Patching code/symbols into a dynamic-linked ELF binary

前端 未结 4 2137
盖世英雄少女心
盖世英雄少女心 2021-02-15 02:12

Suppose I have an ELF binary that\'s dynamic linked, and I want to override/redirect certain library calls. I know I can do this with LD_PRELOAD, but I want a solut

4条回答
  •  离开以前
    2021-02-15 02:59

    You could handle some of the dynamic linking in your program itself. Read the man page for dlsym(3) in particular, and dlopen(3), dlerror(3), and dlclose(3) for the rest of the dynamic linking interface.

    A simple example -- say I want to override dup2(2) from libc. I could use the following code (let's call it "dltest.c"):

    #define _GNU_SOURCE
    
    #include 
    #include 
    #include 
    #include 
    
    int (*prev_dup2)(int oldfd, int newfd);
    
    int dup2(int oldfd, int newfd) {
        printf("DUP2: %d --> %d\n", oldfd, newfd);
        return prev_dup2(oldfd, newfd);
    }
    
    int main(void) {
        int i;
    
        prev_dup2 = dlsym(RTLD_NEXT, "dup2");
        if (!prev_dup2) {
            printf("dlsym failed to find 'dup2' function!\n");
            return 1;
        }
        if (prev_dup2 == dup2) {
            printf("dlsym found our own 'dup2' function!\n");
            return 1;
        }
    
        i = dup2(1,3);
        if (i == -1) {
            perror("dup2() failed");
        }
    
        return 0;
    }
    

    Compile with:

    gcc -o dltest dltest.c -ldl
    

    The statically linked dup2() function overrides the dup2() from the library. This works even if the function is in another .c file (and is compiled as a separate .o).

    If your overriding functions are themselves dynamically linked, you may want to use dlopen() rather than trusting the linker to get the libraries in the correct order.

    EDIT: I suspect that if a different function within the overridden library calls an overridden function, the original function gets called rather than the override. I don't know what will happen if one dynamic library calls another.

提交回复
热议问题