You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm currently using shadowhook_hook_func_addr to hook some functions which are not in the ELF symbol table.
I want to prevent the possible function length issues to have a stable app.
shadowhook_hook_func_addr according to the docs does not have any checks for the function length, as there is just no place to get that info from at runtime. Because of that, there is a table in the docs with the information about the required function lengths for the hook to not have length issues.
I can get the information about the function lengths by myself before performing a hook, but then I need to understand if the particular length will always work or sometimes it might have problems. For that I can look at the mentioned table and compare it to the Ideal function length (bytes).
The problem I have right now is that I'm not sure the data in that table is up to date, as when I look at the Minimum function length (bytes) for arm64, the value is 4 bytes, but when I look at the code the value is 16 bytes, which, I assume, means that if the function length is less than 16, shadowhook will return an error.
So, can you please help me with 2 things:
What are the current minimum function lengths for arm32 and arm64 that are known to never have function length issues?
Is it possible to somehow pass the function length to the shadowhook_hook_func_addr, so that shadowhook can perform the same length checks as it does in shadowhook_hook_sym_addr - I mean, it will require the code change for sure, but I want to know if there are any concerns about it?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi!
I'm currently using
shadowhook_hook_func_addrto hook some functions which are not in the ELF symbol table.I want to prevent the possible function length issues to have a stable app.
shadowhook_hook_func_addraccording to the docs does not have any checks for the function length, as there is just no place to get that info from at runtime. Because of that, there is a table in the docs with the information about the required function lengths for the hook to not have length issues.I can get the information about the function lengths by myself before performing a hook, but then I need to understand if the particular length will always work or sometimes it might have problems. For that I can look at the mentioned table and compare it to the
Ideal function length (bytes).The problem I have right now is that I'm not sure the data in that table is up to date, as when I look at the
Minimum function length (bytes)for arm64, the value is 4 bytes, but when I look at the code the value is 16 bytes, which, I assume, means that if the function length is less than 16, shadowhook will return an error.So, can you please help me with 2 things:
shadowhook_hook_func_addr, so that shadowhook can perform the same length checks as it does inshadowhook_hook_sym_addr- I mean, it will require the code change for sure, but I want to know if there are any concerns about it?Beta Was this translation helpful? Give feedback.
All reactions