search

jmpews / Dobby

a lightweight, multi-platform, multi-architecture hook framework.
Apache License 2.0
4k stars 833 forks source link

Segmentation fault on macos M1 arm64 #210

Closed mogui closed 1 year ago

mogui commented 1 year ago

Hi there I'm trying to working it out but got a segmentation fault, maybe I'm doing something wrong. Here's the simple program I'm trying to inject:

#include <stdio.h>
int nice_function(){
   return 6;
}

int main() {
   // printf() displays the string inside quotation
   int n = nice_function();
   printf("Hello, World! %d", n);
   return 0;
}

This the lib I'm building to inject

#include <stdio.h>
#include <syslog.h>
#include "dobby.h"

install_hook_name(nice_function, int) {   
    printf("Hooked!\n");
    return 7;
}

__attribute__((constructor))
static void customConstructor(int argc, const char **argv)
 {
    printf("Hello from dylib!\n");
    void *sym_addr = DobbySymbolResolver(NULL, "nice_function");  
    install_hook_nice_function(sym_addr);
    syslog(LOG_ERR, "Dylib injection successful in %s\n", argv[0]);
}

Compiling with clang++ this is what I get

$: DYLD_INSERT_LIBRARIES=inject.dylib ./hello 
Hello from dylib!
[DobbySymbolResolverSharedCache] [!] [/Users/runner/work/Dobby/Dobby/builtin-plugin/SymbolResolver/macho/dyld_shared_cache_symbol_table_iterator.cc:87:shared_cache_load_symbols]mmap /System/Library/dyld/dyld_shared_cache_arm64e failed
[1]    58546 segmentation fault  DYLD_INSERT_LIBRARIES=inject.dylib ./hello

What am I foing wrong?

jmpews commented 1 year ago

fixed

mogui commented 1 year ago

Hi @jmpews Still something wrong, it does not segfault anymore but function doesn't get swapped this is my output:

Hello from dylib!
[!] [/Users/runner/work/Dobby/Dobby/source/InterceptRouting/Routing/FunctionInlineHook/FunctionInlineHook.cc:8:DobbyHook]function address is 0x0
Hello, World! 6

Whats'wrong?

jmpews commented 1 year ago

check DobbySymbolResolver(NULL, "nice_function"); return, it seems the symbol not resolved.

mogui commented 1 year ago

Yes there is something I have to specify better? I've posted the code I'm using, is it ok ? there is something else I should specify? like const char *image_name is it right to be NULL?

mogui commented 1 year ago

Ok!, I was hooking wrong the symbol name. Now I got it but still got a segmentation fault

    printf("Hello from dylib!\n");
    void *sym_addr = DobbySymbolResolver(NULL, "_nice_function");  
    printf("sym_addr is: %p\n", sym_addr);
    install_hook_nice_function(sym_addr);
    syslog(LOG_ERR, "Dylib injection successful in %s\n", argv[0]);
DYLD_INSERT_LIBRARIES=inject2.dylib ./hello                         
Hello from dylib!
sym_addr is: 0x102ee7f3c
[1]    30335 segmentation fault  DYLD_INSERT_LIBRARIES=inject2.dylib ./hello
jmpews commented 1 year ago 
int nice_function(){
   return 6;
}

is shot function, the func body length not enough for trampoline, try build with "-DBUILD_EXAMPLE=ON", and test socket_example binary.

mogui commented 1 year ago

Yay! I made it work, just by makeing teh function a bit longer ! Thanks a lot @jmpews

mogui commented 1 year ago

Just on more question, If I wanted to hook a dylib loaded by an executable I have to name it in DobbySymbolResolver(NULL, "_nice_function"); instead of NULL, is it right?