feat(frida): expose Scope::Full + Process::get_parameters#238
Merged
Conversation
added 2 commits
May 18, 2026 17:24
Adds the safe wrapper for two pieces of frida-core that were previously
unreachable from Rust:
- frida_device_enumerate_processes_sync's FridaProcessQueryOptions arg
(was passed null = Scope::Minimal). New Scope enum + new
Device::enumerate_processes_with_options(Scope::Full) returns
processes with their parameter table populated. enumerate_processes
keeps the old behavior (Scope::Minimal).
- frida_process_get_parameters returns a GHashTable<gchar*, GVariant*>.
Process::get_parameters walks the hash via g_hash_table_iter_* and
builds HashMap<String, Variant>. Common keys on Windows: ppid (u32),
path (string), user (string), started (string).
Variant changes:
- Adds numeric type signatures the previous version only had Int64 for:
y/n/q/i/u/t are all widened to Int64 (i64 covers all of them; u64
above i64::MAX wraps, but frida parameter values fit comfortably).
- Replaces todo!() panic on unknown signatures with
Variant::Unsupported(String) carrying the original GVariant sig.
Frida on Windows packs process icons as "ay" byte arrays and there's
no reason to crash on those — the caller decides to skip them.
Use case: distinguishing main from helper processes in Chromium-style
apps (Weixin.exe / Chrome / Electron / Discord). Filter by
get_parameters()["ppid"] != another same-name process's pid.
Walks `Device::enumerate_processes_with_options(Scope::Full)`, filters by a user-supplied name, and prints pid / ppid / path for each match — marking the entry whose parent PID is not another same-name process so callers can pick the main process out of Chromium-style apps (Chrome, Electron, Discord, VSCode, Weixin, ...). Doubles as documentation for the new Scope + get_parameters APIs.
Contributor
|
Thanks! would it be possible to add a test so we can check this new functionality in CI? Also, please address CI issues. |
added 3 commits
May 20, 2026 10:35
Two lines were broken across multiple lines but rustfmt prefers them on a single line. CI runs `cargo fmt --all -- --check` and was failing on these two hunks.
variant.rs in this branch reads ppid/uid/gid/etc. via the full set of GVariant integer accessors (byte / int16 / uint16 / int32 / uint32 / uint64), but the Linux cross-platform alias block only re-exported boolean / int64 / string / type_string. On Linux the frida-core devkit's frida-core.h #defines every glib symbol with a `_frida_` prefix to avoid colliding with the system glib at link time, so bindgen emits only the prefixed names. macOS and Windows headers don't do that rename, which is why CI was only red on the Linux job. Add the 6 missing aliases so call sites in frida/src/variant.rs resolve on all platforms without any per-platform cfg in the higher crate.
…ant::Unsupported
Three #[test]s in frida/tests/process_parameters.rs, all running
against the test process itself (no device.attach needed):
1. get_parameters_returns_data_under_full_scope
Enumerates with Scope::Full, locates own pid, asserts the
parameter map is non-empty and contains at least one String
and one Int64 variant. Doesn't hard-code key names — Linux,
macOS and Windows expose different keys.
2. get_parameters_is_empty_under_minimal_scope
Regression guard: the default-scope alias must NOT populate
the parameter table. Catches anyone bloating the cheap
enumerate_processes() path.
3. variant_iteration_never_panics_on_unknown_signatures
Core PR regression target. Variant::from_ptr previously
todo!()'d on unknown GVariant signatures and crashed the
whole caller — Windows packs process icons as 'ay' byte
arrays so get_parameters() died on the first hit. This test
enumerates everything and runs each accessor + Debug; a
future panic regression breaks the test instead of users.
Tests serialize via a static Mutex<()> since frida-core is a
process-wide singleton. Locally verified on Windows and on Linux
through the docker rust:latest workflow.
Contributor
|
Thanks! Looks good. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Exposes two pieces of frida-core that the safe wrapper currently can't reach:
FridaProcessQueryOptionsscope.frida_device_enumerate_processes_synctakes a query-options arg that the wrapper hard-codes tonull(≡FRIDA_SCOPE_MINIMAL). Adds aScopeenum andDevice::enumerate_processes_with_options(scope).frida_process_get_parametersreturns aGHashTable<gchar*, GVariant*>.Process::get_parameterswalks the hash and returnsHashMap<String, Variant>(typical keys on Windows:ppid,path,user,started).Existing
Device::enumerate_processes()is unchanged — stillScope::Minimal, no breakage for current callers.Why
Hooking Chromium-style multi-process apps (Chrome, Electron, Discord, WeChat/Weixin, VSCode, ...) needs to pick the main process out of N same-named entries. The info is in frida-core's parameter table (
ppid), but Rust callers can't see it today.Real use case:
Side changes (required for the above to actually work)
Variant::from_ptrpreviouslytodo!()'d on unknown GVariant signatures. That crashes the moment frida hands you something the wrapper didn't anticipate — e.g. Windows packs process icons as"ay"byte arrays, soget_parameters()panics on the first one. Replaced withVariant::Unsupported(String)carrying the original sig; callers decide whether to skip or decode externally."x"(Int64) was decoded; addedynqiutall widened toInt64(i64 covers u32 / i32 / u64-up-to-i64::MAX comfortably).ppidarrives as"u", so this is a hard prerequisite for the newget_parametersto return anything useful.Demo
A new example
examples/core/get_process_parameterswalks the API:```text
$ cargo run -p get_process_parameters -- Weixin.exe
★ main pid= 15840 ppid= 12888 D:\Tencent\weixin_4.1.2.17\Weixin.exe
helper pid= 6964 ppid= 15840 D:\Tencent\weixin_4.1.2.17\Weixin.exe
helper pid= 15892 ppid= 15840 D:\Tencent\weixin_4.1.2.17\Weixin.exe
helper pid= 25400 ppid= 15840 D:\Tencent\weixin_4.1.2.17\Weixin.exe
```
Tested
Manually against Weixin 4.x on Windows 11. Round-trip works; ppid filter correctly picks the main process (PID 15840) out of 4 `Weixin.exe` instances where the other 3 are `--type=wxocr/wxplayer/wxutility` helpers.
Compatibility