I am interposing the memcpy() function in C because the target application uses it to concatenate strings and I want to find out which strings are being created. The code is:
void * my_memcpy ( void * destination, const void * source, size_t num )
{
void *ret = memcpy(destination, source, num);
// printf ("[MEMCPY] = %s \n", ret);
return ret;
}
The function gets called succesfully but the first parameter can be whatever and I only want to trace it if the result is a string or array. I would have to ask if it is array or string. I know this can't be done straightforward: is there anyway to find out what RET points to?
I am working under MACOSX and interpositioning with DYLD.
Thank you very much.
As void* represents a raw block of memory, there is no way to determine what actual data lies there.
However, you can make a "string-like" memory dump on every operation, just give the resulting output some sort of the "upper output limit".
This could be implemented the following way:
const size_t kUpperLimit = 32;
void output_memory_dump(void* memory) {
std::cout.write(reinterpret_cast<char*>(memory), kUpperLimit);
}
For non-string like data the output would be hardly interpretable, but otherwise you'd get what you were searching for.
You could attempt to apply some guess-based approach like iterating through reinterpret_cast<void*>(memory) and making is_alphanumeric && is_space checks to every symbol, but this approach doesn't seem very stable (who knows what could actually lie in that void*...).
Anyway, for some situations that might be fine.