noobexploiter
Platinian
When obtaining the address of a library, i commonly see people, searching for the library in the memory map of the game. Take octowolves template for example Hooking-Template-With-Mod-Menu/Utils.h at master · Octowolve/Hooking-Template-With-Mod-Menu
It opens the /proc/self/maps and search for the library using
In its maps, the libil2cpp.so is named split_config.arm64_v8a.apk , so obviously, the strstr will not find it. Instead, i came up with my own implementation
It uses dl_iterate_phdr to loop through all libraries loaded, on each library found, it will call the callback function. In the callback function, if the name of the library matches what we are looking for, it will assign the addr parameter to the address of that library, and it returns the addr paramter.
You can use it like
C++:
DWORD findLibrary(const char *library) {
char filename[0xFF] = {0},
buffer[1024] = {0};
FILE *fp = NULL;
DWORD address = 0;
//sprintf( filename, "/proc/self/maps"); Buffer Overflow warning. shit is depreceated
snprintf(filename, sizeof(filename) ,"/proc/self/maps");
fp = fopen( filename, "rt" );
if( fp == NULL ){
perror("fopen");
goto done;
}
while( fgets( buffer, sizeof(buffer), fp ) ) {
if( strstr( buffer, library ) ){
address = (DWORD)strtoul( buffer, NULL, 16 );
goto done;
}
}
done:
if(fp){
fclose(fp);
}
return address;
}strstr. The problem with this, is not all the time, libraries are mapped as they are named. For example, farmville, In its maps, the libil2cpp.so is named split_config.arm64_v8a.apk , so obviously, the strstr will not find it. Instead, i came up with my own implementation
C++:
DWORD addr;
int callback(struct dl_phdr_info *info, size_t size, void *data){
if(strstr(info->dlpi_name, static_cast<const char* const>(data))){
addr = info->dlpi_addr;
}
return 0;
}
DWORD get_libBase(const char* libName) {
dl_iterate_phdr(callback, (void*)libName);
return addr;
}You can use it like
C++:
DWORD libil2cpp = get_libBase("libil2cpp.so");