Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

is breakpoint on emulated realm using android emulator supported? #107

Open
AkaShrug opened this issue Nov 25, 2023 · 2 comments
Open

is breakpoint on emulated realm using android emulator supported? #107

AkaShrug opened this issue Nov 25, 2023 · 2 comments
Labels
bug Something isn't working

Comments

@AkaShrug
Copy link

AkaShrug commented Nov 25, 2023
edited by PinkiePieStyle

Describe the bug
just wondering if emulated realm is supprted since trying to set breakpoint on native module when using emulated realm cause following error
04:42:44 [8236] getting register information: q15 [object ArrayBuffer] payload: {'type': 'error', 'description': 'Error: expected a pointer', 'stack': 'Error: expected a pointer\n at value (frida/runtime/core.js:90:1)\n at Function.getAddressTs (/script1.js:1825:18)\n at Function.dispatchContextInfo (/script1.js:2632:34)\n at Function.breakpoint (/script1.js:3729:25)\n at InvocationContext.<anonymous> (/script1.js:3869:27)\n at InvocationContext.replacement (/script1.js:3619:40)', 'fileName': 'frida/runtime/core.js', 'lineNumber': 90, 'columnNumber': 1}

To Reproduce

  1. change core.py and edit attach line to self.device.attach(pid,realm='emulated') , start app and attach to it
  2. set breakpoint on any address for example Module.findExportByName(null,"il2cpp_string_new_len")

Expected behavior
breakpoint will get hit

Smartphone (please complete the following information):

  • Device: Android Emulator (LDPlayer9) running frida 15.2.2 server

Additional context
logging context show it as empty

{"s31":0,"s30":0,"s29":0,"s28":0,"s27":0,"s26":0,"s25":0,"s24":0,"s23":0,"s22":0,"s21":0,"s20":0,"s19":0,"s18":0,"s17":0,"s16":0,"s15":0,"s14":0,"s13":0,"s12":0,"s11":0,"s10":0,"s9":0,"s8":0,"s7":0,"s6":0,"s5":6.866362475191604e-44,"s4":32,"s3":1.2751816025355835e-43,"s2":1.401298464324817e-44,"s1":6.305843089461677e-44,"s0":3.5032461608120427e-44,"d31":6.429647248127e-312,"d30":6.514527079785e-312,"d29":5.70816867902e-312,"d28":5.665728763187e-312,"d27":5.72938864934e-313,"d26":6.556966995614e-312,"d25":6.514527079785e-312,"d24":6.429647248127e-312,"d23":0.007812501833541319,"d22":0.000030517585287270776,"d21":-8.934080011164733e-18,"d20":-4.007349256953622e-15,"d19":-7.060638972356784e-8,"d18":-7.037310387250952e-8,"d17":-7.056136973583008e-8,"d16":-7.03731088894269e-8,"d15":0,"d14":0,"d13":0,"d12":0,"d11":0,"d10":0,"d9":0,"d8":0,"d7":0,"d6":0,"d5":0,"d4":0,"d3":0,"d2":1.04524870797e-312,"d1":1.93101616983e-312,"d0":9.5489810606e-313,"q15":{},"q14":{},"q13":{},"q12":{},"q11":{},"q10":{},"q9":{},"q8":{},"q7":{},"q6":{},"q5":{},"q4":{},"q3":{},"q2":{},"q1":{},"q0":{},"lr":"0xcdbe0ab0","r12":"0xfcb50dc4","r11":"0xcc97f630","r10":"0x0","r9":"0xf6f1219c","r8":"0xbd05ac00","r7":"0x347a","r6":"0x1","r5":"0xd2eec04c","r4":"0x0","r3":"0x76422","r2":"0xc4bd9000","r1":"0xe","r0":"0xc4c82672","cpsr":1610612752,"sp":"0xcc97f5c8","pc":"0xcdb47aec"}
04:42:41 [8236] getting register information:   s31     0
04:42:41 [8236] getting register information:   s30     0
04:42:41 [8236] getting register information:   s29     0
04:42:41 [8236] getting register information:   s28     0
04:42:41 [8236] getting register information:   s27     0
04:42:41 [8236] getting register information:   s26     0
04:42:41 [8236] getting register information:   s25     0
04:42:41 [8236] getting register information:   s24     0
04:42:41 [8236] getting register information:   s23     0
04:42:42 [8236] getting register information:   s22     0
04:42:42 [8236] getting register information:   s21     0
04:42:42 [8236] getting register information:   s20     0
04:42:42 [8236] getting register information:   s19     0
04:42:42 [8236] getting register information:   s18     0
04:42:42 [8236] getting register information:   s17     0
04:42:42 [8236] getting register information:   s16     0
04:42:42 [8236] getting register information:   s15     0
04:42:42 [8236] getting register information:   s14     0
04:42:42 [8236] getting register information:   s13     0
04:42:42 [8236] getting register information:   s12     0
04:42:42 [8236] getting register information:   s11     0
04:42:42 [8236] getting register information:   s10     0
04:42:42 [8236] getting register information:   s9      0
04:42:42 [8236] getting register information:   s8      0
04:42:42 [8236] getting register information:   s7      0
04:42:42 [8236] getting register information:   s6      0
04:42:42 [8236] getting register information:   s5      6.866362475191604e-44
04:42:42 [8236] getting register information:   s4      32
04:42:43 [8236] getting register information:   s3      1.2751816025355835e-43
04:42:43 [8236] getting register information:   s2      1.401298464324817e-44
04:42:43 [8236] getting register information:   s1      6.305843089461677e-44
04:42:43 [8236] getting register information:   s0      3.5032461608120427e-44
04:42:43 [8236] getting register information:   d31     6.429647248127e-312
04:42:43 [8236] getting register information:   d30     6.514527079785e-312
04:42:43 [8236] getting register information:   d29     5.70816867902e-312
04:42:43 [8236] getting register information:   d28     5.665728763187e-312
04:42:43 [8236] getting register information:   d27     5.72938864934e-313
04:42:43 [8236] getting register information:   d26     6.556966995614e-312
04:42:43 [8236] getting register information:   d25     6.514527079785e-312
04:42:43 [8236] getting register information:   d24     6.429647248127e-312
04:42:43 [8236] getting register information:   d23     0.007812501833541319
04:42:43 [8236] getting register information:   d22     0.000030517585287270776
04:42:43 [8236] getting register information:   d21     -8.934080011164733e-18
04:42:43 [8236] getting register information:   d20     -4.007349256953622e-15
04:42:43 [8236] getting register information:   d19     -7.060638972356784e-8
04:42:43 [8236] getting register information:   d18     -7.037310387250952e-8
04:42:43 [8236] getting register information:   d17     -7.056136973583008e-8
04:42:44 [8236] getting register information:   d16     -7.03731088894269e-8
04:42:44 [8236] getting register information:   d15     0
04:42:44 [8236] getting register information:   d14     0
04:42:44 [8236] getting register information:   d13     0
04:42:44 [8236] getting register information:   d12     0
04:42:44 [8236] getting register information:   d11     0
04:42:44 [8236] getting register information:   d10     0
04:42:44 [8236] getting register information:   d9      0
04:42:44 [8236] getting register information:   d8      0
04:42:44 [8236] getting register information:   d7      0
04:42:44 [8236] getting register information:   d6      0
04:42:44 [8236] getting register information:   d5      0
04:42:44 [8236] getting register information:   d4      0
04:42:44 [8236] getting register information:   d3      0
04:42:44 [8236] getting register information:   d2      1.04524870797e-312
04:42:44 [8236] getting register information:   d1      1.93101616983e-312
04:42:44 [8236] getting register information:   d0      9.5489810606e-313
           0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
00000000  34 01 00 00 33 01 00 00 30 01 00 00 2f 01 00 00  4...3...0.../...
04:42:44 [8236] getting register information:   q15     [object ArrayBuffer]
@PinkiePieStyle PinkiePieStyle added the bug Something isn't working label Feb 12, 2024
@PinkiePieStyle
Copy link
Collaborator

Problem is in core.js here https://github.com/iGio90/Dwarf/blob/master/dwarf_debugger/lib/core.js#L2625
Looking at your logged context q0-q15 values are Objects {} in code above we are expecting string/number without extra checks or error handling.

You can change code in core.js here https://github.com/iGio90/Dwarf/blob/master/dwarf_debugger/lib/core.js#L1821

if(!utils_1.Utils.isNumber(p) && !utils_1.Utils.isString(p)) return [-1, p];
var _ptr = ptr(p);

PinkiePieStyle added a commit to iGio90/DwarfCore that referenced this issue Feb 12, 2024
@PinkiePieStyle
Update DwarfApi.ts
b0cf744 
TempFix: iGio90/Dwarf#107
@AkaShrug
Copy link
Author

i see thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PinkiePieStyle @AkaShrug