ice799

Mar 27 14:33:10 sg123 bprobe[83972]: 27/Mar/2012 14:33:10 [nprobe.c:3087] Welcome to bprobe v.1.0.0fi772 ($Revision: 1983 $) for x86_64-redhat-linux-gnu 
Mar 27 14:33:10 sg123 bprobe[83972]: 27/Mar/2012 14:33:10 [nprobe.c:3106] Tracing enabled
Mar 27 14:33:10 sg123 bprobe[83972]: 27/Mar/2012 14:33:10 [nprobe.c:4858] There are no bonded interfaces being monitored.
Mar 27 14:33:10 sg123 bprobe[83972]: 27/Mar/2012 14:33:10 [plugin.c:133] Loading plugins...
Mar 27 14:33:10 sg123 bprobe[83972]: 27/Mar/2012 14:33:10 [plugin.c:142] No plugins found in ./plugins
Mar 27 14:33:10 sg123 bprobe[83972]: 27/Mar/2012 14:33:10 [plugin.c:142] No plugins found in /usr/local/lib/bprobe/plugins
Mar 27 14:33:10 sg123 bprobe[83972]: 27/Mar/2012 14:33:10 [plugin.c:146] WARNING: Unable to find plugins directory. bProbe will work without plugins!
Mar 27 14:33:10 sg123 bprobe[83972]: 27/Mar/2012 14:33:10 [plugin.c:196] 0 plugin(s) loaded [0 delete][0 packet].
Mar 27 14:33:10 sg123 bprobe[83972]: 27/Mar/2012 14:33:10 [nprobe.c:4992] We

ice799

> I am trying to patch an executable with does not link to Lua (script library) yet includes the source. The function luaL_newstate is the 
> one wanted, which is present in the mach-o and I can see the instruction address and the displacement to the function.

so you have a binary which does not link to lua_whatever.so ? ok...

> I have tried numerous methods of inserting the hook displacement for the displacement in the binary of interest. I would assume it requires 
> using execve to run the binary of interest yet that will overwrite the address space of the patcher. I have tried fork -> ptrace 
> PT_TRACE_ME execve and then trying dlsym(RTLD_DEFAULT, "luaL_newstate"); after a signal with the intention of overwriting memory with the 
> hook. I tested this by not including the Lua lib in the patcher and it does not find the symbol.