Hook libc.so readdir #2631
Answered
by
Rablidad
lyf-is-coding
asked this question in
Q&A
-
Here is my code that hook readdir function from libc.so. function hookReadDir()
{
Interceptor.attach(Module.findExportByName("libc.so", "readdir") ,
{
onEnter: function(args)
{
let pointer = args[0];
let d_name = pointer.readPointer().add(8).add(8).add(add2).add(1);
console.log(`opendir: ${d_name.readCString(256)}`);
}
})
} |
Beta Was this translation helpful? Give feedback.
Answered by
Rablidad
Sep 9, 2023
Replies: 1 comment 1 reply
-
if on x86, ino_t and off_t represents 32 bit data offset, also, you don't need to put the string length as an argument to readCString as c strings ends in null terminator characters. which gives: // x86 => 4 (ino_t) + 4 (off_t) + 2 (unsigned short) + 1 (unsigned char) = 11
let d_name = pointer.add(11).readCString();
// x64 => 8 (ino_t) + 8 (off_t) + 2 (unsigned short) + 1 (unsigned char) = 19
let d_name = pointer.add(19).readCString() |
Beta Was this translation helpful? Give feedback.
1 reply
Answer selected by
lyf-is-coding
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
if on x86, ino_t and off_t represents 32 bit data offset, also, you don't need to put the string length as an argument to readCString as c strings ends in null terminator characters. which gives: