GithubHelp home page GithubHelp logo

shellwen / v8_killer Goto Github PK

View Code? Open in Web Editor NEW
265.0 2.0 24.0 90 KB

A powerful and highly customizable universal V8 virtual machine injector.

Home Page: https://shellwen.github.io/v8_killer/

License: MIT License

Rust 100.00%
javascript native nodejs rust v8 chromium electron

v8_killer's Introduction

Contributors Forks Stargazers Issues MIT License LinkedIn ko-fi


V8 Killer

A powerful and highly customizable universal V8 virtual machine injector.
Explore the docs »

Report Bug · Request Feature

Documentations

Documentations are available under GitHub Pages.

About The Project

This project began with an initial idea: injecting scripts into Electron applications. There are traditionally two main approaches for accomplishing this.

  • Modifying resource files, such as .js or .asar files. However, this approach is highly invasive and cannot pass integrity checks in some software.
  • Opening a debugging port (--inspect or --inspect-brk) and injecting scripts using a debugger. However, some software may inspect this parameter or outright block it.

This project takes a different approach by hooking into the compilation functions of the V8 engine, directly modifying the source code passed to the V8 compiler. This allows scripts to be injected into the V8 engine without altering any local files or opening any debugging ports. Through testing, it has been confirmed that this method can be used with any software/framework built on the V8 engine, including but not limited to Node.js, Electron, and Deno.

Currently, this project has been tested exclusively on Linux and Windows. In theory, with minor modifications, it should be possible to run it on macOS. However, this is not currently part of our development roadmap.

This project is divided into two parts: core and launcher. The core constitutes the central component and represents the actual injected payload. The launcher is responsible for loading the payload, which is the core, into the target program.

On Linux, loading the payload can be accomplished simply using LD_PRELOAD. However, on Windows, this might require additional work, and this is where the purpose of the launcher comes into play.

So far, we support the following targets:

Target Supported Note
Node.js Yes
Electron Yes
CEF Untested
Deno No Deno remove exports from V8. In future versions, we will introduce pattern matching to address this issue.

Pattern matching is on the way. #12

(back to top)

Getting Started

This is an example of how you may give instructions on setting up your project locally. To get a local copy up and running follow these simple example steps.

License

Distributed under the MIT License. See LICENSE for more information.

(back to top)

Contact

ShellWen - @realShellWen - [email protected]

Project Link: https://github.com/ShellWen/v8_killer

(back to top)

v8_killer's People

Contributors

ghostflyby avatar shellwen avatar steve-xmh avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

lwd-temp skylakecore ghostflyby xqr2222 losenineai imzpy nonomal crackercat miloqq uptree steve-xmh zo4y showmethemoney2022 zsyubo ashmob joydo paopjian arryboom distums mp1repo chenkai00 xy-cloud-cn iceynano bianyuan456

v8_killer's Issues

v8_script_compiler_compile_function_internal not found 

PS D:\tools\v8killer> D:\tools\v8killer\v8killer.ps1
[*] Executable: C:\Users\WIN10\AppData\Local\nvs\cache\node.exe
[*] Args: ["D:\\tools\\v8killer\\js\\hello_world.js"]
[*] Core lib path: D:\tools\v8killer\v8_killer_core.dll
[*] Creating process.
[*] PID: 20268
[*] Alloc core lib path memory.
[*] Remote lib path memory Address: 0x180c97b0000.
[*] Writing core lib path to process.
[*] Getting LoadLibraryW address.
[*] Creating remote thread.
[*] Core lib inject success. Waiting for thread end.
[*] V8_KILLER_CONFIG_FILE_PATH: D:\tools\v8killer\config\demo.toml
[*] Read Config success
[*] Config: Config { identifiers: Identifiers { V8_SCRIPT_COMPILER_COMPILE_FUNCTION_INTERNAL: [SymbolIdentifier(SymbolIdentifier { symbols: ["_ZN2v814ScriptCompiler23CompileFunctionInternalENS_5LocalINS_7C
ontextEEEPNS0_6SourceEmPNS1_INS_6StringEEEmPNS1_INS_6ObjectEEENS0_14CompileOptionsENS0_13NoCacheReasonEPNS1_INS_14ScriptOrModuleEEE", "?CompileFunctionInternal@ScriptCompiler@v8@@CA?AV?$MaybeLocal@VFunctio
n@v8@@@2@V?$Local@VContext@v8@@@2@PEAVSource@12@_KQEAV?$Local@VString@v8@@@2@2QEAV?$Local@VObject@v8@@@2@W4CompileOptions@12@W4NoCacheReason@12@PEAV?$Local@VScriptOrModule@v8@@@2@@Z"] })], V8_STRING_UTF8LE
NGTH: [SymbolIdentifier(SymbolIdentifier { symbols: ["_ZNK2v86String10Utf8LengthEPNS_7IsolateE", "?Utf8Length@String@v8@@QEBAHPEAVIsolate@2@@Z"] })], V8_STRING_WRITE_UTF8: [SymbolIdentifier(SymbolIdentifie
r { symbols: ["_ZNK2v86String9WriteUtf8EPNS_7IsolateEPciPii", "?WriteUtf8@String@v8@@QEBAHPEAVIsolate@2@PEADHPEAHH@Z"] })], V8_CONTEXT_GET_ISOLATE: [SymbolIdentifier(SymbolIdentifier { symbols: ["_ZN2v87Co
ntext10GetIsolateEv", "?GetIsolate@Context@v8@@QEAAPEAVIsolate@2@XZ"] })], V8_STRING_NEW_FROM_UTF8: [SymbolIdentifier(SymbolIdentifier { symbols: ["_ZN2v86String11NewFromUtf8EPNS_7IsolateEPKcNS_13NewString
TypeEi", "?NewFromUtf8@String@v8@@SA?AV?$MaybeLocal@VString@v8@@@2@PEAVIsolate@2@PEBDW4NewStringType@2@H@Z"] })] }, rules: {"hook_console_log": ConfigRule { matcher: ResourceNameKeyword(ResourceNameKeyword
Matcher { keyword: "hello_world.js" }), processors: [InsertBefore(InsertBeforeProcessor { content: "const originalConsoleLog = console.log\n    console.log = function () {\n      originalConsoleLog('now yo
u see :)')\n      return originalConsoleLog.apply(this, arguments)\n    }" }), InsertAfter(InsertAfterProcessor { content: "console.log = originalConsoleLog\n    " })] }} }
[-] v8_script_compiler_compile_function_internal not found
[*] Thread ended. Resume original thread.
[*] --- Following is the original process output ---
hello world

PS D:\tools\v8killer> 

// hello_world.js
console.log("hello world")
# PowerShell
$env:V8_KILLER_CONFIG_FILE_PATH = "D:\tools\v8killer\config\demo.toml"
.\v8_killer_launcher.exe  "C:\Users\WIN10\AppData\Local\nvs\cache\node.exe"   "D:\tools\v8killer\js\hello_world.js"

How to inject to open devtools in Electron

I successfully injected your config. But But I can't see any effect. Where are the parameters of “console.log ” logged? In addition, This project seems to only support injecting native v8 functions, which I am not sure. I have a question. If I want to open devtools, What code should I inject instead? I tried this script:
var allWebContents = require('electron').webContents.getAllWebContents() allWebContents.forEach((contents)=>{ if (contents.openDevTools) { contents.openDevTools(); } } But failed.
I don't know if my way is wrong. I sincerely look forward to your reply. Thank you very much.

Remove standard library from codes

Given the large build size of the Rust standard library, we should consider removing the standard library from the code, i.e., using no_std. Since this is not a straightforward task, we should not prioritize it too high.

Introduce pattern matching

Introduce pattern matching to address the issue of losing v8-related exports after partially trimming the software binary.

Further enhance macOS support

We need to further support macOS, with the following steps:

  • core support (by 8133a85)
  • launcher support

Furthermore, we need to explore further the different behaviors when SIP is enabled or disabled, and whether the target program is code-signed or not.

launcher 的示例有问题 

V8_KILLER_CONFIG_FILE_PATH=path_to_config.toml v8_killer_launcher /use/bin/node path_to_target.js

不会执行后面的代码文件,因为

v8_killer/crates/launcher/src/main.rs

Line 11 in 638dfe4

let exe_cmdline = std::env::args().nth(1).expect("no exe_cmdline provided");

只解析了第一个参数,这个参数 /use/bin/node 拼写错误。

建议 launch 直接接受 Args 或者可迭代物作为参数,而不是接受第一个参数为 String 然后自己解析

Command::new("exe”).args(std::env::args().skip(2)).spawn();

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.