Your code:
```cpp
void *memcpy(void *dest, const void *src, size_t n)
{
return memcpy(dest, src, n);
}
```
**Is infinitely recursive.**
You are **replacing `memcpy` with itself**, so every call → calls itself forever → stack overflow → crash.
This is why the game crashes on startup — it likely uses `memcpy` early (e.g., for initialization, copying strings, loading assets), and your function causes infinite recursion.
---
### ❌ Problem: Infinite Recursion
```cpp
return memcpy(...); // Calls THE SAME FUNCTION again!
```
There’s no exit condition. No forwarding to real `memcpy`. Just loop.
---
### ✅ Solution: You Must Call the Real `memcpy` After Hooking
When you hook a function like `memcpy`, you need:
1. A way to call the **original** `memcpy` (by saving its address before patching).
2. Your hook should **forward** to that original.
3. Never recursively call yourself.
But in your current code, there's **no hooking mechanism**, just self-call → guaranteed crash.
---
### ✅ Fixed & Safe Version: Proper `memcpy` Hook (No Crash)
```cpp
#include <cstddef>
// Function pointer to hold the REAL memcpy
extern "C" void* (*o_memcpy)(void*, const void*, size_t);
// Our hooked version — safe and non-recursive
extern "C" void* h_memcpy(void* dest, const void* src, size_t n) {
// Forward to original, NOT to ourselves
return o_memcpy(dest, src, n);
}
```
---
### 🔧 How to Use This Correctly (Step-by-Step):
#### Step 1: Save Original Before Overwriting
Use a detour library or inline patching:
```cpp
// Example pseudocode — depends on your platform/hooking engine
o_memcpy = (void* (*)(void*, const void*, size_t))dlsym(RTLD_NEXT, "memcpy");
// OR: use MSHookFunction, fishhook, inline assembly, etc.
```
#### Step 2: Patch `memcpy` to Jump to `h_memcpy`
Use a hooking framework like:
- **Darwin**: [fishhook](https://github.com/facebook/fishhook)
- **Android/Linux**: `MSHookFunction` (MobileSubstrate), `PLT` patching
- **Custom**: Write inline assembly trampoline
Example (simplified):
```cpp
// After saving o_memcpy, apply hook so all calls to memcpy go to h_memcpy
apply_memory_hook((void*)memcpy, (void*)h_memcpy);
```
> ⚠️ Never write `memcpy = h_memcpy;` directly — that doesn’t work safely.
---
### 🛑 Do NOT Define `memcpy` Directly Unless You Are Replacing It Entirely
If you're building a shared library (`.so`) and define `memcpy`, the linker might override the system one — but this breaks everything because even **your own code** will call your version.
So unless you are **very carefully controlling symbol visibility**, avoid exporting your `memcpy`.
Instead, **hook at runtime**, don't override globally.
---
### ✅ Minimal Working Fix (Final – No Crash)
```cpp
#include <cstddef>
extern "C" {
// Pointer to original memcpy
void* (*o_memcpy)(void*, const void*, size_t) = nullptr;
// Hooked implementation
void* h_memcpy(void* dest, const void* src, size_t n) {
if (!o_memcpy) {
// Fallback: prevent infinite loop
__builtin_memcpy(dest, src, n);
return dest;
}
// Safely call original
return o_memcpy(dest, src, n);
}
}
```
Then ensure during initialization:
```cpp
o_memcpy = (void* (*)(void*, const void*, size_t))dlsym(RTLD_NEXT, "memcpy");
// Apply hook here using MSHookFunction or equivalent
```
---
### 🧯 If You Want to "Break" memcpy Selectively (e.g., for anti-debugging)
Only allow small copies:
```cpp
void* h_memcpy(void* dest, const void* src, size_t n) {
if (n > 1024) {
// Ignore large copies — break decompression, asset loading
return dest; // lie: pretend success
}
return o_memcpy ? o_memcpy(dest, src, n) : __builtin_memcpy(dest, src, n);
}
```
Or fill with junk:
```cpp
void* h_memcpy(void* dest, const void* src, size_t n) {
__builtin_memset(dest, 0xCC, n); // Fill with INT3 byte instead of copying
return dest;
}
```
But never call `memcpy()` inside `memcpy()`.
---
###
本文记录了一个项目的开发过程,包括遇到的问题及解决办法,特别是在组件使用方面的心得体会。虽然代码较为杂乱且存在一些bug,但对于理解组件应用仍有一定帮助。
扫一扫
3216
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
