Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Function interposition in Linux without dlsym

Tags:

c

linux

dlsym

function-interposition

I'm currently working on a project where I need to track the usage of several system calls and low-level functions like mmap, brk, sbrk. So far, I've been doing this using function interposition: I write a wrapper function with the same name as the function I'm replacing (mmap for example), and I load it in a program by setting the LD_PRELOAD environment variable. I call the real function through a pointer that I load with dlsym.

Unfortunately, one of the functions I want to wrap, sbrk, is used internally by dlsym, so the program crashes when I try to load the symbol. sbrk is not a system call in Linux, so I can't simply use syscall to call it indirectly.

So my question is, how can I call a library function from a wrapper function of the same name without using dlsym? Is there any compiler trick (using gcc) that lets me refer to the original function?

like image 812
Jay Conrod Avatar asked Jun 15 '09 21:06

Jay Conrod

1 Answers

see ld's option --wrap symbol. From the man page:

--wrap symbol Use a wrapper function for symbol. Any undefined reference to symbol will be resolved to "__wrap_symbol". Any undefined reference to "__real_symbol" will be resolved to symbol.

This can be used to provide a wrapper for a system function. The wrapper function should be called "__wrap_symbol". If it wishes to call the system function, it should call "__real_symbol".

Here is a trivial example:

void *
__wrap_malloc (size_t c)
{
    printf ("malloc called with %zu\n", c);
    return __real_malloc (c);
}

If you link other code with this file using --wrap malloc, then all calls to "malloc" will call the function "__wrap_malloc" instead. The call to "__real_malloc" in
"__wrap_malloc" will call the real "malloc" function.

You may wish to provide a "__real_malloc" function as well, so that links without the --wrap option will succeed. If you do this, you should not put the definition of "__real_malloc" in the same file as "__wrap_malloc"; if you do, the assembler may resolve the call before the linker has a chance to wrap it to "malloc".

The other option is to possibly look at the source for ltrace, it is more or less does the same thing :-P.

Here's an idea though. You could have your LD_PRELOAD'ed library change the PLT entries to point to your code. This you technically the sbrk() function is still callable from your code nativly.

like image 166
Evan Teran Avatar answered Oct 07 '22 01:10

Evan Teran
Sign in to Comment

Related questions

How to convert int to string with Pebble SDK in C
gcc shared library failed linking to glibc
How do pointers work "under the hood" in C?
scanf field width string overflow
Wrong gcc generated assembly ordering, results in performance hit
How to efficiently store a triangular matrix in memory?
temporary file location when using tmpfile() in C
Does '\0' appear naturally in text files?
How read ELF header in C?
Weird situation in prime number checking code
What is the difference between scalar types and aggregate types in C?
What is the difference between += and =+ C assignment operators [duplicate]
Wrapping C create and destroy functions using a smart pointer
When will stack memory be reallocated?
Does the C11 keyword '_Atomic' count as type qualifier or specifier if followed by a whitespace and a left parenthesis?
Is there a way to make this function faster? (C)
Why does my empty loop run twice as fast if called as a function, on Intel Skylake CPUs?
Constant value in conditional expression
LINUX: Is it possible to write a working program that does not rely on the libc library?
Does Duff's Device work in other languages?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!