Breaking On Native Function Calls

[PhistucK]

I wanted to know whether there is a V8 (or Chrome) flag of some sort that will let me add breakpoints on native function calls.

I do not mean C++ functions, I mean built in web platform (or ECMAScript) functions.

My issue is that I click on a link and suddenly some code is apparently calling document.location.replace("foo") or something and the page redirects (maliciously). In order to find the calling code, I want to set a breakpoint on calling document.location.replace, which is a native web platform function, that is not writable (so I cannot override it with my own function using Object.defineProperty, or use a proxy).

(The code is apparently elusive and obfuscated somewhat, so it is not just a search and replace)

I tried using the Developer Tools API - debug(function), but it did not break (even when I call it with setTimeout).

A V8 flag (or a Chrome flag) that either lets me break on calling that function, or that overrides the security feature that makes it non-writable, or something like that, would let me see the code that calls it and find the malicious way it does so.

So, is there something like that?

Thank you!

[Jochen Eisinger]

As far as I know that's not possible. Could you file a feature request for this (probably on crbug.com if you also want to cover DOM functions)

--
--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups "v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[PhistucK]

File ​crbug.com/657697​ (and crbug.com/657700 for a related bug I found as a result :(). But it is really a duplicate of crbug.com/496666 (so I closed mine). I guess it will not be in progress soon. :(

☆PhistucK

To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---

You received this message because you are subscribed to a topic in the Google Groups "v8-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/v8-users/j2CPHefGEmQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to v8-users+unsubscribe@googlegroups.com.

[Krzysztof Olczyk]

If making your own build of Chromium for your investigation purposes makes sense to you,

it should work for you to remove "Unforgeable" here: https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/frame/Window.idl?l=41

Then, you could defineProperty window.location to your "proxy" object.

-- 

Best regards,

Krzysztof Olczyk

Software Developer & Architect

TVSDK Core team

Opera TV

Pl. Teatralny 8, 50-051 Wroclaw, Poland

[Yang Guo]

I guess you are looking for https://bugs.chromium.org/p/v8/issues/detail?id=178

This is a long standing feature request that has not been addressed yet. I'll add it to our backlog.

On Thursday, October 20, 2016 at 7:55:38 AM UTC+2, PhistucK wrote:

File ​crbug.com/657697​ (and crbug.com/657700 for a related bug I found as a result :(). But it is really a duplicate of crbug.com/496666 (so I closed mine). I guess it will not be in progress soon. :(

☆PhistucK

On Thu, Oct 20, 2016 at 8:19 AM, Jochen Eisinger <joc...@chromium.org> wrote:

As far as I know that's not possible. Could you file a feature request for this (probably on crbug.com if you also want to cover DOM functions)

On Wed, Oct 19, 2016 at 7:38 PM PhistucK <phis...@gmail.com> wrote:

I wanted to know whether there is a V8 (or Chrome) flag of some sort that will let me add breakpoints on native function calls.

I do not mean C++ functions, I mean built in web platform (or ECMAScript) functions.

My issue is that I click on a link and suddenly some code is apparently calling document.location.replace("foo") or something and the page redirects (maliciously). In order to find the calling code, I want to set a breakpoint on calling document.location.replace, which is a native web platform function, that is not writable (so I cannot override it with my own function using Object.defineProperty, or use a proxy).

(The code is apparently elusive and obfuscated somewhat, so it is not just a search and replace)

I tried using the Developer Tools API - debug(function), but it did not break (even when I call it with setTimeout).

A V8 flag (or a Chrome flag) that either lets me break on calling that function, or that overrides the security feature that makes it non-writable, or something like that, would let me see the code that calls it and find the malicious way it does so.

So, is there something like that?

Thank you!

--
--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups "v8-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+u...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
--
v8-users mailing list
v8-u...@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to a topic in the Google Groups "v8-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/v8-users/j2CPHefGEmQ/unsubscribe.

To unsubscribe from this group and all its topics, send an email to v8-users+u...@googlegroups.com.

[PhistucK]

Yeah, I wish. I do not have a strong machine yet. :(

I wanted to try an old version of Chromium (which does not have [Unforgeable] yet), but my corporate proxy is blocking me from using the site in question. I will try again when I am home.

☆PhistucK

[PhistucK]

Yes, I am. I already noticed it is blocking the Chromium issue.

Thank you!

☆PhistucK

To unsubscribe from this group and all its topics, send an email to v8-users+unsubscribe@googlegroups.com.