Dll opened at 0x0, symbol not invoked as dlsym() wasn't found.

[DevasiaThomas]

I compiled and ran this on CentOS 7, Ubuntu 17.10 vms I'm getting the the exact results. It does find dlsym() at multiple places. I followed all your suggestions reading the previous issues but i'm not making progress. I redirected all outputs with highest level of verbosity to the attached file. log.txt

[vikasnkumar]

Hi I don’t know if this works on CentOS 7. It was never tested beyond CentOS 6. You may want to use the project Frida for injecting code into arbitrary processes. It is more current.

-- Vikas Kumar

On Sat, Jun 9, 2018, at 3:50 AM, Devasia Thomas wrote:

I compiled and ran this on CentOS 7, Ubuntu 17.10 vms I'm getting the the exact results. It does find dlsym() at multiple places. I followed all your suggestions reading the previous issues but i'm not making progress. I redirected all outputs with highest level of verbosity to the attached file.> log.txt[1]

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub[2], or mute the thread[3].

Links:

1. https://github.com/vikasnkumar/hotpatch/files/2086741/log.txt
2. https://github.com/vikasnkumar/hotpatch/issues/15
3. https://github.com/notifications/unsubscribe-auth/AAAvWIqXAnigg2fbK4vvnt2qa_sZ_MAbks5t634tgaJpZM4UhOcX

[DevasiaThomas]

@vikasnkumar My friend compiled this on CentOS6 and his hotpatch binary can inject the so file on CentOS7 but when I compile on CentOS7 the binary cannot inject. I will look into Frida, meanwhile, could you explain this behavior, maybe there is a way for it to work?

[vikasnkumar]

The compiler is different. So the assembly code generated is different. Hotpatch uses some assembly code and that might not be working on the binary generated by CentOS7 compiler.

Vikas Kumar vikas@vikaskumar.org

On Sat, Jun 9, 2018, at 3:07 PM, Devasia Thomas wrote:

@vikasnkumar[1] My friend compiled this on CentOS6 and his hotpatch binary can inject the so file on CentOS7 but when I compile on CentOS7 the binary cannot inject. I will look into Frida, meanwhile, could you explain this behavior, maybe there is a way for it to work?> — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub[2], or mute the thread[3].

Links:

1. https://github.com/vikasnkumar
2. https://github.com/vikasnkumar/hotpatch/issues/15#issuecomment-395991662
3. https://github.com/notifications/unsubscribe-auth/AAAvWCYnB_LL5jq7NhkYEUV_b-Moo9cHks5t7BzZgaJpZM4UhOcX

[DevasiaThomas]

okay, I understand. I read the Frida project, but I couldn't find a place where they talk about injecting shared libs or a method of doing so using them. Could you point me in that way? Also, is it that the injection strategy has drastically changed and hence you don't want make hotpatch current or is it just the lack of time.

[vikasnkumar]

Have you tried using LD_PRELOAD environment variable to inject a shared object ? If you control the running process and can stattband stop it, then Hotpatch is not necessary. Hotpatch was for already running processes that you cannot start or stop.

Vikas Kumar vikas@vikaskumar.org

On Mon, Jun 11, 2018, at 1:36 AM, Devasia Thomas wrote:

okay, I understand. I read the Frida project, but I couldn't find a place where they talk about injecting shared libs or a method of doing so using them. Could you point me in that way? Also, is it that the injection strategy has drastically changed and hence you don't want make hotpatch current or is it just the lack of time.> — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub[1], or mute the thread[2].

Links:

1. https://github.com/vikasnkumar/hotpatch/issues/15#issuecomment-396127256
2. https://github.com/notifications/unsubscribe-auth/AAAvWDb3SVPC0QigQEV_rh_DRjupWUyiks5t7gHagaJpZM4UhOcX

[DevasiaThomas]

My purpose is what hotpatch was for :)

[vikasnkumar]

By the way can you attach the logs for a successful hotpatch run on CentOS 6 that you claim. I can tell from the logs how difficult or impossible the changes will be. If Gcc or Linux kernel have added stack canaries and other stack protection mechanisms then it will never work.

Vikas Kumar vikas@vikaskumar.org

On Mon, Jun 11, 2018, at 11:49 AM, Devasia Thomas wrote:

My purpose is what hotpatch was for :)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub[1], or mute the thread[2].

Links:

1. https://github.com/vikasnkumar/hotpatch/issues/15#issuecomment-396291428
2. https://github.com/notifications/unsubscribe-auth/AAAvWMHyvJlZY-I1tpf9QzptaLmIq0Vyks5t7pGOgaJpZM4UhOcX

[DevasiaThomas]

Hey Vikas, good news.. it works on Centos 7(compiled on the same). Apparently the .sofile on my CentOS 7 machine was stored in a path that had spaces in the path string. Maybe some code could be added in to "inject" to validate paths before injection. The dll opened at 0x0 was due to the sofile not being found. Also, another discovery I made along the way, if I am root and injecting into another user, the sofile needs r+x permissions and the directory containing it (maybe even its parent directories) need +x permissions. Else the same dll opened at 0x0 messages comes up. However, I don't understand why the message "dlsym wasn't found" pops up for issues associated with opening the sofile itself.

I know I have issues with Ubuntu(17.10) even after allowing ptrace scope. I need to change my dev env to 18.04 as it is. I'll run stuff there and summarize my findings and if required I'll open an issue for that separately.

Thanks for your responses though :D , was afraid I'll never get one seeing the activity on this project.