Crate plthook

Source
Expand description

Bindings for the plthook library.

This crates allows hooking library function calls in a running process. Please see the description of the plthook library for more details.

§Usage

The main item in this crate is ObjectFile. Using its open_* functions you can access to the PLT (Unix) or IAT (Windows) entries in the loaded object files.

§Symbols in object files

Use ObjectFile::symbols to get all symbols in the object file.

let object = ObjectFile::open_main_program()?;
for symbol in object.symbols() {
    println!("{:?} {:?}", symbol.func_address, symbol.name);
}

§Invoking functions

The addresses yielded by ObjectFile::symbols can be used to invoke functions directly.

You have to cast the address to the correct function type.

let pid = std::process::id();

let object = ObjectFile::open_main_program().unwrap();
let getpid_fn = object
    .symbols()
    .find(|sym| sym.name.to_str() == Ok("getpid"))
    .unwrap()
    .func_address as *const fn() -> libc::pid_t;

assert_eq!(pid, unsafe { (*getpid_fn)() as u32 });

§Replacing functions

ObjectFile::replace replaces an entry in the PLT table, and returns a reference to the previous value.

§Errors

Errors are wrapped by the Error type. When an error is returned from any plthook function, the message from the plthook_error function is included in the Error instance.

Structs§

Enums§

  • Error categories from the plthook library.

Type Aliases§