Jakob Rødal Skaar jakobrs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| gcc ./dyldfunclookuphelper.c /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/lib/dylib1.o \ | |
| -shared -o ./libdyldfunclookuphelper.dylib -target x86_64-apple-macos10.7 | |
| # OR (untested) | |
| #ld /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/lib/dylib1.o \ | |
| # -dylib -o ./libdyldfunclookuphelper.dylib -alias __dyld_func_lookup _dyld_func_lookup_helper | |
| g++ ./example.cpp -ldyldfunclookuphelper -L. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <sys/mman.h> | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| /* | |
| * Calls mprotect on the entire page that address is located in. | |
| */ | |
| static int mprotect_page(void *address, int prot) { | |
| int pagesize = getpagesize(); |
jakobrs
/ dlopen_from.c
Last active
May 19, 2021 18:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Compile with: gcc ./dlopen_from.c -masm=intel -shared -O3 -o libdlopen_from.so -ldl | |
| #define _GNU_SOURCE | |
| #include <sys/types.h> | |
| #include <sys/mman.h> | |
| #include <sys/socket.h> | |
| #include <signal.h> | |
| #include <unistd.h> | |
| #include <link.h> | |
| #include <string.h> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <link.h> | |
| static void explore(struct link_map *lm) { | |
| struct link_map *focused = lm; | |
| printf("Backwards:\n"); | |
| while (focused != NULL) { | |
| printf("- %s\n", focused->l_name); | |
| focused = focused->l_prev; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _GNU_SOURCE | |
| #include <stdio.h> | |
| #include <stddef.h> | |
| #include <dlfcn.h> | |
| struct dlopen_args | |
| { | |
| /* The arguments for dlopen_doit. */ |
jakobrs
/ dlhook.cpp
Last active
February 16, 2023 07:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <dlfcn.h> | |
| #include <mach-o/dyld-interposing.h> | |
| void dyld_func_lookup(const char *name, void **address); | |
| void *dlopen_from(const char *file, int mode, void *caller) __attribute__((weak)); | |
| void dlopen_post_hook(const char *file, int mode, void *caller, void *result); | |
| void *interposed_dlopen(const char *file, int mode) { | |
| void *caller = __builtin_extract_return_addr(__builtin_return_address(0)); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| extern "C" int dyld_func_lookup(const char *, void **); | |
| extern "C" void *dlopen_from(const char *file, int mode, void *caller) __attribute__((weak)); | |
| /* To get the "caller address", __dyld_dlopen evaluates *(rbp + 0x8), which | |
| * means we can set a fake caller address by storing the address of our fake | |
| * caller address, minus 8, in rbp. | |
| */ | |
| __attribute__((naked)) | |
| static void *fake_dlopen_from_10_13(const char *file, int mode, void *caller, | |
| void *(*__dyld_dlopen)(const char *, int)) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #![feature(link_llvm_intrinsics)] | |
| #![feature(naked_functions)] | |
| #![feature(asm)] | |
| extern "C" { | |
| #[link_name = "llvm.returnaddress"] | |
| fn llvm_returnaddress(level: u32) -> *const u8; | |
| } | |
| macro_rules! return_address { |
jakobrs
/ script.lua
Created
August 8, 2021 18:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local function create_null_sink() | |
| print("Creating null sink") | |
| null_node = Node("adapter", { | |
| ["factory.name"] = "support.null-audio-sink", | |
| ["media.class"] = "Audio/Sink", | |
| ["object.linger"] = true, | |
| ["audio.position"] = "[FL FR]", | |
| ["node.name"] = "automatic-null-sink", | |
| }) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use std::{ | |
| fs::OpenOptions, | |
| io::{Read, Write}, | |
| os::unix::prelude::AsRawFd, | |
| }; | |
| use mio::{unix::SourceFd, Events, Interest, Poll}; | |
| fn main() { | |
| let mut poll = Poll::new().unwrap(); |