How to preload the desock.so when running arm binary with qemu?

[jackfromeast]

Hi! I not sure if preeny can work well with other architectures for example arm. What I'm trying to do is to 'desocket' an arm-based binary by preeny and to run it with qemu user mode.

And the problem occurred when I tried to preload the desock.so to the binary and using qemu-arm to run it. Auctually, I don't know how to preload the desock.so when working with qemu. Because it seems quite different from executing the binary itself.

I use the following command while making and the information of file desock.so also shown below.

make -i CC=arm-linux-gnueabi-gcc

apple@ubuntu:~/afl-qemu/preeny-master/arm-linux-gnueabi$ file desock.so
desock.so: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=d121c381bfce288e8d7c9b36eae7ca1d4bda41dd, not stripped

Normally, I use the following command to run the arm-based binary with qemu. The indispensable -L parameter shows the prefix of the dependent libs path of the target binary which was dynamically linked. When I export the LD_PRELOAD=xxx/desock.so, the -L didn't works anymore. By the way, the binary would set up an HTTP server and wait for requests from sockets.

apple@ubuntu:squashfs-root$ qemu-arm -L . ./usr/sbin/httpd
sendto() error 2
[debug]add server push uri 3 video3.mjpg
[debug]add server push uri 4 video4.mjpg
gethostbyname:: Success

Is there anybody who can help me out?

[zardus]

If your libc supports LD_PRELOAD, you should be able to use the -E flag to qemu to set it.

On Fri, Feb 19, 2021 at 3:46 AM jackfromeast notifications@github.com wrote:

Hi! I not sure if preeny can work well with other architectures for example arm. What I'm trying to do is to 'desocket' an arm-based binary by preeny and to run it with qemu user mode.

And the problem occurred when I tried to preload the desock.so to the binary and using qemu-arm to run it. Auctually, I don't know how to preload the desock.so when working with qemu. Because it seems quite different from executing the binary itself.

I use the following command while making and the information of file desock.so also shown below.

make -i CC=arm-linux-gnueabi-gcc

apple@ubuntu:~/afl-qemu/preeny-master/arm-linux-gnueabi$ file desock.so desock.so: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=d121c381bfce288e8d7c9b36eae7ca1d4bda41dd, not stripped

Normally, I use the following command to run the arm-based binary with qemu. The indispensable -L parameter shows the prefix of the dependent libs path of the target binary which was dynamically linked. When I export the LD_PRELOAD=xxx/desock.so, the -L didn't works anymore. By the way, the binary would set up an HTTP server and wait for requests from sockets.

apple@ubuntu:squashfs-root$ qemu-arm -L . ./usr/sbin/httpd sendto() error 2 [debug]add server push uri 3 video3.mjpg [debug]add server push uri 4 video4.mjpg gethostbyname:: Success

Is there anybody who can help me out?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/zardus/preeny/issues/80, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA2LHF5B5LNY6GOEHUQD2HTS7Y6RXANCNFSM4X4ESI4Q .

[jackfromeast]

Hi, I am so sorry that I had lots of other work to do. I tried your suggestion, but it seems didn't work. The output is shown below. I guess I am still missing some dependent lib that the symbol can't be resolved. But what is it?

apple@ubuntu:squashfs-root$ qemu-arm -L . -E LD_PRELOAD=/desock.so ./usr/sbin/httpd

./usr/sbin/httpd: symbol '__aeabi_unwind_cpp_pr0': can't resolve symbol

By the way, I didn't have the source code of the arm binary so I can't recompile.

[jackfromeast]

I also tried this.

apple@ubuntu:squashfs-root$ qemu-arm -L . -E LD_PRELOAD=/home/apple/afl-qemu/preeny-master/arm-linux-gnueabi/desock.so  ./usr/sbin/httpd

./usr/sbin/httpd: symbol '__aeabi_unwind_cpp_pr0': can't resolve symbol