1

How can I find and replace hex code of .so files that are loaded in memory at runtime using C or C++?

  • this might help https://stackoverflow.com/questions/20099916/using-ptrace-pokedata-to-replace-data-in-the-heap-of-a-process – Goblinhack May 12 '20 at 15:25
  • I should add this all terribly depends on the OS so you need to provide more info in such a question. There might be a cleaner way to achieve what you want. The memory of your own code is likely to be in read only paged memory, not directly accessible and you will need to request the OS for access to it. Hence PTRACE_ATTACH/POKEDATA. – Goblinhack May 12 '20 at 15:30
  • Okay, the OS is android x86 with root access. i know the offsets and i know the hex code in the .so files i wish to replace once they are loaded to memory –  May 12 '20 at 16:09
  • Seems that the ptrace approach I mentioned above would work on android - https://stackoverflow.com/questions/34433451/linux-ptrace-read-whole-memory-page however to get the address to start with you can use https://www.systutorials.com/docs/linux/man/3-dl_iterate_phdr/ – Goblinhack May 12 '20 at 17:19
  • There is too much to paste out of this guys approach but he covers everything needed - I 'm sure you can adapt this to C - https://ancat.github.io/python/2019/01/01/python-ptrace.html – Goblinhack May 12 '20 at 17:37
  • 1
    Thank you very much for your assistance. I will look into it. –  May 12 '20 at 22:41

0 Answers0