Error for explorer.exe process

Question

Error for explorer.exe process

Sp00p64 opened this issue 3 years ago · 7 comments

Program works for rdp etc but returns an error when hooking explorer process
{'type': 'error', 'description': 'Error: expected a pointer', 'stack': 'Error: expected a pointer\n at value (frida/runtime/core.js:316)\n at <eval> (/script1.js:21)', 'fileName': 'frida/runtime/core.js', 'lineNumber': 316, 'columnNumber': 1}
Tried debugging it for a bit but to no avail.

Answer 1 · 2021-08-26T04:21:23.000Z

Hey! Can you give me your OS version and frida version? Additionally try to reset the desired process because of artifacts from the last hook that may appear.

Answer 2 · 2021-08-26T10:19:29.000Z

Thank you for the swift response !
The machine's OS is 64-bits Windows 10 Professionnal 10.0.19042 N/A build 19042 frida version is : 15.0.18 and the error seems to persist after process reboot and computer reboot.

Answer 3 · 2021-08-29T18:59:26.000Z

This is weird, I couldn't reproduce your error in any way.
Can you try to run as local admin and see if it will work that way ?

Answer 4 · 2021-08-30T13:04:43.000Z

Running as Local admin throws the same error unfortunately.
I'll try running it on another machine of mine, I'll update you on the results

Answer 5 · 2021-09-06T17:38:46.000Z

Hi sorry about the delay, I ran the program again on an updated machine and the error was gone ! But sadly after hooking the explorer process and entering a correct password in the UAC prompt no password was found.
Could it be the fact that i'm running this on 64 bits machines ?

Answer 6 · 2021-09-07T06:17:12.000Z

No, It should work. Did you run the latest version? Also hooking the UAC window works for when you open a program as a different user

Answer 7 · 2021-09-11T17:20:19.000Z

Yes I did run the latest version and it is very strange indeed,I'll provide a video and more details in the near future