hacksysteam
commented
3 years ago Hi @dragongt501 entrypoint is the name of the function which will be executed after injecting the shared object.
You can use readelf, nm, or objdump to list the symbols and figure out which function you want to call after loading the shared object.
$ readelf -s ./libagent-x86_64.so
Symbol table '.dynsym' contains 6 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __cxa_atexit@LIBC (2)
2: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __cxa_finalize@LIBC (2)
3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __register_atfork@LIBC (2)
4: 0000000000000000 0 FUNC GLOBAL DEFAULT UND puts@LIBC (2)
5: 00000000000016d0 12 FUNC GLOBAL DEFAULT 13 entrypoint$ objdump -TC ./libagent-x86_64.so
./libagent-x86_64.so: file format elf64-x86-64
DYNAMIC SYMBOL TABLE:
0000000000000000 DF *UND* 0000000000000000 LIBC __cxa_atexit
0000000000000000 DF *UND* 0000000000000000 LIBC __cxa_finalize
0000000000000000 DF *UND* 0000000000000000 LIBC __register_atfork
0000000000000000 DF *UND* 0000000000000000 LIBC puts
00000000000016d0 g DF .text 000000000000000c Base entrypoint$ nm -gD ./libagent-x86_64.so
U __cxa_atexit
U __cxa_finalize
00000000000016d0 T entrypoint
U puts
U __register_atforkFor this case, entrypoint is the function we want to call after loading the shared object.
Hi, bro. Can you tell me? How to find entrypoint Android application?