2

So recently I was trying to work with a process, to read/write memory from/to the process.
I've written a little wrapper class for ptrace, and I'm using that at the moment.

However the process uses multiple shared objects, which I need the offset of, in order to calculate the address.

So let's say on the windows version of my process, the address is base.dll+0xFF00, so on linux I'm expecting it to be base.so+0xFF00, I've found a nice alternative to cheat engine called scanmem, in combination with gameconqueror.

However, I am not able to get the base address of the base.so, I've found this code for windows systems, however that does not work on linux systems.

So all over this is what I'm looking for: A function that gets the base address of a module within a process, by it's name, like: getModuleBase(pid,"base.so");

Is this even possible, or am I looking into something that won't even work anyway?

Thanks in advance!

berlinoverflow
  • 23
  • 1
  • 3

1 Answers1

1

On Linux, you could use the linux specific (actually GNU libc specific) dladdr(3) function, assuming you know the address of some function symbol inside it.

Otherwise, you could read sequentially and parse the /proc/self/maps file from inside your program (or /proc/1234/maps for the process of pid 1234). proc(5) is Linux specific, and reading files in /proc/ is quick (no disk IO involved since /proc/ is implemented inside the kernel without physical I/O). Try in a terminal

cat /proc/self/maps

it will show you the memory map of the process executing that cat command

I am not sure that the idea of a well-defined and unique base address of a dynamically loaded (dlopen-ed) plugin is meaningful. Shared objects ELF files (i.e. plugin.so files) generally have several segments. See this answer (and think about ASLR ...)

Community
  • 1
  • 1
Basile Starynkevitch
  • 223,805
  • 18
  • 296
  • 547