Advertisement
Guest User

Untitled

a guest
Jan 19th, 2019
80
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.23 KB | None | 0 0
  1. You'll need to dump the native entry points to find the native you want in IDA. If you look in your crossmapping.cpp file, there should be code which looks like:
  2.  
  3. Code:
  4. void CrossMapping::dumpNativeMappingCache()
  5. {
  6. std::ofstream file;
  7. file.open("EntryPoints.txt");
  8.  
  9. if (!file) { Log::Error("failed to open EntryPoints.txt"); }
  10.  
  11. for (int i = 0; i < sizeof(__HASHMAPDATA) / sizeof(*__HASHMAPDATA); i += 2) {
  12. auto addr = Hooking::GetNativeHandler(__HASHMAPDATA[i]);
  13. file << std::hex << "0x" << __HASHMAPDATA[i] << " : " << "0x" << addr << std::endl;
  14. }
  15. file.close();
  16. }
  17. When called (normally in your "Hooking::Start" method), that will dump the native hash and map it to the entrypoint address you'd use in IDA. When finished, remember to comment out the method call else it'll run every time you inject!
  18.  
  19. For example, this is what it would look like (note this is for 1.44) - native hash (find it in natives.h) -> function entrypoint:
  20.  
  21. Code:
  22. 0xf9e56683ca8e11a5 : 0x00007FF7F5A486E8
  23. When you have your entrypoints - find the native you want to find in IDA, and copy the right hand value (i.e the "0x00007FF...." one). Search for it in IDA, and that will take you to the function where you can sig it or whatever you want to do with it.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement