search

vikasnkumar / hotpatch

Hot patching executables on Linux using .so file injection
http://www.selectiveintellect.com/hotpatch.html
BSD 3-Clause "New" or "Revised" License
360 stars 119 forks source link

print not invoked as dlsym() wasn't found. #7

Closed zhuguoliang closed 9 years ago

zhuguoliang commented 9 years ago

I am trying to injection my .so file to the "dummy " program in your project and invoke a print function in it.

my .so look like this: // dynlib.cpp

include

include

include "dynlib.hpp"

using namespace std; extern "C" void print() { static unsigned int counter = 0; ++counter; cout << counter << ": PID " << getpid() << ": In print() " << endl; }

I compile it using the following command: g++ -ggdb -Wall dynlib.cpp -fPIC -shared -o libdynlib.so

I invoke hotpatch using following command: hotpatcher -l libdynlib.so 15167 -vvv -s print

I got the following result BTW: 15167 is the PID of dummy [root@yongle tests]# hotpatcher -l libdynlib.so 15167 -vvv -s print Options Given: Verbose Level: 2 Process PID: 15167 Symbol name: print Library name: libdynlib.so Dry run: false [exe_load_headers:490] Entry point 0x4006e0 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x400200 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_load_maps:278] Max number of mappings present: 20 [ld_load_maps:288] Allocated memory to load proc maps. [ld_find_library:440] Found entry /lib64/ld-2.12.so matching /lib64/ld-linux-x86-64.so.2 [ld_find_library:376] Doing best substring search for libc. [ld_find_library:440] Found entry /lib64/libc-2.12.so matching libc [ld_find_library:376] Doing best substring search for libdl. [ld_find_library:447] Library libdl not found in procmaps [hotpatch_gather_functions:102] libdl not mapped. [ld_find_library:376] Doing best substring search for libpthread. [ld_find_library:447] Library libpthread not found in procmaps [hotpatch_gather_functions:104] libpthread not mapped. [exe_load_headers:490] Entry point 0x364381ee30 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x364395a900 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_find_address:489] 9655 symbols found in /lib64/libc-2.12.so [hotpatch_gather_functions:106] Found malloc at 0x364387a930 in libc [exe_load_headers:490] Entry point 0x364381ee30 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x364395a900 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_find_address:489] 9655 symbols found in /lib64/libc-2.12.so [hotpatch_gather_functions:107] Found realloc at 0x364387bd00 in libc [exe_load_headers:490] Entry point 0x364381ee30 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x364395a900 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_find_address:489] 9655 symbols found in /lib64/libc-2.12.so [hotpatch_gather_functions:108] Found free at 0x364387b810 in libc [exe_load_headers:490] Entry point 0x364381ee30 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x364395a900 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_find_address:489] 9655 symbols found in /lib64/libc-2.12.so [hotpatch_gather_functions:126] Found __libc_dlopen_mode at 0x3643926f10 in libc [exe_load_headers:490] Entry point 0x364381ee30 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x364395a900 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_find_address:489] 9655 symbols found in /lib64/libc-2.12.so [hotpatch_gather_functions:127] Found libc_dlclose at 0x3643926f90 in libc [exe_load_headers:490] Entry point 0x364381ee30 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x364395a900 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_find_address:489] 9655 symbols found in /lib64/libc-2.12.so [hotpatch_gather_functions:128] Found libc_dlsym at 0x3643926e70 in libc [hotpatch_gather_functions:150] Pthread's symbol not found. Will disable pthread usage in injection. [hotpatch_inject_library:620] Allocating 1024 bytes in the target. [hotpatch_inject_library:697] Attaching to PID 15167 [hotpatch_inject_library:701] Waiting... [hotpatch_inject_library:706] Getting original registers. [hotpatch_inject_library:712] Copying stack out. [hotpatch_inject_library:721] Copying Null to stack. [hotpatch_inject_library:723] Setting registers and invoking malloc. [hotpatch_inject_library:723] Executing... [hotpatch_inject_library:723] Waiting... [hotpatch_inject_library:723] Getting registers. [hotpatch_inject_library:729] Copying 1024 bytes to 0x6050a0. [hotpatch_inject_library:735] Copying Null to stack. [hotpatch_inject_library:738] Setting registers and invoking dlopen. [hotpatch_inject_library:738] Executing... [hotpatch_inject_library:738] Waiting... [hotpatch_inject_library:738] Getting registers. [hotpatch_inject_library:741] Dll opened at 0x0 [hotpatch_inject_library:783] print not invoked as dlsym() wasn't found. [hotpatch_inject_library:793] Setting original registers. [hotpatch_inject_library:801] Copying stack back. [hotpatch_inject_library:810] Executing... Dll was injected at (nil) Invocation of print() returned (nil)

zhuguoliang commented 9 years ago

I failed the simple test too: hotpatcher -l ./libhotpatchtest.so -s mysym -vvv $$

has got result [root@yongle ~]# hotpatcher -l ./libhotpatchtest.so -s mysym -vvv $$ Options Given: Verbose Level: 2 Process PID: 15817 Symbol name: mysym Library name: ./libhotpatchtest.so Dry run: false [exe_load_headers:490] Entry point 0x41aef0 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x400238 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_load_maps:278] Max number of mappings present: 33 [ld_load_maps:288] Allocated memory to load proc maps. [ld_find_library:440] Found entry /lib64/ld-2.12.so matching /lib64/ld-linux-x86-64.so.2 [ld_find_library:376] Doing best substring search for libc. [ld_find_library:440] Found entry /lib64/libc-2.12.so matching libc [ld_find_library:376] Doing best substring search for libdl. [ld_find_library:440] Found entry /lib64/libdl-2.12.so matching libdl [ld_find_library:376] Doing best substring search for libpthread. [ld_find_library:447] Library libpthread not found in procmaps [hotpatch_gather_functions:104] libpthread not mapped. [exe_load_headers:490] Entry point 0x364381ee30 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x364395a900 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_find_address:489] 9655 symbols found in /lib64/libc-2.12.so [hotpatch_gather_functions:106] Found malloc at 0x364387a930 in libc [exe_load_headers:490] Entry point 0x364381ee30 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x364395a900 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_find_address:489] 9655 symbols found in /lib64/libc-2.12.so [hotpatch_gather_functions:107] Found realloc at 0x364387bd00 in libc [exe_load_headers:490] Entry point 0x364381ee30 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x364395a900 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_find_address:489] 9655 symbols found in /lib64/libc-2.12.so [hotpatch_gather_functions:108] Found free at 0x364387b810 in libc [exe_load_headers:490] Entry point 0x3643c00de0 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x3643c01a50 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_find_address:489] 170 symbols found in /lib64/libdl-2.12.so [hotpatch_gather_functions:122] Found dlopen at 0x3643c00eb0 in libdl [exe_load_headers:490] Entry point 0x3643c00de0 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x3643c01a50 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_find_address:489] 170 symbols found in /lib64/libdl-2.12.so [hotpatch_gather_functions:123] Found dlclose at 0x3643c00ff0 in libdl [exe_load_headers:490] Entry point 0x3643c00de0 [exe_load_program_headers:414] PT_INTERP section found [exe_load_program_headers:441] Found /lib64/ld-linux-x86-64.so.2 at V-Addr 0x3643c01a50 [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:450] PT_LOAD section found [exe_load_program_headers:446] PT_DYNAMIC section found [ld_find_address:489] 170 symbols found in /lib64/libdl-2.12.so [hotpatch_gather_functions:124] Found dlsym at 0x3643c01030 in libdl [hotpatch_gather_functions:150] Pthread's symbol not found. Will disable pthread usage in injection. [hotpatch_inject_library:620] Allocating 1024 bytes in the target. [hotpatch_inject_library:697] Attaching to PID 15817 [hotpatch_inject_library:701] Waiting... [hotpatch_inject_library:706] Getting original registers. [hotpatch_inject_library:712] Copying stack out. [hotpatch_inject_library:721] Copying Null to stack. [hotpatch_inject_library:723] Setting registers and invoking malloc. [hotpatch_inject_library:723] Executing... [hotpatch_inject_library:723] Waiting... [hotpatch_inject_library:723] Getting registers. [hotpatch_inject_library:729] Copying 1024 bytes to 0x92d940. [hotpatch_inject_library:735] Copying Null to stack. [hotpatch_inject_library:738] Setting registers and invoking dlopen. [hotpatch_inject_library:738] Executing... [hotpatch_inject_library:738] Waiting... [hotpatch_inject_library:738] Getting registers. [hotpatch_inject_library:741] Dll opened at 0x0 [hotpatch_inject_library:783] mysym not invoked as dlsym() wasn't found. [hotpatch_inject_library:793] Setting original registers. [hotpatch_inject_library:801] Copying stack back. [hotpatch_inject_library:810] Executing... Dll was injected at (nil) Invocation of mysym() returned (nil)

vikasnkumar commented 9 years ago

What operating system are you using here ? Which version of Linux I mean ? Some Linuxes prevent hotpatch from running. They have updated their systems to not allow it easily. i have to reproduce your problem first.

vikasnkumar commented 9 years ago

You need to read the README and search for the term nostartfiles. The linker command for the .so file should be -fPIC -nostartfiles.