feat: attempt to load process symbol and hook it
fails because undefined symbol?
This commit is contained in:
parent
f567080751
commit
28778ab2e1
2 changed files with 21 additions and 0 deletions
|
@ -21,3 +21,4 @@ retour = "0.1" # plain detour doesn't work on latest nightly? idk
|
||||||
elf = "0.7.2"
|
elf = "0.7.2"
|
||||||
nix = "0.26.2"
|
nix = "0.26.2"
|
||||||
proc-maps = "0.3.0"
|
proc-maps = "0.3.0"
|
||||||
|
dlopen = "0.1.8"
|
||||||
|
|
20
src/lib.rs
20
src/lib.rs
|
@ -1,14 +1,24 @@
|
||||||
use std::{error::Error, ffi::c_int};
|
use std::{error::Error, ffi::c_int};
|
||||||
|
|
||||||
|
use dlopen::symbor::Library;
|
||||||
use nix::libc::{socklen_t, sockaddr};
|
use nix::libc::{socklen_t, sockaddr};
|
||||||
use retour::static_detour;
|
use retour::static_detour;
|
||||||
|
|
||||||
static_detour! {
|
static_detour! {
|
||||||
static SOCKET_HOOK : unsafe extern "C" fn(i32, i32, i32) -> i32;
|
static SOCKET_HOOK : unsafe extern "C" fn(i32, i32, i32) -> i32;
|
||||||
static CONNECT_HOOK : unsafe extern "C" fn(c_int, *const sockaddr, socklen_t) -> c_int;
|
static CONNECT_HOOK : unsafe extern "C" fn(c_int, *const sockaddr, socklen_t) -> c_int;
|
||||||
|
static LOAD_EXT_HOOK : unsafe extern "C" fn(c_int) -> c_int;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// extern "C" {
|
||||||
|
// fn load_ext() -> ();
|
||||||
|
// }
|
||||||
|
|
||||||
fn add_hooks() -> Result<(), Box<dyn Error>> {
|
fn add_hooks() -> Result<(), Box<dyn Error>> {
|
||||||
|
let exec = Library::open_self()?;
|
||||||
|
|
||||||
|
let load_ext_sym = unsafe { exec.symbol::<unsafe extern "C" fn(c_int) -> c_int>("load_ext") };
|
||||||
|
|
||||||
unsafe {
|
unsafe {
|
||||||
SOCKET_HOOK.initialize(nix::libc::socket, |dom, tp, proto| {
|
SOCKET_HOOK.initialize(nix::libc::socket, |dom, tp, proto| {
|
||||||
eprintln!("caught socket({}, {}, {}) call", dom, tp, proto);
|
eprintln!("caught socket({}, {}, {}) call", dom, tp, proto);
|
||||||
|
@ -21,6 +31,16 @@ fn add_hooks() -> Result<(), Box<dyn Error>> {
|
||||||
CONNECT_HOOK.call(fd, info, len)
|
CONNECT_HOOK.call(fd, info, len)
|
||||||
})?;
|
})?;
|
||||||
CONNECT_HOOK.enable()?;
|
CONNECT_HOOK.enable()?;
|
||||||
|
|
||||||
|
match load_ext_sym {
|
||||||
|
Ok(sym) => {
|
||||||
|
LOAD_EXT_HOOK.initialize(*sym, |x| { eprintln!("intercepted load_ext!"); x })?;
|
||||||
|
LOAD_EXT_HOOK.enable()?;
|
||||||
|
},
|
||||||
|
Err(e) => {
|
||||||
|
eprintln!("[!] skipping load_ext hook : {}", e);
|
||||||
|
},
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
|
|
Loading…
Reference in a new issue