access violation on x64 after interceptor installed

Question

access violation on x64 after interceptor installed

dkw72n opened this issue 4 years ago · 1 comments

how to reproduce:

input

frida-x64-relocate-bug-repro.js

var user32 = Process.findModuleByName("user32.dll");
var target_symbol = DebugSymbol.fromName("User32!GetDpiAwarenessContextForProcess")
console.log(target_symbol)
var target_function = new NativeFunction(target_symbol.address, 'pointer', [])
console.log("before:", target_function())
Interceptor.attach(target_symbol.address, {})
console.log("after:", target_function())

output

    / _  |   Frida 14.2.2 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://www.frida.re/docs/home/
Attaching...
0x7ffba04b8140 USER32.dll!GetDpiAwarenessContextForProcess
before: 0x0
Error: access violation accessing 0x7ffb9f1dacf0
    at <eval> (/frida-x64-relocate-bug-repro.js:9)

files in used

pdb

https://msdl.microsoft.com/download/symbols/user32.pdb/E6EE68C64900A36105A2193F5EDB3A411/user32.pdb

dll

https://msdl.microsoft.com/download/symbols/user32.dll/D7A13D4F1a0000/user32.dll

frida version

14.2.2

target function disassembly

 0: 48 83 ec 28                 sub    rsp,0x28
 4: 48 ff 15 b5 ab 00 00        rex.W call QWORD PTR [rip+0xabb5]        # 0xabc0
 b: 0f 1f 44 00 00              nop    DWORD PTR [rax+rax*1+0x0]
10: 8b c0                       mov    eax,eax
12: 48 83 c4 28                 add    rsp,0x28
16: c3                          ret

Answer 1 · 2021-01-07T02:03:39.000Z

This should be fixed in #524