Cannot hook Callback function?

Question

I was hooking few functions in my code and it was working pretty code till today and then I came across a bug due to call back function.

Lets say..

If I do something like

puts("Hi!\n");

works great. I can hook this.

But If I do this...

typeof(puts) *fptr = puts;
fptr("Hi \n");

Hooking does not work?

I am using OSX env and searching for symbols in order to do hooking. Can someone suggest me whats wrong with callback functions and what I should be doing in to hook in hooking algorithm?

EDIT: I did some more debugging, in case if with the following information anyone who can provide some opinion.

I think this can be source of problem?

bool Hook(const char *name, void *impl) {
    ...   
    void **EntryInAdressTable = find(name);
    if(EntryInAdressTable) {
        *EntryInAdressTable = impl;
    }
}
 ...
}

So, What's happening here is, I change the Entry in address table for corresponding symbol with my implementation and the in My implementation I call original function.

So, my guess is, If we use callback function, it means we referred directly to function address without going through the address table and thats why hooked method is not called.

Am I right on this one? If so can any one suggest me any workaround?

Well, actually, my question is about hooking and so I thought, I can also use C++ solution. — RLT, Oct 27 '11 at 14:56
@Mac: Hooking can mean any number of things, depending on the context. — Oliver Charlesworth, Oct 27 '11 at 14:57
I think you're misusing the term hooking. Hooking generally means intercepting a normal call and replacing it with your own. — JosephH, Oct 27 '11 at 14:58
Here with hooking, I just want my function to be executed before actual. — RLT, Oct 27 '11 at 14:58
i think you want typedef and not typeof. please read this http://stackoverflow.com/questions/4295432/typedef-function-pointer — madmik3, Oct 27 '11 at 15:00
I look for symbols obtained by _dyld_get_image_header and then look for my string.. in this case, _puts. — RLT, Oct 27 '11 at 15:04
I know typedef. typeof is just quick way to get callback function. — RLT, Oct 27 '11 at 15:05
I have updated question with my findings. Please let me know your thoughts. — RLT, Oct 28 '11 at 08:23

score 0 · Accepted Answer · answered May 17 '12 at 09:50

If we hook by looking into symbol table and replacing the function adress there corresponding to symbol entry will work as long as we are making function call using symbol entry in symbol table. If we use function address directly (callback function), it will not work.

score 0 · Answer 2 · answered Oct 27 '11 at 15:39

0

Assuming you're using LD_PRELOAD to hook your functions, when you take a pointer to puts, the pointer is presumably bound to the version the linker knows about when you link, in the standard library, and isn't overridden when your preloaded library comes into existence. I can't think of any way to bypass this.

answered Oct 27 '11 at 15:39

Mark B

95,107
10
109
188

I dont take a pointer to puts. I take a symbol "_puts". Then I look up for commands and try to find if this string is present. – RLT Oct 27 '11 at 16:08
I have updated question with my findings. Please let me know your thoughts – RLT Oct 28 '11 at 12:22

Cannot hook Callback function?

2 Answers2