Crate plthook[−][src]
Expand description
Bindings for the plthook library.
This crates allows hooking library function calls in a running process. Please see the description of the plthook library for more details.
Usage
The main item in this crate is ObjectFile. Using its open_* functions
you can access to the PLT (Unix) or IAT (Windows) entries in the loaded
object files.
Symbols in object files
Use ObjectFile::symbols to get all symbols in the object file.
let object = ObjectFile::open_main_program()?; for symbol in object.symbols() { println!("{:?} {:?}", symbol.func_address, symbol.name); }
Invoking functions
The addresses yielded by ObjectFile::symbols can be used to invoke
functions directly.
You have to cast the address to the correct function type.
let pid = std::process::id(); let object = ObjectFile::open_main_program().unwrap(); let getpid_fn = object .symbols() .find(|sym| sym.name.to_str() == Ok("getpid")) .unwrap() .func_address as *const fn() -> libc::pid_t; assert_eq!(pid, unsafe { (*getpid_fn)() as u32 });
Replacing functions
ObjectFile::replace replaces an entry in the PLT table, and returns a
reference to the previous value.
Errors
Errors are wrapped by the Error type. When an error is returned from
any plthook function, the message from the plthook_error function is
included in the Error instance.
Structs
Errors from the plthook library.
An object file loaded in memory.
A replacement of an entry in the PLT section.
A symbol found in the PLT section.
Enums
Error categories from the plthook library.