ronaldtse
commented
7 years ago @catap we're all eager to see magic 👍
Open catap opened 7 years ago
ronaldtse
commented
7 years ago @catap we're all eager to see magic 👍
erikbor
commented
7 years ago @catap, please take into account multi platform support for this (e.g.: *BSD's and macOS). Cheers.
pablo-mendoza
commented
7 years ago This would be pretty hard to do with our current approach (shared library). We would need to basically force the dynamic linker to re link everything. I'm thinking it could somehow be done in Linux, not sure about about the other platforms and it we can it would be pretty platform specific code.
pablo-mendoza
commented
7 years ago For linux see man dl_iterate_phdr
catap
commented
7 years ago @riataman or we can do it over ptrace. I did a littel googling and found this: https://stackoverflow.com/questions/24355344/inject-shared-library-into-a-process
Anyway, I have no idea how it's possible on *BSD. For macOS I have idea try to use dtrace, but I'm not sure.
drystone
commented
7 years ago @catap, @riataman I think there is more to it than loading the shared library beacause the function pointers in the ELFs GOT will already have been fixed up to the functions in the shared libraries at load time.
I guess it would be possible to locate the GOT and reset the pointers to the fixup routines and you'd need to do that for all the shared libraries too. Not impossible but not straigtforward either.
On Wed, Jul 12, 2017 at 02:55:28AM -0700, Kirill A. Korinsky wrote:
@riataman or we can do it over ptrace. I did a littel googling and found this: https://stackoverflow.com/questions/24355344/ inject-shared-library-into-a-process
Anyway, I have no idea how it's possible on *BSD. For macOS I have idea try to use dtrace, but I'm not sure.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.*
pablo-mendoza
commented
7 years ago @catap are you taking a crack at this? Otherwise I'd like to give this a go.
catap
commented
7 years ago @riataman it's yours :)
erikbor
commented
7 years ago @riataman is this still something you want to work on?
pablo-mendoza
commented
7 years ago Well, I looked at this for a while but never found a solution I was happy with. I made some tests works but those required to use gdb to inject into the running process.
There was another option of manually injecting the so, but that required very platform dependant asm code for each OS/architecture.
I would have been happy if there was a libgdb that I could use, but something like that was abandoned by the gdb developers many moons ago.
Long story short, if someone wants to give this a shoot feel free to do so.
erikbor
commented
7 years ago @riataman Thanks for the update
ronaldtse
commented
7 years ago @catap would you be able to work your magic on this? 😉
Hey,
strace for example can dynamic attach to process and trace it. I think we can do same over
ptraceand some magic :)