• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Results 1 to 8 of 8
    1. #1
      Hacker
      ^.^
       
      Eating
       
      NTvalk's Avatar
      Join Date
      Jul 2013
      Location
      Your RAM
      Posts
      512
      Thanks (-->)
      176
      Thanks (<--)
      145

      Lightbulb (MAC-OSX) Detouring shared library functions

      John Kittz
      UNIX offers a simple way to override functions in a shared library with the LD_PRELOAD environment variable, on mac this is DYLD_INSERT_LIBRARIES . When you make a twin brother of a function that is defined in an existing shared library, put it in your shared library, and you register your shared library name in DYLD_INSERT_LIBRARIES, your function is used instead of the original one. This is my simple test. Here I've replaced libf() in osharedlib.dylib with mlibf() in openhook.dylib.

      The original library:

      osharedlib.c
      #include <stdio.h>
      #include "mysharedlib.h"

      void libf()
      {
      printf("Original Hello");
      }

      main.c
      #include <stdio.h>
      #include "mysharedlib.h"

      int main()
      {
      libf();
      return 0;
      }


      openhook.c
      #include <stdio.h>
      #include <dlfcn.h>
      #include <unistd.h>
      #include "mysharedlib.h"

      typedef void (*fType)();
      static void (*real_f)() = NULL;
      // dlsym() is a very usefull function that finds the address of the function
      void mlibf(){
      if (!real_f){ // get the address of the original function
      void* handle = dlopen("mysharedlib.dylib", RTLD_NOW);
      real_f = (fType)dlsym(handle, "libf");
      if ( ! real_f) printf("NG");
      }
      // do evil stuff
      printf("--------lololol--------");
      // call the original
      real_f();
      }


      build libraries & start the program with[PHP] DYLD_INSERT_LIBRARIES[/PHP]
      [PHP]
      $ cat bat
      #!/bin/bash
      gcc -flat_namespace -dynamiclib -o openhook.dylib openhook.c
      gcc -dynamiclib -o mysharedlib.dylib mysharedlib.c
      gcc mysharedlib.dylib main.c
      export DYLD_FORCE_FLAT_NAMESPACE=
      export DYLD_INSERT_LIBRARIES=openhook.dylib
      ./a.out
      $ ./bat
      --------lololol--------Original Hello[/PHP]

      You also need to define DYLD_FORCE_FLAT_NAMESPACE (doesn't matter what value it has). In general it makes the command (in this case a.out) unstable, not a lot in my opinion if we use it just for debugging purpose, but it increases the chance of symbol name conflicts.


      You can use the same technique to override a method in a C++ class. Say there's a method named "libfff" in a class AAA, like
      class AAA  
      {
      public:
      int m;
      AAA(){m = 1234;}
      void libfff(int a);
      };

      To override it, you first need to know the mangled symbol name of the method.
      [PHP]$ nm somelibrary.dylib | grep "T "
      00000ed6 T __ZN3AAA3fffEi[/PHP]
      Then what you need to define is _ZN3AAA3fffEi. Don't forget removing the first '_'. If you see multiple symbols in the shared library and not sure which one to override, you can check it by demangling a symbol like
      [PHP]$ c++filt __ZN3AAA3fffEi
      AAA::libfff(int)[/PHP]

      Now you can override it like this.
      hook.cpp
      #include <stdio.h>
      #include <dlfcn.h>
      #include <unistd.h>
      #include "sharedlib.h"

      typedef void (*AAAlibfffType)(AAA*, int);
      static void (*real_AAAlibfff)(AAA*, int);

      extern "C"{

      void _ZN3AAA3fffEi(AAA* a, int b){
      printf("--------AAA::libfff--------");
      printf("%d, %d", b, a->m);
      void* handle = dlopen("sharedlib.dylib", RTLD_NOW);
      real_AAAlibfff = (AAAfffType)dlsym(handle, "_ZN3AAA3fffEi");
      if (real_AAAlibfff) printf("OK");
      real_AAAlibfff(a, b);
      }
      }


      [PHP]$ cat bat
      #!/bin/bash

      gcc -flat_namespace -dynamiclib -lstdc++ -o openhook.dylib openhook.cpp
      gcc -dynamiclib -lstdc++ -o mysharedlib.dylib mysharedlib.cpp
      gcc -lstdc++ mysharedlib.dylib main.cpp
      export DYLD_FORCE_FLAT_NAMESPACE=
      export DYLD_INSERT_LIBRARIES=openhook.dylib
      ./a.out
      $ ./bat
      ----------------AAA::fff--------original[/PHP]

      You can also do it using this library:
      https://github.com/rentzsch/mach_inject
      Last edited by NTvalk; 11-26-2013 at 02:56 PM.

    2. Thanks Marcus thanked for this post
    3. #2
      Learning to hack games!
       
      Feeling Normal
       
      's Avatar
      Join Date
      Jan 1970
      Posts
      0
      Thanks (-->)
      294
      Thanks (<--)
      328
      Nice one!

      Thanks for sharing.

    4. #3
      Hacker
      ^.^
       
      Eating
       
      NTvalk's Avatar
      Join Date
      Jul 2013
      Location
      Your RAM
      Posts
      512
      Thanks (-->)
      176
      Thanks (<--)
      145
      Quote Originally Posted by Agent Smith View Post
      Nice one!

      Thanks for sharing.
      thanks , added example with class.

    5. #4
      Hacker
      Turning to page 394...
       
      Coding
       
      Liduen's Avatar
      Join Date
      May 2013
      Location
      Germany
      Posts
      713
      Thanks (-->)
      161
      Thanks (<--)
      225
      Looks interesting and useful but I didn't understand a single word
      Thanks for sharing!
      My contributions
      UrbanTerror | OpenGL - ModelLogger | Polymorphic junk code | Tutorial/Article Collection
      Admiring technological singularity

    6. #5
      Hacker
      ^.^
       
      Eating
       
      NTvalk's Avatar
      Join Date
      Jul 2013
      Location
      Your RAM
      Posts
      512
      Thanks (-->)
      176
      Thanks (<--)
      145
      Quote Originally Posted by Liduen View Post
      Looks interesting and useful but I didn't understand a single word
      Thanks for sharing!
      If you tell me what you dont understand ill try to explain

    7. #6
      Hacker
      Turning to page 394...
       
      Coding
       
      Liduen's Avatar
      Join Date
      May 2013
      Location
      Germany
      Posts
      713
      Thanks (-->)
      161
      Thanks (<--)
      225
      Quote Originally Posted by NTvalk View Post
      If you tell me what you dont understand ill try to explain
      I'm sure you would, but you don't have to (yet )
      I just have to read up a bit when I have some freetime again. Just covered the basics up to now.
      When I have some experiences in this kind of thing I'll come back for sure and ask you, but not yet.

      Do you have a good source for learning such stuff like hooking, injecting, reversing?
      I once tried Lenas tutorials for reversing but they were not really helpful, because the first tutorial ended with the task to reverse a reverse_me.exe without any information how to manage/do it, so it wasn't really a tutorial. :/
      My contributions
      UrbanTerror | OpenGL - ModelLogger | Polymorphic junk code | Tutorial/Article Collection
      Admiring technological singularity

    8. #7
      Hacker
      ^.^
       
      Eating
       
      NTvalk's Avatar
      Join Date
      Jul 2013
      Location
      Your RAM
      Posts
      512
      Thanks (-->)
      176
      Thanks (<--)
      145
      Quote Originally Posted by Liduen View Post
      I'm sure you would, but you don't have to (yet )
      I just have to read up a bit when I have some freetime again. Just covered the basics up to now.
      When I have some experiences in this kind of thing I'll come back for sure and ask you, but not yet.

      Do you have a good source for learning such stuff like hooking, injecting, reversing?
      I once tried Lenas tutorials for reversing but they were not really helpful, because the first tutorial ended with the task to reverse a reverse_me.exe without any information how to manage/do it, so it wasn't really a tutorial. :/
      Ye of course, take your time, but for what i posted above you dont need to know any reversing or even hooking stuff, its all already built in unix (and very easy to use)
      Here's a few recourses i used for learning, good luck.

      https://damiproductions.darkbb.com/t...ction-tutorial
      https://www.codeproject.com/Articles...ith-MS-Detours
      https://wwwold.cs.umd.edu/Library/TR...CS-TR-4585.pdf <---- take a look at the last code, its what im doing above.
      Last edited by NTvalk; 11-26-2013 at 03:21 PM.

    9. Thanks Liduen thanked for this post
    10. #8
      Hacker
      Turning to page 394...
       
      Coding
       
      Liduen's Avatar
      Join Date
      May 2013
      Location
      Germany
      Posts
      713
      Thanks (-->)
      161
      Thanks (<--)
      225
      Cheats'n'Trainers
      Quote Originally Posted by NTvalk View Post
      Ye of course, take your time, but for what i posted above you dont need to know any reversing or even hooking stuff, its all already built in unix (and very easy to use)
      Here's a few recourses i used for learning, good luck.

      https://damiproductions.darkbb.com/t...ction-tutorial
      https://www.codeproject.com/Articles...ith-MS-Detours
      https://wwwold.cs.umd.edu/Library/TR...CS-TR-4585.pdf <---- take a look at the last code, its what im doing above.
      Thank you very much!
      My contributions
      UrbanTerror | OpenGL - ModelLogger | Polymorphic junk code | Tutorial/Article Collection
      Admiring technological singularity

    Similar Game Hacker Threads

    1. [Source Code] DirectX Color Library
      By Amonomen in forum Direct-X, OpenGL
      Replies: 0
      Last Post: 05-16-2016, 10:29 AM
    2. [Help] Static library location
      By markfrancis in forum Hacking Help
      Replies: 0
      Last Post: 05-01-2016, 11:07 PM
    3. Xnumem : Memory Library for os x
      By NTvalk in forum Tutorials and Snippets
      Replies: 3
      Last Post: 07-29-2014, 11:44 AM
    4. [Discuss] One great free C# library
      By vmv in forum C#
      Replies: 2
      Last Post: 11-19-2013, 07:29 AM
    5. Fivehax library
      By c5 in forum Tutorials and Snippets
      Replies: 4
      Last Post: 02-21-2013, 11:49 AM

    Tags for this Thread