Skip to content
Permalink
Branch: master
Commits on May 4, 2019
  1. Call private member function w/o dlsym()

    Hamled committed May 4, 2019
    This isn't really anything close to hooking -- the symbol->address
    resolution is being done by the dynamic linker entirely -- but it's
    certainly the simplest option.
    
    If you can modify your code's version of the class declaration so that
    the private member function you wish to call is actually public, then
    the linker will make it work using "normal" C++ code.
  2. Example of "hooking" the complex target lib

    Hamled committed May 4, 2019
    This example is slightly more complex than the basic example because we
    need to construct an instance of the Target class first. A pointer to
    the instance must also be placed on the stack (or in correct register)
    according to the calling convention of the private member function.
    
    After that setup has been completed, the call is actually the same as
    the basic and C examples, just calling the function pointer.
  3. Complex lib target for private member fn hooking

    Hamled committed May 4, 2019
    This is slightly more complex than the basic target, because the private
    member function to be hooked / called makes use of `this`.
    
    That means an actual instance of the class must be constructed and setup
    according to the calling convention of the private function before the
    call can be made.
  4. Basic "hook" for calling private member function

    Hamled committed May 4, 2019
    As with the C example, this is not truly a hook, but it does call the
    private member function without needing to modify the library's code by
    changing the scope for that function.
    
    This turns out to be slightly easier than the C example, because member
    functions in (non-local) C++ classes always have external linkage, so
    there's no chance of a missing symbol, and you can use `dlsym` with the
    mangled function name to get the address directly.
  5. Basic C++ lib and example app for hooking

    Hamled committed May 4, 2019
    This basic library is written so that the hook target, the private
    member function `Target::say_something` does not actually use the
    `this` keyword, which may make it simpler to hook.
  6. Basic code to call local function from lib

    Hamled committed May 4, 2019
    This isn't a hook per se, but it uses the same basic mechanism. I've
    reversed the very simple libtarget.so binary (just using objdump) and
    located the local function `say_something`.
    
    By calculating its offset from the start of the `maybe_say` function,
    which is a global symbol whose address can be determined at runtime
    using `dlsym`, we can create a function pointer to it.
  7. Initial README

    Hamled committed May 4, 2019
You can’t perform that action at this time.