Source Code Mac OSX Detour / Hooking Library C++

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

NTvalk

Hacker
Meme Tier VIP
Jul 6, 2013
499
3,108
8
UNIX offers a simple way to override functions in a shared library with the LD_PRELOAD environment variable, on mac this is DYLD_INSERT_LIBRARIES . When you make a twin brother of a function that is defined in an existing shared library, put it in your shared library, and you register your shared library name in DYLD_INSERT_LIBRARIES, your function is used instead of the original one. This is my simple test. Here I've replaced libf() in osharedlib.dylib with mlibf() in openhook.dylib.

C++Mac OSX Detour / Hooking Library Source Code

osharedlib.c
C++:
#include <stdio.h>
#include "mysharedlib.h"

void libf()
{
printf("Original Hello");
}
main.c
C++:
#include <stdio.h>
#include "mysharedlib.h"

int main()
{
libf();
return 0;
}
openhook.c
C++:
#include <stdio.h>
#include <dlfcn.h>
#include <unistd.h>
#include "mysharedlib.h"

typedef void (*fType)();
static void (*real_f)() = NULL;
// dlsym() is a very usefull function that finds the address of the function
void mlibf(){
if (!real_f){ // get the address of the original function
  void* handle = dlopen("mysharedlib.dylib", RTLD_NOW);
  real_f = (fType)dlsym(handle, "libf");
  if ( ! real_f) printf("NG");
}
  // do evil stuff
  printf("--------lololol--------");
  // call the original
real_f();
}
build libraries & start the program with
C++:
 DYLD_INSERT_LIBRARIES
C++:
$ cat bat
#!/bin/bash
gcc -flat_namespace -dynamiclib -o openhook.dylib openhook.c
gcc -dynamiclib -o mysharedlib.dylib mysharedlib.c
gcc mysharedlib.dylib main.c
export DYLD_FORCE_FLAT_NAMESPACE=
export DYLD_INSERT_LIBRARIES=openhook.dylib
./a.out
$ ./bat
--------lololol--------Original Hello
You also need to define DYLD_FORCE_FLAT_NAMESPACE (doesn't matter what value it has). In general it makes the command (in this case a.out) unstable, not a lot in my opinion if we use it just for debugging purpose, but it increases the chance of symbol name conflicts.


You can use the same technique to override a method in a C++ class. Say there's a method named "libfff" in a class AAA, like
C++:
class AAA 
{ 
public: 
    int m; 
    AAA(){m = 1234;} 
    void libfff(int a); 
};
To override it, you first need to know the mangled symbol name of the method.
C++:
$ nm somelibrary.dylib | grep "T " 
00000ed6 T __ZN3AAA3fffEi
Then what you need to define is _ZN3AAA3fffEi. Don't forget removing the first '_'. If you see multiple symbols in the shared library and not sure which one to override, you can check it by demangling a symbol like
C++:
$ c++filt __ZN3AAA3fffEi 
AAA::libfff(int)
Now you can override it like this.
hook.cpp
C++:
#include <stdio.h>
#include <dlfcn.h>
#include <unistd.h>
#include "sharedlib.h"

typedef void (*AAAlibfffType)(AAA*, int);
static void (*real_AAAlibfff)(AAA*, int);

extern "C"{

void _ZN3AAA3fffEi(AAA* a, int b){
    printf("--------AAA::libfff--------");
    printf("%d, %d", b, a->m);
void* handle = dlopen("sharedlib.dylib", RTLD_NOW);
    real_AAAlibfff = (AAAfffType)dlsym(handle, "_ZN3AAA3fffEi");
if (real_AAAlibfff) printf("OK");
real_AAAlibfff(a, b);
  }
}
C++:
$ cat bat
#!/bin/bash

gcc -flat_namespace -dynamiclib  -lstdc++ -o openhook.dylib openhook.cpp
gcc -dynamiclib -lstdc++ -o mysharedlib.dylib mysharedlib.cpp
gcc -lstdc++ mysharedlib.dylib main.cpp
export DYLD_FORCE_FLAT_NAMESPACE=
export DYLD_INSERT_LIBRARIES=openhook.dylib
./a.out
$ ./bat
----------------AAA::fff--------original
You can also do it using this library:
rentzsch/mach_inject
 
Last edited by a moderator:

Liduen

Hacker
Dank Tier VIP
May 19, 2013
702
8,478
33
Looks interesting and useful but I didn't understand a single word ;)
Thanks for sharing!
 

Liduen

Hacker
Dank Tier VIP
May 19, 2013
702
8,478
33
If you tell me what you dont understand ill try to explain :)
I'm sure you would, but you don't have to (yet :) )
I just have to read up a bit when I have some freetime again. Just covered the basics up to now.
When I have some experiences in this kind of thing I'll come back for sure and ask you, but not yet. :)

Do you have a good source for learning such stuff like hooking, injecting, reversing?
I once tried Lenas tutorials for reversing but they were not really helpful, because the first tutorial ended with the task to reverse a reverse_me.exe without any information how to manage/do it, so it wasn't really a tutorial. :/
 

NTvalk

Hacker
Meme Tier VIP
Jul 6, 2013
499
3,108
8
I'm sure you would, but you don't have to (yet :) )
I just have to read up a bit when I have some freetime again. Just covered the basics up to now.
When I have some experiences in this kind of thing I'll come back for sure and ask you, but not yet. :)

Do you have a good source for learning such stuff like hooking, injecting, reversing?
I once tried Lenas tutorials for reversing but they were not really helpful, because the first tutorial ended with the task to reverse a reverse_me.exe without any information how to manage/do it, so it wasn't really a tutorial. :/
Ye of course, take your time, but for what i posted above you dont need to know any reversing or even hooking stuff, its all already built in unix (and very easy to use):D
Here's a few recourses i used for learning, good luck.

https://damiproductions.darkbb.com/t494-c-dll-injection-tutorial
https://www.codeproject.com/Articles/30140/API-Hooking-with-MS-Detours
https://wwwold.cs.umd.edu/Library/TRs/CS-TR-4585/CS-TR-4585.pdf <---- take a look at the last code, its what im doing above.
 
Last edited:

Liduen

Hacker
Dank Tier VIP
May 19, 2013
702
8,478
33
Ye of course, take your time, but for what i posted above you dont need to know any reversing or even hooking stuff, its all already built in unix (and very easy to use):D
Here's a few recourses i used for learning, good luck.

https://damiproductions.darkbb.com/t494-c-dll-injection-tutorial
https://www.codeproject.com/Articles/30140/API-Hooking-with-MS-Detours
https://wwwold.cs.umd.edu/Library/TRs/CS-TR-4585/CS-TR-4585.pdf <---- take a look at the last code, its what im doing above.
Thank you very much!
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods