GammaPi
commented
2 years ago In fact, we can remove plt instrumentation completely and only use got instrumentation.
Closed GammaPi closed 2 years ago
GammaPi
commented
2 years ago In fact, we can remove plt instrumentation completely and only use got instrumentation.
GammaPi
commented
2 years ago This is already implemented in the latest version.
Scaler dynamically compiles pseudoPlt.so and redzoneJumper.so. In fact, both of them can be avoided.
pseudoPlt.so have already been deleted in recent optimizations because Scaler can use dlsym to directly resolve library address. There is no need to use the first entry of plt table to invoke ld, so we don't need to construct pseudo plt entries.
redzoneJumper.so is implemented because: Instructions that skip the redzone will make it impossible add
push {symbol id}instruction inside plt entry because each entry only have 16 bytes. Since plt entry directly jmp to hook handler, we don't know where the program is jumped from, and thus we don't know which symbol is called. The previous solution is to jump to a dedicated address for each plt entry and push symbol id to the stack from there.Actually, real function id can be parsed from the operator of call instruction.