findExportByName is cleaning up injected module #177
Description
Hi!
I am loading a js script and then injecting a lib into a program.
...
// Load the script into the target process.
session.create_script(script_source, &mut script_option);
script.load();
println!("[*] Script loaded.");
...
let injected_id = match frida_cmds_handle_error(
local_device_for_inj.inject_library_file_sync(
pid,
&inj_lib_path,
"injected",
Vec::new(),
),
&cmd_res_tx,
false,
) {
Some(id) => id,
None => continue,
};
println!("[*] Injected library: {}", injected_id);
...I want to leave the injected lib loaded at all times to send commands to it.
I want to send commands to it by having a function in my Js script, so I can call the function in the injected lib. Like this:
function callFn(modPath, fnName) {
// Get the address of the function
var fn_addr = Module.findExportByName(modPath, fnName);
// Create the function
var fn = new NativeFunction(ptr(fn_addr), 'void', []);
// Call the function
fn();
}I noticed that every time I do Module.findExportByName or Module.getExportByName the injected lib gets unloaded or cleaned up...
Even when I do it with the frida cli
The way I am testing this is the next:
- Execute the target program.
- Execute the rust program that injects a lib (libinjected.so)
- Once the lib is injected I check that it is still loaded by typing
lsof -p (ps -ax | grep TARGET_PROGRAM | grep -v "grep" | awk '{print $1}') | grep inject - Then I connect with frida cli or call the js function with rust
Module.findExportByName - Check with
lsofyou will see that the lib stop showing up.
Is there anything I am doing wrong? or a better way to do this? I think this is a bug but let me know!