Comments (2)
Zeex
commented on July 19, 2024
I think it depends on where fopen points to at runtime, it could be a pointer to the imports table shared by the process and all libraries or it could point to some other place internal to the module. IIRC there are linker flags that change this behavior (like -fPIC, etc).
I don't remember using any special flags in crashdetect for this purpose, maybe cmake handles it by default.
from subhook.
IS4Code
commented on July 19, 2024
Disabling PIC does not seem to make a difference, unfortunately. Crashdetect loads the pointer via mov eax, ds:(fopen_ptr - 44000h)[ebx], my plugin via mov [esp+1Ch+var_1C], offset fopen, but there's something strange; IDA doesn't show the contents of the import table for my plugin, while it does for crashdetect and the server binary.
Edit: -nodefaultlibs seems to have been the issue, to no surprise actually. Now it seems the correct function is found, since subhook_read_dst points to crashdetect.
Case closed, thanks!
from subhook.
Related Issues (20)
- Hook install segfault
- Subhook crashes on dylib, hooking a function (Catalina, Big Sur) HOT 1
- x64 trampolines rarely working HOT 1
- There maybe some bugs in rex prefix judge of 64-bits HOT 4
- Linker errors HOT 2
- Is a special flag needed for __stdcall? HOT 1
- subhook_make_jmp64 might SIGSEGV if a function is located across a page boundary HOT 3
- Is there any plan to continue supporting macos?
- trampoline fails on X86_64 due to "endbr64" instruction not handled? HOT 2
- 8 bit relative jump tripping up my use case (instruction 0x79 0x07)
- Compile error HOT 1
- Linker compilation errors HOT 2
- delete HOT 4
- Hook pramm *const this HOT 2
- Undefined symbols for architecture x86_64:
- Run Subhook within Ruby application
- Undefined symbols
- [Question] Retrieving trampoline once? (Yes, Fixed)
- [Question] Replace Class Function?
- [Question] Support for Mid-Function Hooking?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from subhook.