Expand description
Bindings for the plthook library.
This crates allows hooking library function calls in a running process. Please see the description of the plthook library for more details.
§Usage
The main item in this crate is ObjectFile
. Using its open_*
functions
you can access to the PLT (Unix) or IAT (Windows) entries in the loaded
object files.
§Symbols in object files
Use ObjectFile::symbols
to get all symbols in the object file.
let object = ObjectFile::open_main_program()?;
for symbol in object.symbols() {
println!("{:?} {:?}", symbol.func_address, symbol.name);
}
§Invoking functions
The addresses yielded by ObjectFile::symbols
can be used to invoke
functions directly.
You have to cast the address to the correct function type.
let pid = std::process::id();
let object = ObjectFile::open_main_program().unwrap();
let getpid_fn = object
.symbols()
.find(|sym| sym.name.to_str() == Ok("getpid"))
.unwrap()
.func_address as *const fn() -> libc::pid_t;
assert_eq!(pid, unsafe { (*getpid_fn)() as u32 });
§Replacing functions
ObjectFile::replace
replaces an entry in the PLT table, and returns a
reference to the previous value.
§Errors
Errors are wrapped by the Error
type. When an error is returned from
any plthook function, the message from the plthook_error
function is
included in the Error
instance.
Structs§
- Errors from the
plthook
library. - An object file loaded in memory.
- A replacement of an entry in the PLT section.
- A symbol found in the PLT section.
Enums§
- Error categories from the
plthook
library.