Do we need the parallel libc?

[joshop]

The docs claim that libc can't be used in call instrumentation, and that you need to use the parallel libc for e.g. malloc. If you need to manipulate some memory that the main program needs to be able to deallocate or whatever, that probably wouldn't work. That being said, you could:

• Pass the address of malloc as an argument to your function, or
• Hardcode the address of malloc and declare a trampoline that jumps there. and just use the copy of malloc that's in the main program (or at least the PLT entry that then calls the actual malloc). Would this work (even if you had to manually work around ABI differences or align the stack or whatever)? Should this be documented somewhere?

[GJDuck]

You can call glibc functions if you want to, but it takes some extra steps:

1. Include stdlib.c with LIBDL defined:

   #define LIBDL
   #include "stdlib.c"

2. In the init() function, use dlinit()/dlopen()/dlsym() get the pointer to desired libc function(s), e.g.:

   static void *free_ptr;    // global
   void init(int argc, char **argv, char **envp, void *dynamic)
   {
       dlinit(dynamic);
       void *handle = dlopen("libc.so.6", RTLD_LAZY);
       free_ptr = dlsym(handle, "free");    // free() function
       ...
   }

3. Call the function pointer(s) in your instrumentation using dlcall():

   dlcall(free_ptr, arg);

Please see the Call Trampoline Dynamic Loading section in the E9Tool User's Guide for more information.