gumjs: Only complete load() after leaving runtime

Once load() completes, it should be safe to assume that Interceptor has activated any hooks installed by the script. Our existing tests make this assumption as well.
frida · Jan 19, 2024 · 252d07c · 252d07c
1 parent de12bbd
commit 252d07c
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 8 deletions.
diff --git a/bindings/gumjs/gumquickscript.c b/bindings/gumjs/gumquickscript.c
@@ -208,6 +208,7 @@ static void gum_quick_script_execute_entrypoints (GumQuickScript * self,
 static JSValue gum_quick_script_on_entrypoints_executed (JSContext * ctx,
     JSValueConst this_val, int argc, JSValueConst * argv, int magic,
     JSValue * func_data);
+static gboolean gum_quick_script_complete_load_task (GumScriptTask * task);
 static void gum_quick_script_unload (GumScript * script,
     GCancellable * cancellable, GAsyncReadyCallback callback,
     gpointer user_data);
@@ -663,6 +664,7 @@ gum_quick_script_execute_entrypoints (GumQuickScript * self,
   JSContext * ctx = self->ctx;
   GArray * entrypoints;
   guint i;
+  gboolean done;
 
   _gum_quick_scope_enter (&scope, &self->core);
 
@@ -720,6 +722,8 @@ gum_quick_script_execute_entrypoints (GumQuickScript * self,
     JS_FreeValue (ctx, promise_class);
     JS_FreeValue (ctx, global_obj);
     JS_FreeValue (ctx, pending);
+
+    done = FALSE;
   }
   else
   {
@@ -734,14 +738,19 @@ gum_quick_script_execute_entrypoints (GumQuickScript * self,
       JS_FreeValue (ctx, result);
     }
 
-    self->state = GUM_SCRIPT_STATE_LOADED;
-
-    gum_script_task_return_pointer (task, NULL, NULL);
+    done = TRUE;
   }
 
   g_array_set_size (entrypoints, 0);
 
   _gum_quick_scope_leave (&scope);
+
+  if (done)
+  {
+    self->state = GUM_SCRIPT_STATE_LOADED;
+
+    gum_script_task_return_pointer (task, NULL, NULL);
+  }
 }
 
 static JSValue
@@ -758,6 +767,7 @@ gum_quick_script_on_entrypoints_executed (JSContext * ctx,
   GumQuickScript * self;
   GumQuickCore * core;
   guint n, i;
+  GSource * source;
 
   task = JS_GetAnyOpaque (func_data[0], &class_id);
   self = GUM_QUICK_SCRIPT (
@@ -780,14 +790,43 @@ gum_quick_script_on_entrypoints_executed (JSContext * ctx,
     JS_FreeValue (ctx, result);
   }
 
+  source = g_idle_source_new ();
+  g_source_set_callback (source,
+      (GSourceFunc) gum_quick_script_complete_load_task,
+      task, g_object_unref);
+  g_source_attach (source,
+      gum_script_scheduler_get_js_context (core->scheduler));
+  g_source_unref (source);
+
+  _gum_quick_core_pin (core);
+
+  g_object_unref (self);
+
+  return JS_UNDEFINED;
+}
+
+static gboolean
+gum_quick_script_complete_load_task (GumScriptTask * task)
+{
+  GumQuickScript * self;
+  GumQuickCore * core;
+  GumQuickScope scope;
+
+  self = GUM_QUICK_SCRIPT (
+      g_async_result_get_source_object (G_ASYNC_RESULT (task)));
+  core = &self->core;
+
+  _gum_quick_scope_enter (&scope, core);
+  _gum_quick_core_unpin (core);
+  _gum_quick_scope_leave (&scope);
+
   self->state = GUM_SCRIPT_STATE_LOADED;
 
   gum_script_task_return_pointer (task, NULL, NULL);
 
   g_object_unref (self);
-  g_object_unref (task);
 
-  return JS_UNDEFINED;
+  return G_SOURCE_REMOVE;
 }
 
 static void

diff --git a/bindings/gumjs/gumv8script.cpp b/bindings/gumjs/gumv8script.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2022 Ole André Vadla Ravnås <[email protected]>
+ * Copyright (C) 2010-2024 Ole André Vadla Ravnås <[email protected]>
  * Copyright (C) 2013 Karl Trygve Kalleberg <[email protected]>
  *
  * Licence: wxWindows Library Licence, Version 3.1
@@ -151,6 +151,7 @@ static void gum_v8_script_execute_entrypoints (GumV8Script * self,
     GumScriptTask * task);
 static void gum_v8_script_on_entrypoints_executed (
     const FunctionCallbackInfo<Value> & info);
+static gboolean gum_v8_script_complete_load_task (GumScriptTask * task);
 static void gum_v8_script_unload (GumScript * script,
     GCancellable * cancellable, GAsyncReadyCallback callback,
     gpointer user_data);
@@ -1287,6 +1288,7 @@ gum_v8_script_on_entrypoints_executed (const FunctionCallbackInfo<Value> & info)
   auto task = (GumScriptTask *) info.Data ().As<External> ()->Value ();
   auto self = (GumV8Script *)
       g_async_result_get_source_object (G_ASYNC_RESULT (task));
+  auto core = &self->core;
   auto isolate = info.GetIsolate ();
   auto context = isolate->GetCurrentContext ();
 
@@ -1298,15 +1300,40 @@ gum_v8_script_on_entrypoints_executed (const FunctionCallbackInfo<Value> & info)
     auto value = values->Get (context, i).ToLocalChecked ().As<Object> ();
     auto reason = value->Get (context, reason_str).ToLocalChecked ();
     if (!reason->IsUndefined ())
-      _gum_v8_core_on_unhandled_exception (&self->core, reason);
+      _gum_v8_core_on_unhandled_exception (core, reason);
+  }
+
+  auto source = g_idle_source_new ();
+  g_source_set_callback (source, (GSourceFunc) gum_v8_script_complete_load_task,
+      task, g_object_unref);
+  g_source_attach (source,
+      gum_script_scheduler_get_js_context (core->scheduler));
+  g_source_unref (source);
+
+  _gum_v8_core_pin (core);
+
+  g_object_unref (self);
+}
+
+static gboolean
+gum_v8_script_complete_load_task (GumScriptTask * task)
+{
+  auto self = GUM_V8_SCRIPT (
+      g_async_result_get_source_object (G_ASYNC_RESULT (task)));
+
+  {
+    ScriptScope scope (self);
+
+    _gum_v8_core_unpin (&self->core);
   }
 
   self->state = GUM_SCRIPT_STATE_LOADED;
 
   gum_script_task_return_pointer (task, NULL, NULL);
 
   g_object_unref (self);
-  g_object_unref (task);
+
+  return G_SOURCE_REMOVE;
 }
 
 static void