Skip to content

Zhaojp-Frank/vtable-hook

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 
example.cpp
example.cpp
 
 
hookT
hookT
 
 
libhookT.so
libhookT.so
 
 
vtablehook.h
vtablehook.h
 
 

Repository files navigation

vtable-hook

C++ Vtable Hooking Library. Only requires a header.

Validated in Linux, X86, g++

Good Ref:

http://lazarenko.me/wide-pointers/

http://lazarenko.me/devirtualization/

Example

# one can use GCC extension to query member func addr
# then lookup vtable to confirm the offset
# Here're the sample's output 

offset:0 orig_func.addr:401140
offset:1 orig_func.addr:40117a
offset:2 orig_func.addr:4010fe
offset:3 orig_func.addr:40104a
offset:4 orig_func.addr:0
kid.foo1:0x4010fe foo2:0x40104a

call o->Foo()
Orig-Kid-Foo1: input size:1024
call o->*mfp1()
Orig-Kid-Foo1: input size:1024

offset:0 orig_func.addr:400fbe
offset:1 orig_func.addr:401024
offset:2 orig_func.addr:40108e
offset:3 orig_func.addr:40104a
offset:4 orig_func.addr:0
child.foo1:0x40108e foo2:0x40104a

-------to hook
offset:2 orig_func.addr:4010fe
Orig-Kid-Foo1: input size:2048
---- Hooked orig.size:2048 orig.ret:0
---- Hooked orig.size:4096 orig.ret:-1
Orig-Kid-Foo1: input size:2048
---- Hooked orig.size:2048 orig.ret:0

-------to restore
Orig-Kid-Foo1: input size:2048
Orig-Kid-Foo1: input size:2048

About

C++ Vtable Hooking Library

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 54.9%
  • C 41.5%
  • Shell 3.6%