I am working on a project where I need to use LD_PRELOAD to load some libraries into the memory space.
It’s like:
LD_PRELOAD="./libapp.so" ./my_app
Due to certain reasons (I am actually working on some binary hacking), I must know the memory address (not a symbol) of certain functions (let’s say, foo) in libapp.so and instrument the binary code of my_app before execution.
However, due to ASLR (Address Space Layout Randomization), each time libapp.so would be loaded into different memory address, and I am unable to know the memory address of foo before execution.
I am thinking to somehow intercept the loading time, readout the memory address of libapp.so, perform some instrumentation on my_app with the memory address of foo, and then load my_app into the memory space.
So here is my question: how to intercept the loading process and acquire the memory address of libapp.so?
Advertisement
Answer
So here is my question: how to intercept the loading process and acquire the memory address of libapp.so?
This can’t work: my_app is loaded (mmapped into memory) by the kernel before the loader starts, and before it had a chance to look at LD_PRELOAD.
Your best bet is to either run the application with ASLR disabled (setarch $whatever -R my_app), or to arrange may_app such that libapp.so can dynamically instrument my_app once it knows its own load address.