Interface
GumApiResolver
Description [src]
interface Gum.ApiResolver : GObject.ObjectResolves in-memory APIs by name, with globs permitted.
Using GumApiResolver
Exports and imports
void
start (void)
{
g_autoptr(GumApiResolver) resolver = gum_api_resolver_make ("module");
gum_api_resolver_enumerate_matches (resolver,
"exports:libc*.so!open*",
// case-insensitive: "exports:*!open/i"
// imports: "imports:example.so!open*"
instrument_c_function,
NULL,
NULL);
}
static gboolean
instrument_c_function (const GumApiDetails *details,
gpointer user_data)
{
g_print ("Found %s at %" G_GINT64_MODIFIER "x\n",
details->name,
details->address);
// e.g.: "Found /system/lib/libc.so at 0x7fff870135c9"
return TRUE; // keep enumerating
}
Objective-C methods
void
start (void)
{
g_autoptr(GumApiResolver) resolver = gum_api_resolver_make ("objc");
gum_api_resolver_enumerate_matches (resolver,
"-[NSURL* *HTTP*]",
instrument_objc_method,
NULL,
NULL);
}
static gboolean
instrument_objc_method (const GumApiDetails *details,
gpointer user_data)
{
g_print ("Found %s at %" G_GINT64_MODIFIER "x\n",
details->name,
details->address);
// e.g.: "Found -[NSURLRequest valueForHTTPHeaderField:] at 0x7fff94183e22"
return TRUE; // keep enumerating
}
Prerequisite
In order to implement ApiResolver, your type must inherit fromGObject.
Instance methods
gum_api_resolver_enumerate_matches
Performs the resolver-specific query, optionally suffixed with /i to
perform case-insensitive matching. Calls func with each match found.
Interface structure
struct GumApiResolverInterface {
GTypeInterface parent;
void (* enumerate_matches) (
GumApiResolver* self,
const gchar* query,
GumFoundApiFunc func,
gpointer user_data,
GError** error
);
}No description available.
Interface members
parent |
|
No description available. |
|
enumerate_matches |
|
No description available. |
Virtual methods
Gum.ApiResolver.enumerate_matches
Performs the resolver-specific query, optionally suffixed with /i to
perform case-insensitive matching. Calls func with each match found.