Convert (/opt/homebrew/opt/go/libexec/src/reflect/value.go:3084)
frida.goMarshalCls (/Users/bluk/go/pkg/mod/github.com/frida/[email protected]/frida/closure.go:79)
_cgoexp_64ef128f6632_goMarshalCls (_cgo_gotypes.go:4127)
runtime.cgocallbackg1 (/opt/homebrew/opt/go/libexec/src/runtime/cgocall.go:444)
runtime.cgocallbackg (/opt/homebrew/opt/go/libexec/src/runtime/cgocall.go:350)
runtime.cgocallbackg (Unknown Source:1)
runtime.cgocallback (/opt/homebrew/opt/go/libexec/src/runtime/asm_arm64.s:1131)
crosscall2 (/opt/homebrew/opt/go/libexec/src/runtime/cgo/asm_arm64.s:43)
C.goMarshalCls (_cgo_export.c:66)
C.g_closure_invoke (gclosure.c:836)
C.signal_emit_unlocked_R (gsignal.c:3873)
C.g_signal_emit_valist (gsignal.c:3553)
C.g_signal_emit (gsignal.c:3610)
frida_device_on_spawn_added (frida.vala:0)
C._frida_device_on_spawn_added_frida_host_session_spawn_added (frida.vala:1364)
C.g_closure_invoke (gclosure.c:836)
C.signal_emit_unlocked_R (gsignal.c:3802)
C.g_signal_emit_valist (gsignal.c:3553)
C.g_signal_emit_by_name (gsignal.c:3652)
frida_fruity_host_session_on_remote_spawn_added (fruity-host-session.vala:1192)
C._frida_fruity_host_session_on_remote_spawn_added_frida_host_session_spawn_added (fruity-host-session.vala:1157)
C.g_closure_invoke (gclosure.c:836)
C.signal_emit_unlocked_R (gsignal.c:3802)
C.g_signal_emit_valist (gsignal.c:3553)
C.g_signal_emit_by_name (gsignal.c:3652)
C.frida_host_session_proxy_g_signal (/Users/runner/work/frida/frida/build/session.c:0)
C.g_closure_invoke (gclosure.c:836)
C.signal_emit_unlocked_R (gsignal.c:3841)
C.g_signal_emit_valist (gsignal.c:3553)
C.g_signal_emit (gsignal.c:3610)
C.on_signal_received (gdbusproxy.c:897)
C.emit_signal_instance_in_idle_cb (gdbusconnection.c:3792)
g_main_dispatch (gmain.c:3557)
C.g_main_context_dispatch (gmain.c:4281)
C.g_main_context_iterate (gmain.c:4357)
C.g_main_loop_run (gmain.c:4557)
C.run_main_loop (frida-glue.c:159)
C.g_thread_proxy (gthread.c:1055)
??? (?:-1)
??? (?:-1)
??? (.:0)
Debugging a little, the problem is likely here:
The function should better raise a panic ^^
