I am working on a project where I need to use LD_PRELOAD
to load some libraries into the memory space.
It’s like:
LD_PRELOAD="./libapp.so" ./my_app
Due to certain reasons (I am actually working on some binary hacking), I must know the memory address (not a symbol) of certain functions (let’s say, foo
) in libapp.so
and instrument the binary code of my_app
before execution.
However, due to ASLR
(Address Space Layout Randomization), each time libapp.so
would be loaded into different memory address, and I am unable to know the memory address of foo
before execution.
I am thinking to somehow intercept the loading time, readout the memory address of libapp.so
, perform some instrumentation on my_app
with the memory address of foo
, and then load my_app
into the memory space.
So here is my question: how to intercept the loading process and acquire the memory address of libapp.so
?
Advertisement
Answer
So here is my question: how to intercept the loading process and acquire the memory address of libapp.so?
This can’t work: my_app
is loaded (mmap
ped into memory) by the kernel before the loader starts, and before it had a chance to look at LD_PRELOAD
.
Your best bet is to either run the application with ASLR disabled (setarch $whatever -R my_app
), or to arrange may_app
such that libapp.so
can dynamically instrument my_app
once it knows its own load address.