search

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset
https://www.radare.org/
GNU Lesser General Public License v3.0
20.59k stars 2.99k forks source link

Inject library in target process #3224

Closed radare closed 7 years ago

radare commented 9 years ago

Like LD_LIBRARY_PATH, but at runtime, this is common injection technique on Windows. The library constructor must be called

jjdredd commented 9 years ago

The library constructor must be called

Isn't it called by the loader automatically?

radare commented 9 years ago

Not sure if in all platforms works the same when calling dlopen

On 13 Oct 2015, at 08:39, Judge_Dredd notifications@github.com wrote:

The library constructor must be called

Isn't it called by the loader automatically?

— Reply to this email directly or view it on GitHub.

radare commented 7 years ago

we can use frida for this, maybe move to extras and r2pm?

killabytenow commented 7 years ago

My experience says that .init section/_init func/so constructor are called always. The difficult part is to avoid get them called xD

radare commented 7 years ago

This can be done with r2frida, we can consider this an offtopic for r2 because it can be done by hand already by a plugin or using external tools like r2frida.