发表新帖
发表新帖

Problems with LD_PRELOAD and calloc() interposition for certain executables

前端 未结
关注
4 1157
情歌与酒
情歌与酒 2021-02-09 15:49

Relating to a previous question of mine

I\'ve successfully interposed malloc, but calloc seems to be more problematic.

That is with ce

相关标签:
4条回答
  • Happy的楠姐
    2021-02-09 16:15

    I know I am a bit late (6 years). But I wanted to override calloc() today and faced a problem because dlsym() internally uses calloc(). I solved it using a simple technique and thought of sharing it here:

    static unsigned char buffer[8192];

void *calloc(size_t nmemb, size_t size)
{
    if (calloc_ptr == NULL) // obtained from dlsym
            return buffer;

    init(); // uses dlsym() to find address of the real calloc()

    return calloc_ptr(len);
}

void free(void *in)
{
    if (in == buffer)
        return;

    free_ptr(in);
}

    buffer satisfies the need of dlsym() till the real calloc() has been located and my calloc_ptr function pointer initialized.

    0 讨论(0)
  • 不要未来只要你来
    2021-02-09 16:16

    Using dlsym based hooking can result in crashes, as dlsym calls back into the memory allocator. Instead use malloc hooks, as I suggested in your prior question; these can be installed without actually invoking dlsym at all.

    0 讨论(0)
  • 醉酒成梦
    2021-02-09 16:23

    With regard to __nano_init() being called twice: You've declared the function as a constructor, so it's called when the library is loaded, and it's called a second time explicitly when your malloc() and calloc() implementations are first called. Pick one.

    With regard to the calloc() interposer crashing your application: Some of the functions you're using, including dlsym() and fprintf(), may themselves be attempting to allocate memory, calling your interposer functions. Consider the consequences, and act accordingly.

    0 讨论(0)
  • 不要未来只要你来
    2021-02-09 16:32

    You can get away with a preliminary poor calloc that simply returns NULL. This actually works on Linux, YMMV.

    static void* poor_calloc(size_t nmemb, size_t size)
{
    // So dlsym uses calloc internally, which will lead to infinite recursion, since our calloc calls dlsym.
    // Apparently dlsym can cope with slightly wrong calloc, see for further explanation:
    // http://blog.bigpixel.ro/2010/09/interposing-calloc-on-linux
    return NULL; // This is a poor implementation of calloc!
}
    0 讨论(0)
 看不清?
提交回复
热议问题