挂钩 C++ OSX 上的方法?
我在某些应用程序中注入 dylib 以获得某些所需的行为。
我能够正确挂接平面 C API。一旦我注入 dylib,我就会在符号表中查找并使用我的函数地址更新其条目,然后调用原始符号表。
因此,符号名称对我来说变得很重要。
我的问题是C++ 名称修改。我们如何挂钩一个名称已被破坏的 C++ 函数。我读到了有关堆栈溢出的一些地方,可以使用 mach_override 挂钩 c++ 代码,但没有示例或参考。
有人可以举例说明如何实现 C++ 的挂钩吗?
编辑: 我使用 $ c++filt -n _ZN10WindowData12GetCGContextEv 作为示例,并得到输出为 WindowData::GetCGContext()
- WindowData 是类还是命名空间?
- 我怎样才能钩住它?我可能需要一些前向声明和外部函数才能正确使用 WindowData::GetCGContext() 进行挂钩。
像这样的东西......
typedef void* (*WindowData_GetCGContextProcPtr)(void* inObj);
static WindowData_GetCGContextProcPtr gWindowDataGetCGContextProcPtr = NULL;
void* try_WindowDataGetCGContextProcPtr(void* inObj)
{
printf("try_WindowDataGetCGContextProcPtr \n");
return gWindowDataGetCGContextProcPtr(inObj);
}
现在,我想修补这个方法。
gWindowDataGetCGContextProcPtr = (WindowData_GetCGContextProcPtr)Patch((const void*)&WindowData::GetCGContext, (const void*)&try_WindowDataGetCGContextProcPtr);
该补丁给出了编译错误。
error: 'WindowData' has not been declared
error: 'GetCGContext' was not declared in this scope
我该如何解决它?
I am injecting a dylib in some application for some desired behavior.
I am able to hook flat C APIs properly. Once I inject the dylib, I look out in symbol table and update its entry with my function address and in turn call the original one.
Thus, symbol names becomes important to me.
My problem is with C++ name mangling. How can we hook a C++ function whose name have been mangled. I read some places on stack overflow, that its possible to hook c++ code with mach_override, but no example or references.
Can some give me example on how to achieve hooking of C++?
Edit:
I used $ c++filt -n _ZN10WindowData12GetCGContextEv as a example and got the out put as WindowData::GetCGContext()
- Is WindowData a class or namespace?
- How can I hook it? I ma need some forward declarations and externs to use WindowData::GetCGContext() properly for hooking.
Something like this...
typedef void* (*WindowData_GetCGContextProcPtr)(void* inObj);
static WindowData_GetCGContextProcPtr gWindowDataGetCGContextProcPtr = NULL;
void* try_WindowDataGetCGContextProcPtr(void* inObj)
{
printf("try_WindowDataGetCGContextProcPtr \n");
return gWindowDataGetCGContextProcPtr(inObj);
}
Now, I want to patch this method.
gWindowDataGetCGContextProcPtr = (WindowData_GetCGContextProcPtr)Patch((const void*)&WindowData::GetCGContext, (const void*)&try_WindowDataGetCGContextProcPtr);
This patch gives compilation error.
error: 'WindowData' has not been declared
error: 'GetCGContext' was not declared in this scope
How I fix it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可以使用 c++filt 解码损坏并进行注入。
但是优化器内联的方法不适用于此方法
You can use c++filt to decode the mangling and do the injection.
But methods that are inlined by the optimizer won't work with this approach
在 OS X 上,假设您使用的是 gcc,则
abi::__cxa_demangle函数可用于对 C++ 名称进行解调。您不需要将指针分配给与WindowData::GetCGContext签名匹配的方法。但是,仍然需要提供此类的规范。On OS X, assuming you're using gcc, the
abi::__cxa_demanglefunction in<cxxabi.h>can be used to demangle C++ names. You don't need this to assign a pointer to a method that matches the signature of:WindowData::GetCGContext. The specification for this class still needs to be provided, however.