Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DbgHelp Symbols not available - 2nd attach - OpenJDK Windows #811

Open
FrankSpierings opened this issue Jul 22, 2024 · 0 comments
Open

DbgHelp Symbols not available - 2nd attach - OpenJDK Windows #811

FrankSpierings opened this issue Jul 22, 2024 · 0 comments

Comments

@FrankSpierings
Copy link
Contributor

Issue description

I was looking fixing the debugging of Windows based Java applications, using OpenJDK from Microsoft and the debugging symbols, available here; https://learn.microsoft.com/en-gb/java/openjdk/download.

While attempting to fix an issue where several methods won't be found by frida-java-bridge, I noticed that DebugSymbol.findFunctionsMatching("*") would not return anything, when attached to the same Java process a second time.

Issue reproduction

  1. To reproduce, the following sample UI application can be used.

HelloWorldGui.java

import javax.swing.*;

public class HelloWorldGUI {
    public static void main(String[] args) {
        // Create the GUI on the Event Dispatch Thread
        SwingUtilities.invokeLater(() -> createAndShowGUI());
    }

    private static void createAndShowGUI() {
        // Create and set up the window
        JFrame frame = new JFrame("Hello World GUI");
        frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);

        // Create and set up the content pane
        JLabel label = new JLabel("Hello, World!");
        frame.getContentPane().add(label);

        // Display the window
        frame.pack();
        frame.setLocationRelativeTo(null); // Center the window
        frame.setVisible(true);
    }
}
  1. Running it with OpenJDK 17 on Windows (also make sure the debug symbols (pdb's) are placed next to the binaries)
C:\jdk-17.0.11+9\bin\java.exe HelloWorldGUI.java

  1. Attach to the process using Frida, run DebugSymbol.findFunctionsMatching("*"), this should result in a large list of ptr's. If not, the debug symbols are likely missing.

  2. Detach frida

  3. Reattach frida and run DebugSymbol.findFunctionsMatching("*"). BUG HERE The list is now empty.

Additional investigation

  • I've attempted to manually run SymCleanup from Frida, but this doen not appear to help
function GetCurrentProcess() {
  return (new NativeFunction(Module.getExportByName("Kernel32.dll", "GetCurrentProcess"), "pointer", []))();
}

function SymCleanup(process) {
  return (
    new NativeFunction(
      Module.getExportByName("dbghelp.dll", "SymCleanup"), "bool", [
        "pointer",
      ]))(
        process
      );
}

var result = SymCleanup(GetCurrentProcess());
console.log("SymCleanup", result);
FrankSpierings added a commit to FrankSpierings/frida-java that referenced this issue Jul 23, 2024
@FrankSpierings
Feature: Will bridge Windows Java (OpenJDK17)
e24c764 
This change will make the `jvm.js` code be able to bridge Java OpenJDK 17 on Windows. This was tested on Windows 10, using `jdk-17.0.11+9` from https://learn.microsoft.com/en-gb/java/openjdk/download and the separately downloaded and extracted debug symbols.

The code is not pretty, but I've tried to keep as close to the original as possible.

Note the bug that I discovered while performing the tests; frida/frida-gum#811. This means that the target process needs to be restarted after detaching Frida, for the Java bridge (resolving of Symbols) to work.

This code currently does not work with OpenJDK21!

This code requires the 'manual' placement of the debug symbols, otherwise `jvm.ts` will be unable to find the functions it requires.
@FrankSpierings FrankSpierings mentioned this issue Jul 23, 2024
Merged
oleavr pushed a commit to frida/frida-java-bridge that referenced this issue Aug 30, 2024
@FrankSpierings
jvm: Add preliminary support for OpenJDK 17 on Windows (#328)
b0baa48 
This change will make the jvm.js code be able to bridge Java OpenJDK 17
on Windows. This was tested on Windows 10, using jdk-17.0.11+9 from
https://learn.microsoft.com/en-gb/java/openjdk/download and the
separately downloaded and extracted debug symbols.

The code is not pretty, but I've tried to keep it as close to the
original as possible.

Note that I discovered a bug while performing the tests;
frida/frida-gum#811. This means that the
target process needs to be restarted after detaching Frida, for the Java
bridge (resolving of Symbols) to work.

This code currently does not work with OpenJDK21!

This code requires the 'manual' placement of the debug symbols,
otherwise jvm.js will be unable to find the functions it requires.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@FrankSpierings