How can I call a function from JAVA/JNA if I only know the offset from another function?

Question

I know that in libaaa.so there is an exported (the symbol is in the text/code section) function obj1() at address 0x12345 from the start of the library.

CLibrary libaaa = (CLibrary)Native.load("aaa", CLibrary.class);

I want to invoke a function obj2() which I know to be at address 0x12444 from the start of the library OR the address of (obj1() + 0xff) (0x12444-0x12345=0xff)

The obj2() symbol is NOT in the text/code section, so I can only invoke it by its address (which I know.) I understand that I could use Function.getFunction(new Pointer(funcAddr), 0, "utf8"); if I had the function's address, but I do not know what address JNA will load the library.

I can easily access the obj1() function (aaa.obj1()) that's trivial, but how could I access the aaa.obj2() function which is not in the text section, and thereby only referable from its offset in the library (or offset from another function in the text/code section.)

Thank you.

Answer 1

It seems like if you get Function obj1,

Function obj1 = Function.getFunction(libraryName, functionName);

The Function Object is a pointer. Then you should be able to get the address of obj1, Accessing JNA Pointer's peer value so you would have the address and you can try to create a function based on that.

Answer 2

IIUC, you could compute the address of your second function, if you had the address of the first function. Is that right?

I've never tried it with Functions but I have a use case where I need to get the address of a Callback and what I'm doing to get that is to put it in a dummy Structure then read the structure's raw bytes.

Edit: forget that. It's only Callbacks that don't let you access their address directly. You can easily get another Pointer/Function at an offset from a given Function. No need for workarounds.