About hacking libc

Xinyang Ge xxg113@cse.psu.edu
Wed Apr 24 12:53:00 GMT 2013


Thanks for your detailed elaboration. Is init() called when open.so is
first loaded?

On Wed, Apr 24, 2013 at 1:20 AM, Ondřej Bílka <neleai@seznam.cz> wrote:
> On Tue, Apr 23, 2013 at 05:53:05PM -0400, Xinyang Ge wrote:
>> Thank you, Carlos.
>>
>> I think the preload way is cleaner and doesn't require recompilation
>> of glibc. However, will there be any symbol conflict between my
>> library and glibc since both have the open() function? How do dynamic
>> linked library avoid symbol conflict? I am really newbie in this
>> field, could you recommend some reading materials to me if possible?
>>
> On conflict resolution symbol that is loaded first wins. LD_PRELOAD is
> loaded first so it always wins. You use need to use dlsym to get libc
> symbol version. I use this pattern, so following mostly works.
>
> Compile following with -fPIC -shared -ldl -o open.so
> then LD_PRELOAD=./open.so bash
>
> #include <dlfcn.h>
>
> int (*libc_open)(const char *pathname, int flags, int mode);
> void __attribute((constructor)) init(){
>   void *libc_handle=dlopen("libc.so.6",RTLD_NOW);
>   libc_open=dlsym(libc_handle,"open");
> }
>
> int open(const char *pathname, int flags, int mode){
>   printf ("opened %s\n",pathname);
>   return libc_open(pathname, flags, mode);
> }
>
>
>> Thanks,
>> Xinyang
>>
>> On Tue, Apr 23, 2013 at 4:35 PM, Carlos O'Donell
>> <carlos@systemhalted.org> wrote:
>> > On Tue, Apr 23, 2013 at 2:37 PM, Xinyang Ge <xxg113@cse.psu.edu> wrote:
>> >> I am a graduate student at Penn State and currently doing some experiments
>> >> on glibc and hoping to put some hooks inside open() library call. However,
>> >> as I examined the source code, I noticed these system call wrappers are
>> >> dynamically generated at compile time from syscall-template.S. I renamed the
>> >> wrapper's name (e.g., from open() to _open()) in syscalls.list and add
>> >> another layer of wrapper to add code beyond _open().
>> >
>> > That sounds reasonable.
>> >
>> >> Does anyone know some more elegant way in doing the same thing? Thanks a
>> >> lot!
>> >
>> > Write a library, preload it, and within your open function dlopen libc
>> > and call the
>> > real open?
>> >
>> > Use systemtap to instrument the syscall on the kernel side?
>> >
>> > Cheers,
>> > Carlos.
>>
>>
>>
>> --
>> Xinyang GE
>> Department of Computer Science & Engineering
>> The Pennsylvania State University
>> Homepage: http://www.cse.psu.edu/~xxg113/
>> Twitter: @aegiryy
>



-- 
Xinyang GE
Department of Computer Science & Engineering
The Pennsylvania State University
Homepage: http://www.cse.psu.edu/~xxg113/
Twitter: @aegiryy



More information about the Libc-help mailing list