library-interposition | 易学教程

How can I debug runtime library interpositioned process?

阅读更多关于 How can I debug runtime library interpositioned process?

问题 I'm now studying library interpositioning with C in Ubuntu 18.04, and I'm testing two simple codes to wrap strlen : "mystrlen.c", "mystrlenTest.c". Here is the code I wrote: mystrlen.c #ifdef RUNTIME #define _GNU_SOURCE #include <stdio.h> #include <string.h> #include <dlfcn.h> /* strlen wrapper function */ size_t strlen(const char *str) { size_t (*strlenp)(const char *) = NULL; printf("%s\n", *str); strlenp = dlsym(RTLD_NEXT, "strlen"); // Get address of libc strlen printf("length: %ld\n",

How to dynamically interpose C functions from Python on Linux (without LD_PRELOAD)?

阅读更多关于 How to dynamically interpose C functions from Python on Linux (without LD_PRELOAD)?

问题 How do I, at run-time (no LD_PRELOAD ), intercept/hook a C function like fopen() on Linux, a la Detours for Windows? I'd like to do this from Python (hence, I'm assuming that the program is already running a CPython VM) and also reroute to Python code. I'm fine with just hooking shared library functions. I'd also like to do this without having to change the way the program is run. One idea is to roll my own tool based on ptrace() , or on rewriting code found with dlsym() or in the PLT, and

How to hook system calls of my android app

阅读更多关于 How to hook system calls of my android app

问题 I want to intercept the connect() system call and use my own custom implementation. The custom implementation will do some action like printing a log for simplicity and then call the system implementation further. I looked at Audrey's blog where the approach is to patch the PLT. But unfortunately this code is crashing when trying to change the address in the relocation table. After goggling a while i came across This already answered question. But the approach described here gives me the

LD_PRELOAD for C++ class methods

阅读更多关于 LD_PRELOAD for C++ class methods

问题 I need to interpose on a method call in a C++ program (the class resides in a separate shared library). I thought I could use LD_PRELOAD, but i am not sure how this would work (i only found examples of C functions): is there a way to setup interposition for a single method without copying over any code from the interposed class implementation? 回答1: It wouldn't be very portable, but you could write your interposing function in C and give it the mangled name of the C++ method. You would have to

How to hook system calls of my android app (non rooted device)

阅读更多关于 How to hook system calls of my android app (non rooted device)

问题 I am trying to intercept all system calls made by my Android app on a non rooted device. So every time my app writes/reads a file, I want to intercept the system call and encrypt/decrypt the stream for security purposes. The encryption part is no problem, but how do I intercept the system calls? Because parts of the app are modules developed by third party providers of which I can not change the source code, there is no other way to make sure that data is stored securely. Since I do not have

How to hook system calls of my android app (non rooted device)

阅读更多关于 How to hook system calls of my android app (non rooted device)

I am trying to intercept all system calls made by my Android app on a non rooted device. So every time my app writes/reads a file, I want to intercept the system call and encrypt/decrypt the stream for security purposes. The encryption part is no problem, but how do I intercept the system calls? Because parts of the app are modules developed by third party providers of which I can not change the source code, there is no other way to make sure that data is stored securely. Since I do not have root access I cannot access the address of the system call table as described here and I can not do

Interposing of OS X system calls

阅读更多关于 Interposing of OS X system calls

I need to interpose (get my functions called instead of the original functions) some OS X system calls to overcome a flaw in a piece of closed-source software. Preferably, the resulting solution would work under 10.5 (Leopard) and newer, but I might be able to require 10.6 (Snow Leopard) if the argument were strong enough. Preferably, the resulting solution would be an executable, but I might settle for a script. Preferably, the resulting solution would be able to interpose ("steal the vectors") even after the target application is running, but I could settle for a technology that must inject

Interposing of OS X system calls

阅读更多关于 Interposing of OS X system calls

问题 I need to interpose (get my functions called instead of the original functions) some OS X system calls to overcome a flaw in a piece of closed-source software. Preferably, the resulting solution would work under 10.5 (Leopard) and newer, but I might be able to require 10.6 (Snow Leopard) if the argument were strong enough. Preferably, the resulting solution would be an executable, but I might settle for a script. Preferably, the resulting solution would be able to interpose ("steal the