frida 错误

Question

frida 错误

shenjackyuanjie opened this issue a year ago · 9 comments

❯ python3.10 pcqq_dump.py
QQ pid is: 44980
Traceback (most recent call last):
  File "V:\githubs\qqdb\pcqq_dump.py", line 178, in <module>
    session = frida.get_local_device().attach(QQ_PID)
  File "D:\APPS\CPython\Python310\lib\site-packages\frida\core.py", line 86, in wrapper
    return f(*args, **kwargs)
  File "D:\APPS\CPython\Python310\lib\site-packages\frida\core.py", line 1010, in attach
    return Session(self._impl.attach(self._pid_of(target), **kwargs))  # type: ignore
frida.PermissionDeniedError: error creating directory C:\Users\SHENJA~1.SHE\AppData\Local\Temp\frida-d0ee0fb3c91dec79c5b4bd5f26cdb016\32: Permission denied

Answer 1 · 2023-11-18T19:06:39.000Z

修改

session = frida.get_local_device().attach(QQ_PID)

为

session = frida.attach(QQ_PID)

可修复问题
怪欸

Answer 2 · 2023-11-18T22:29:40.000Z

啊？我没发现哪里有区别
https://github.com/frida/frida-python/blob/ebd797e4bc248b8d895d68ebf244a34744cb3ea9/frida/__init__.py#L87-L95

def attach(
    target: core.ProcessTarget, realm: Optional[str] = None, persist_timeout: Optional[int] = None
) -> core.Session:
    """
    Attach to a process
    :param target: the PID or name of the process
    """

    return get_local_device().attach(target, realm=realm, persist_timeout=persist_timeout)

并且这行上次更改是 3 years ago，也能排除是不同版本实现有差异
也就是说，这更像是一个偶然问题

Answer 3 · 2023-11-19T03:44:01.000Z

我也不清楚，但是只要没有去掉 get_local_device()
就一定会报错，我感觉是个frida问题？

Answer 4 · 2023-11-19T04:51:35.000Z

报下版本或者把init.py#L87-L95贴出来

Answer 5 · 2023-11-19T07:29:24.000Z

16.1.7
要命.png

Answer 6 · 2023-11-19T07:40:21.000Z

core.py line 1010
return Session(self._impl.attach(self._pid_of(target), **kwargs)) # type: ignore
这一句前加个print(target, kwargs) 分别看看输出

Answer 7 · 2023-11-19T08:24:43.000Z

更神奇的事情出现了


qqdb [ master][!?][ v18.17.1][🐍 ][⏱ 2m10s]
❯ python3.10 pcqq_dump.py
QQ pid is: 61924
61924 {}
hooked.
Traceback (most recent call last):
  File "V:\githubs\qqdb\pcqq_dump.py", line 234, in <module>
    sys.stdin.read()
KeyboardInterrupt

qqdb [ master][!?][ v18.17.1][🐍 ][⏱ 4s]
❯ python3.10 pcqq_dump.py
QQ pid is: 61924
61924 {}
hooked.
[+] key found:
process exited.

第一次运行不带 local device
第二次带
然后他hook 成功了
神奇

Answer 8 · 2023-11-19T09:54:49.000Z

这不就行了

Answer 9 · 2023-11-19T09:56:42.000Z

要不要看看有没有 frida 相关服务进程残留一类的