frida-gum
frida-gum copied to clipboard
interceptor "STATUS_STACK_BUFFER_OVERRUN"
chrome version: 90.0.4430.93 or last version
inject code:
/* chrome ver: 90.0.4430.93 */
function chromium_symbol(chromium_core) {
let base = new NativePointer(chromium_core.base);
return {
"net::URLRequestContext": {
"URLRequestContext::CreateRequest": base.add(0x1AE600),
}
}
}
var symbol = chromium_symbol( Process.getModuleByName("chrome.dll") );
function trace_chromium_URLRequest() {
Interceptor.attach( symbol["net::URLRequestContext"]["URLRequestContext::CreateRequest"] , {
onEnter(args) {
},
onLeave(retval) {
}
});
}
trace_chromium_URLRequest();
EXCEPTION_DEBUG_INFO:
dwFirstChance: 0
ExceptionCode: C0000409 (STATUS_STACK_BUFFER_OVERRUN)
ExceptionFlags: 00000001
ExceptionAddress: 00007FFAE478E666 chrome.00007FFAE478E666
NumberParameters: 1
ExceptionInformation[00]: 0000000000000039
i have also tried to use "frida-gum" library, which will cause the same problem.
win10 support "CET-enforced CFI/shadow stacks", this will cause the x86_64 interceptor scheme to trigger "STATUS_STACK_BUFFER_OVERRUN"
temporary solution:
powershell: Set-ProcessMitigation -Name chrome.exe -Disable UserShadowStack