ld-preload

问题 Relating to a previous question of mine I've successfully interposed malloc , but calloc seems to be more problematic. That is with certain hosts, calloc gets stuck in an infinite loop with a possible internal calloc call inside dlsym . However, a basic test host does not exhibit this behaviour, but my system's "ls" command does. Here's my code: // build with: g++ -O2 -Wall -fPIC -ldl -o libnano.so -shared Main.cc #include <stdio.h> #include <dlfcn.h> bool gNanoUp = false;// global //

问题 First of all, let me tell you the context. I'm solving problems of the wargame called The lord of the BoF , which is based on RedHat Linux 6.2 , which has no address space layout randomization(ASLR) , NX bit , ASCII armor , etc.. And the gcc there does not make any dummy when it compiles code. When I was trying to solve the problem called golem , I wondered something. The solving log This is the source code of the golem . As you can see, it fills the entire stack with 0 , except for the

问题 My code works well with malloc , but not with mmap . The code is below: main.c #include <stdio.h> #include <stdlib.h> int main(){ int * p = (int*) malloc(sizeof(int)); printf("in main(): value p = %d\n", *p); free(p); } preload.c #define _GNU_SOURCE #include <time.h> #include <dlfcn.h> #include <stdio.h> #include <sys/types.h> void *(*orig_malloc)(size_t size); void *malloc(size_t size){ printf(" Hooked(preload)! malloc:size:%lu\n", size); return orig_malloc(size); } void * (*orig_mmap)(void

问题 I'm studying buffer overflow and solving some wargames. There was a problem that all of the stack memory above the buffer is set to 0 except return address of main, which will be: buffer [0000000...][RET][000000...] and I can overwrite that RET. So I found some hints for solving this problem. It was to use LD_PRELOAD. Some people said that LD_PRELOAD's value is in somewhere of stack not only in environment variable area of stack. So I set LD_PRELOAD and search it and found it using gdb. $

问题 I have next some project: main.cpp #include <iostream> #include <cstddef> #include <dlfcn.h> int main() { void* handle = dlopen("./shared_libs/libshared.so", RTLD_LAZY); if (NULL == handle) { std::cerr << "Cannot open library: " << dlerror() << '\n'; return -1; } typedef int (*foo_t)(const std::size_t); foo_t foo = reinterpret_cast<foo_t>(dlsym(handle, "foo")); const char* dlsym_error = dlerror(); if (dlsym_error) { std::cerr << "Cannot load symbol 'foo': " << dlsym_error << '\n'; dlclose

问题 I have this small testcode atfork_demo.c : #include <stdio.h> #include <pthread.h> void hello_from_fork_prepare() { printf("Hello from atfork prepare.\n"); fflush(stdout); } void register_hello_from_fork_prepare() { pthread_atfork(&hello_from_fork_prepare, 0, 0); } Now, I compile it in two different ways: gcc -shared -fPIC atfork_demo.c -o atfork_demo1.so gcc -shared -fPIC atfork_demo.c -o atfork_demo2.so -lpthread My demo main atfork_demo_main.c is this: #include <dlfcn.h> #include <stdio.h>

问题 For testing LD_PRELOAD, I wrote my own getpid , which prints something before calling the original getpid using dlsym. The code is given below. #define _GNU_SOURCE #include <unistd.h> #include <stdio.h> #include <dlfcn.h> typedef pid_t (*getpidType)(void); pid_t getpid(void) { printf("Hello, getpid!\n"); getpidType f = (getpidType)dlsym(RTLD_NEXT, "getpid"); return f(); } However when I use such getpid in my program and run it using LD_PRELOAD, by typing LD_PRELOAD=./prelib.so ./prog , I get

问题 I want to intercept application's calls to dlsym, i've tried declaring inside the .so that i'm preloading dlsym , and using dlsym itself to get it's real address, but that for quite obvious reasons didn't work. Is there a way easier than taking process' memory maps, and using libelf to find the real location of dlsym inside loaded libdl.so? 回答1: I stumbled across the same problem with hdante's answer as the commenter: calling __libc_dlsym() directly crashes with a segfault. After reading some

问题 I use the LD_PRELOAD trick to catch open64() calls and I think I know how to do it correctly: with the program foobar compiled from #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> int main() { open64("foobar.txt", 0); return 0; } I catch open64 as I expect: >LD_PRELOAD=$PWD/catch.so ./foobar open64 called However, when open64 is replaced with fopen64 : #include <stdio.h> int main() { fopen64("foobar.txt", "r"); return 0; } now open64 is not caught. Why? In case that fopen64

问题 I'm working on a cloud platform for rendering visual effects and animation. We accept various formats of scene descriptions render them, and return the image outputs to the user. The processing backend is Linux. Sometimes we receive scene descriptions generated on Windows so we get paths that look like 'C:\path\to\file.mb'. I've written a Linux shared library to intercept various filesystem calls and alter the paths to something Linux can understand '/C/path/to/file'. I use the LD_PRELOAD