This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: change .got.plt in user application


Mailing binutils@ to see whether someone can provides some suggestions ;-)

Yubin

2017-09-11 21:43 GMT+08:00 Yubin Ruan <ablacktshirt@gmail.com>:
> Hi,
> I am doing some experiment with code injection (at run time) and I
> want to change the way some specific functions behave, that is, I want
> to replace all calls to "real_func" with calls to "test_func".
>
> I have finished most of the code injection work and I know that I can
> find where the "real_func" locates and then place a "jmp" instruction
> there to make it jump to the "test_func", i.e., function trampolines,
> as others would call it.
>
> But, instead of doing function trampolines, I prefer to change the
> ".got" and ".got.plt" segments to make it resolve "naturally" to
> "test_func" rather than "real_func". As you know, the dynamic linker
> fills in those entry the first time a "real_func" is called (lazy
> binding), and then it is fixed. So, I think there might be some ways
> to do what the dynamic linker does, only if we can find the ".got" and
> ".got.plt".
>
> I am currently not so clear about the right way to do that. Please
> provide some helps (references, or, warn me ;-).
>
> P.S., the reason why I prefer changing ".got" and ".plt" to function
> trampoline is that:
>
>     1) function trampoline is tricky to implement ...
>     2) function trampoline requires us to change other people's DSO,
> which may be shared by many applications (think libc.so), thus ruining
> the Copy-on-Write mechanism provided by the operating system.
>
> Yubin


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]