how to hook a member function ?

iqiyi / xHook

🔥 A PLT hook library for Android native ELF.

Other

4.06k stars 755 forks source link

how to hook a member function ? #47

Closed iory1984 closed 5 years ago

iory1984 commented 5 years ago

For example, how i can hook WebRequest:WebRequest funtion in webkit . Could you give more details example, thank u very much

caikelun commented 5 years ago

Sorry. I'm not familiar with WebKit. I suggest you first get a general idea of the principle of PLT hook.

iory1984 commented 5 years ago

Actually , it doesn't matter whether it webkit or not. I am just really not sure how to hook a constructor function in a class. And how to re-write the function in my patch. I found the document and not find any examples on this issue. Could you help set a example on it ? It will be greatly appreciated.：）

caikelun commented 5 years ago

C++ function (including constructor function) is just an ordinary function. Try google: "c++ demangle".

Refs: https://demangler.com/ https://gcc.gnu.org/onlinedocs/libstdc++/manual/ext_demangling.html

For example:

art::JavaVMExt::LoadNativeLibrary(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, art::Handle<art::mirror::ClassLoader>, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >*)

to:

_ZN3art9JavaVMExt17LoadNativeLibraryERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS_6HandleINS_6mirror11ClassLoaderEEEPS7_

sindney commented 5 years ago

Hi @caikelun, i'm trying to hook UE4 project's memory functions, and i'v managed to get mangled names by doing: typeid(&FMemory::Malloc).name(); // PFPvjjE and nm pathto/libUE4.so | grep Malloc // _ZN7FMemory6MallocEjj i'm not sure which mangled name is correct, but both of them reports no error: xhook_register, xhook_refresh(1) and none of those mangled name works, my replacement for FMemory::Malloc didn't get called. The FMemory::Malloc is defined in UnrealMemory.h: struct CORE_API FMemory { static void* Malloc(SIZE_T Count, uint32 Alignment = DEFAULT_ALIGNMENT); }; What could be wrong?

caikelun commented 5 years ago

Try: arm-linux-androideabi-readelf -r ./libyour_lib.so

sindney commented 5 years ago

I found malloc, free in this section: Relocation section '.rel.plt' at offset 0x26dd168 contains 641 entries: Offset Info Type Sym.Value Sym. Name 0833b158 0004fa16 R_ARM_JUMP_SLOT 00000000 malloc 0833b100 0004f916 R_ARM_JUMP_SLOT 00000000 free but there's only 640 records in this section and i don't see many c++ mangled names here. Also i can't find FMemory related lines, does this mean they didn't 'export?' those core functions? Is this why i can't hook FMemory::Malloc?

caikelun commented 5 years ago

@sindney Yes, that's right. Ref: https://github.com/iqiyi/xHook/blob/master/libxhook/jni/xh_elf.c#L1006