frida-go icon indicating copy to clipboard operation
frida-go copied to clipboard
verified publisher icon frida

How to implement the dynamic library frida-gadget-16.0.19-linux-x86.so.xz provided by Frida using Golang?

Open 806854015 opened this issue 2 years ago • 3 comments

I have a requirement to write a dynamic library using Go, and if I compile it into a libtool.so library, I can load it using LD_PRELOAD=/root/libtool.so ./dome. Currently, frida-gadget-16.0.19-linux-x86.so.xz provided by the official Frida can intercept functions specified in dome using this method. If I want to implement such a library using Go, what should I do to achieve the same principle as the .so library of frida-gadget-16.0.19-linux-x86.so.xz?

806854015 avatar May 06 '23 06:05 806854015

Hi, you could probably do something like this.

main.go

package main

/*
extern void intercept(void);

__attribute__((constructor))
static void ctor(int argc, char **argv) {
	intercept();
}
*/
import "C"

import (
	"fmt"

	"github.com/frida/frida-go/frida"
)

//export intercept
func intercept() {
	fmt.Printf("frida version is %s\n", frida.Version())
}

func main() {
}

file.c

#include <stdio.h>

int main(void) {
    printf("hello there\n");
    return 0;
}

Compiling

$ go build -o libinterceptor.dylib -buildmode=c-shared main.go
$ gcc file.c -o file

Usage

Since I am on MacOS, I use DYLD_INSERT_LIBRARIES which is equivalent for LD_PRELOAD.

$ DYLD_INSERT_LIBRARIES=./libinterceptor.dylib ./file
Screenshot 2023-05-06 at 13 27 44

NSEcho avatar May 06 '23 11:05 NSEcho

Hi, you could probably do something like this.

main.go

package main

/*
extern void intercept(void);

__attribute__((constructor))
static void ctor(int argc, char **argv) {
	intercept();
}
*/
import "C"

import (
	"fmt"

	"github.com/frida/frida-go/frida"
)

//export intercept
func intercept() {
	fmt.Printf("frida version is %s\n", frida.Version())
}

func main() {
}

file.c

#include <stdio.h>

int main(void) {
    printf("hello there\n");
    return 0;
}

Compiling

$ go build -o libinterceptor.dylib -buildmode=c-shared main.go
$ gcc file.c -o file

Usage

Since I am on MacOS, I use DYLD_INSERT_LIBRARIES which is equivalent for LD_PRELOAD.

$ DYLD_INSERT_LIBRARIES=./libinterceptor.dylib ./file
Screenshot 2023-05-06 at 13 27 44

Installation provided by the example above. So after the dynamic library, if I want to use javascript as a script logic, do I need to use the same in go, monitor the following example PID?

package main

/* extern void intercept(void);

attribute((constructor)) static void ctor(int argc, char **argv) { intercept(); } */ import "C"

import ( "fmt"

"github.com/frida/frida-go/frida"

)

var script = Interceptor.attach(Module.getExportByName(null, 'open'), { onEnter(args) { const what = args[0].readUtf8String(); console.log("[*] open(" + what + ")"); } }); Interceptor.attach(Module.getExportByName(null, 'close'), { onEnter(args) { console.log("close called"); } });

//export intercept func intercept() { mgr := frida.NewDeviceManager() localDev, err := mgr.LocalDevice() if err != nil { return } session, err := localDev.Attach(os.Getpid(), nil) if err != nil { return } ScriptConnection, err := session.CreateScript(script) if err != nil { return }

}

func main() { }

806854015 avatar May 08 '23 01:05 806854015 

buildmode=c-shared

If I put frida encapsulated into a dynamic library, through localDev. Attach (OS) Getpid (), nil) monitoring pid will appear this mistake:FError: Unable to access process with pid 2928 due to system restrictions; try sudo sysctl kernel.yama.ptrace_scope=0, or run Frida as root

806854015 avatar May 08 '23 03:05 806854015