ansaurus

Question

Using DYLD interposing to interpose class functions

Answer 1

+2 A:

C++ does name mangling. This means member function QString::mid() looks something like __ZNK7QString3midEii to the linker. Run the nm(1) command on the library you are interposing on to see the symbols.

Nikolai N Fetissov 2010-09-29 17:31:42

+1 Exactly. Use *nm* to find the correct symbol of the method you want to replace and then create a C function with that exact name on the shared library you are building.

karlphillip 2010-09-29 17:35:48

I will as soon as I get home. The function is in a bundle located in the application directory. It's a *.bundle file. If the symbol exists in the .bundle ANd in the main application, what should be done?ç

flaab 2010-09-29 18:22:05

Thank you for your answers. Karlphillip: once in know the exact symbol, should I just use the above code to interpose both of them?

flaab 2010-09-29 18:22:36

I haven't dug into OSX bundles, so don't know. You can certainly try your approach with mangled symbols. They are just functions to linker, though they are transformed to take `this` as a first argument.

Nikolai N Fetissov 2010-09-29 18:29:57

Thank you nikolai: Is it possible to just receive the function call to ___ZNK7QString3midEii(p1,p2,p3,p4), do whatever and then redirect the call to the real function which memory adress i have previously saved without making class posing. Is that it? Thank you :)

flaab 2010-09-29 18:34:01

It looks like it should be possible. Don't forget that first implicit pointer argument (forward-declare class types?). I gotta try this, it's fun :)

Nikolai N Fetissov 2010-09-29 18:40:31

I will! So if the function is Qstring::func(p1,p2,p3); and the symbol is ___ZNK7QString3midEii, the function I have to declare is my_own____ZNK7QString3midEii(pthis,p1,p2,p3) and forward it to the real function is that it? :D

flaab 2010-09-29 18:47:39

You don't have to have such ugly names for your own functions :)

Nikolai N Fetissov 2010-09-29 18:49:57

I will try and let you know :-) Thank you. I have a sudden question: what happens it the declaration uses custom datatypes. For instance if the original function declaration is QString::func(CType *p1, CType2 *p2, CType3 *p3), should I include Ctype.h, Ctype2.h and Ctype3.h in my patch when declaring the interposing funtion? :-S And what happens with the first parameter? Shoulw it be QString typed in the declaration? Should all pointers be void? :-P

flaab 2010-09-29 18:56:52

That's what I said before - forward declare these types as `struct`'s. I think `void` pointers should work too.

Nikolai N Fetissov 2010-09-29 19:00:59

As it turns out, it seems I won't need to interpose any class.

flaab 2010-09-29 23:46:23

This is the function I'm interested in replacing: addDealerChatMessage(quint64,quint8,QString,quint8,TPlayerIx,bool). If I can grab the QString in the middle, I'll be the happiest man on earth. I will need to replace it and being able to treat the QString afterwards. I don't have access to TPlayerIx class, maybe a standard pointer will do :P

flaab 2010-09-29 23:47:50

But I don't have the header file for that function, and it does not appear as a simbol of the binary. Is there a way to look for it? Maybe at execution time?

flaab 2010-09-29 23:59:25

Answer 2

A:

It is going to be much easier that this. QString uses memcpy to concatenate and work with Strings, and I can easily override memcpy, and apply a regular expression to the result, logging only the strings I want. Piece of cake. No need for magic voodo-hoodo :)

flaab 2010-09-30 09:43:31

ansaurus

tags:

views:

answers:

Using DYLD interposing to interpose class functions

related questions