search

yasukata / zpoline

system call hook for Linux
Apache License 2.0
408 stars 32 forks source link

How are you hooking statically linked binaries? #14

Closed agnosticlines closed 5 months ago

agnosticlines commented 5 months ago

Hey there, I've read the paper and see mentions to a zpoline_loader but can't find any code with that name, how does the loader work for statically linked binaries? Are you patching the ld.so loader itself to have this functionality?

2.3 Implementation Our current prototype focuses on Linux. ... We implement these in a shared library called libzpoline.so and a special loader named zpoline_loader; we assume a user uses either. They perform the setup procedure of zpoline (§ 2.3.1) before the main function of a user-space program starts.

yasukata commented 5 months ago

Thank you for your message.

To confirm the feasibility, we made a small loader, and we called it zpoline_loader in the paper.

We have not made its implementation public because it has only limited functionalities and is unhandy.

Are you patching the ld.so loader itself to have this functionality?

I believe this approach, applying patches to ld.so, is one of the best development options; while I have not done this yet, I will keep this in my future work list.

Thank you very much for reading our paper.

agnosticlines commented 5 months ago

Thank you for your message.

To confirm the feasibility, we made a small loader, and we called it zpoline_loader in the paper.

We have not made its implementation public because it has only limited functionalities and is unhandy.

Are you patching the ld.so loader itself to have this functionality?

I believe this approach, applying patches to ld.so, is one of the best development options; while I have not done this yet, I will keep this in my future work list.

Thank you very much for reading our paper.

Ah interesting, friend of mine is looking into doing whole system hooking which is why I ask about the loader, really enjoyed the paper, super novel concept and really liked the execution :)

yasukata commented 5 months ago

Thank you for your kind words; we are so happy to hear that.

Please let me close this issue, and please feel free to reopen this or newly open another issue if you have further comments or questions.