0

In cycript, it is possible to get a reference to a c function pointer, but I've been unable to use that syntax to retrieve a pointer to c++ functions using either their proper or mangled function names from the symbol table.

Is there a way to get there from here?

Update:

Update from Saurik's Input:

I hadn't tried function pointers from the c style symbols, but you are absolutely right that the leading underscore needs to be stripped. _DES_encrypt3 needs to be accessed with:

cy# dlsym(RTLD_DEFAULT, "DES_encrypt3")
0x14dc19

This gives me a valid pointer address.

When I look at the mangled symbol for xmpp::CapsManager::~CapsManager(), which is __ZN4xmpp11CapsManagerD2Ev_1bf718, I try

cy# dlsym(RTLD_DEFAULT, "__ZN4xmpp11CapsManagerD2Ev_1bf718")
null
cy# dlsym(RTLD_DEFAULT, "_ZN4xmpp11CapsManagerD2Ev_1bf718")
null
cy# dlsym(RTLD_DEFAULT, "ZN4xmpp11CapsManagerD2Ev_1bf718")
null

None of these variations yield a pointer.

JoshRivers
  • 9,920
  • 8
  • 39
  • 39

1 Answers1

1

My immediate guess is that you are trying to take the raw mangled symbol name (as you describe, getting it from the symbol table), passing it to dlsym... but dlsym requires a C-level symbol name, which means your approach would not work even for a simple C symbol: you will have an extra _ at the beginning (if you check the symbol table, you will see that C functions are also mangled, to begin with _). If you strip the leading _ you should be able to use dlsym to look up your mangled C++ symbol.

Jay Freeman -saurik-
  • 1,759
  • 1
  • 13
  • 13
  • I've added some details to the original question. Removing the extra underscore seems necessary, but I'm still not getting pointers. – JoshRivers Mar 03 '14 at 00:27