Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

:il , :dm and :dmm are unable to list anonymous mapping (memfd) #509

Open
enovella opened this issue Jul 26, 2023 · 5 comments
Open

:il , :dm and :dmm are unable to list anonymous mapping (memfd) #509

enovella opened this issue Jul 26, 2023 · 5 comments
Labels
android linux

Comments

@enovella
Copy link
Contributor

Using R2Frida, we try to see where the Frida agent is mapped in memory:

[0x75e660d000]> :dm~+frida-agent
[0x75e660d000]> :dmm~+frida-agent
[0x75e660d000]> :il~+frida-agent
[0x75e660d000]> :dp

22977
[0x75e660d000]>

Frida agent library was mapped anonymously:

cheeseburger:/ # cat /proc/22977/maps|egrep frida
759311f000-7593b17000 r--p 00000000 00:05 216887                         /memfd:frida-agent-64.so (deleted)
7593b18000-7594837000 r-xp 009f8000 00:05 216887                         /memfd:frida-agent-64.so (deleted)
7594837000-7594907000 r--p 01716000 00:05 216887                         /memfd:frida-agent-64.so (deleted)
7594908000-7594924000 rw-p 017e6000 00:05 216887                         /memfd:frida-agent-64.so (deleted)

Back into R2Frida with the offset:

[0x75e660d000]> 0x759311f000
[0x759311f000]> x
- offset -     0 1  2 3  4 5  6 7  8 9  A B  C D  E F  0123456789ABCDEF
0x759311f000  7f45 4c46 0201 0100 0000 0000 0000 0000  .ELF............
0x759311f010  0300 b700 0100 0000 0000 0000 0000 0000  ................
0x759311f020  4000 0000 0000 0000 981b 8001 0000 0000  @...............
0x759311f030  0000 0000 4000 3800 0a00 4000 1900 1800  [email protected]...@.....
0x759311f040  0600 0000 0400 0000 4000 0000 0000 0000  ........@.......
0x759311f050  4000 0000 0000 0000 4000 0000 0000 0000  @.......@.......
0x759311f060  3002 0000 0000 0000 3002 0000 0000 0000  0.......0.......
0x759311f070  0800 0000 0000 0000 0100 0000 0400 0000  ................
0x759311f080  0000 0000 0000 0000 0000 0000 0000 0000  ................
0x759311f090  0000 0000 0000 0000 cc7c 9f00 0000 0000  .........|......
0x759311f0a0  cc7c 9f00 0000 0000 0010 0000 0000 0000  .|..............
0x759311f0b0  0100 0000 0500 0000 0080 9f00 0000 0000  ................
0x759311f0c0  0090 9f00 0000 0000 0090 9f00 0000 0000  ................
0x759311f0d0  a0eb d100 0000 0000 a0eb d100 0000 0000  ................
0x759311f0e0  0010 0000 0000 0000 0100 0000 0600 0000  ................
0x759311f0f0  a06b 7101 0000 0000 a08b 7101 0000 0000  .kq.......q.....
[0x759311f000]> :iE
ERROR: error: unable to find module containing 0x759311f000
[0x759311f000]> :iSS
ERROR: error: cannot read property 'and' of undefined
[0x759311f000]>
@trufae
Copy link
Member

trufae commented Nov 27, 2023

can you try again? i think its fixed now

@enovella
Copy link
Contributor Author

enovella commented Dec 2, 2023

It is not working yet on my setup.

@trufae
Copy link
Member

trufae commented Dec 3, 2023

Can u share a frida oneliner to list it?

@trufae
Copy link
Member

trufae commented Dec 3, 2023

Because i cant find a way to get this from frida. Therefor its a bug in frida

@trufae
Copy link
Member

trufae commented Feb 7, 2024

@oleavr can you expose the apis to access this info from Frida again? because this was already available before

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
android linux
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trufae @enovella