Overload symbols of running process (LD_PRELOAD attachment)

前端未结

关注

 2  1241

粉色の甜心 2021-02-02 00:47

I\'m working on a heap profiler for Linux, called heaptrack. Currently, I rely on LD_PRELOAD to overload various (de-)allocation functions, and that works extremely

2条回答

再見小時候 (楼主)

2021-02-02 01:33
This can not be done without tweaking with assembler a bit. Basically, you will have to do what gdb and ltrace do: find malloc and friends virtual addresses in the process image and put breakpoints at their entry. This process usually involves temporary rewriting the executable code, as you need to replace normal instructions with "trap" ones (such as int 3 on x86).

If you want to avoid doing this yourself, there exists linkable wrapper around gdb (libgdb) or you can build ltrace as a library (libltrace). As ltrace is much smaller, and the library variety of it is available out of the box, it will probably allow you to do what you want at lower effort.

For example, here's the best part of the "main.c" file from the ltrace package:
```
int
main(int argc, char *argv[]) {
    ltrace_init(argc, argv);

 /*
    ltrace_add_callback(callback_call, EVENT_SYSCALL);
    ltrace_add_callback(callback_ret, EVENT_SYSRET);
    ltrace_add_callback(endcallback, EVENT_EXIT);

    But you would probably need EVENT_LIBCALL and EVENT_LIBRET
 */

    ltrace_main();
    return 0;
}
```
http://anonscm.debian.org/cgit/collab-maint/ltrace.git/tree/?id=0.7.3
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...