use frida-gum gum_module_find_export_by_name to get C++ class method function using C++ code
时间: 2024-05-07 15:21:54 浏览: 20
Frida-Gum is a powerful instrumentation framework for dynamic binary analysis and reverse engineering. It provides a high-level API for writing custom code to interact with native code running on different platforms.
To use Gum to find a C++ class method function using C++ code, you can start by loading your target binary into memory using the `gum_process_attach()` function. Once attached, you can use `gum_module_find_export_by_name()` function to find the address of the C++ class method function inside the target binary.
Here is an example code snippet that demonstrates how to use Gum to find a C++ class method function:
```c++
#include <gum/gum.h>
class MyClass {
public:
void myMethod(int arg1, int arg2) {
// implementation of myMethod
}
};
int main() {
gum_init_embedded();
GumAddress myMethodAddress = 0;
GumAddress targetAddress = gum_module_find_base_address("mybinary");
if (targetAddress != 0) {
GumExportDetails exportDetails;
if (gum_module_find_export_by_name("mybinary", "_ZN7MyClass8myMethodEii", &exportDetails)) {
myMethodAddress = exportDetails.address;
}
}
// myMethodAddress now contains the address of MyClass::myMethod()
gum_deinit_embedded();
return 0;
}
```
In this example, we defined a simple C++ class `MyClass` with a method `myMethod()`. We then attached to the target binary using `gum_process_attach()`, and used `gum_module_find_export_by_name()` to find the address of the `MyClass::myMethod()` function inside the target binary. The function signature `_ZN7MyClass8myMethodEii` corresponds to the mangled name of the `MyClass::myMethod()` function in C++.
Note that this is just a basic example, and you will need to adapt the code to your specific use case. Also, keep in mind that using Gum to interact with native code requires a good understanding of the target binary and its environment.
相关推荐
![egg](https://img-home.csdnimg.cn/images/20210720083646.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)