Skip to content
Advertisement

Dumpout Process Memory Layout During Loading Time

I am working on a project where I need to use LD_PRELOAD to load some libraries into the memory space.

It’s like:

 LD_PRELOAD="./libapp.so" ./my_app

Due to certain reasons (I am actually working on some binary hacking), I must know the memory address (not a symbol) of certain functions (let’s say, foo) in libapp.so and instrument the binary code of my_app before execution.

However, due to ASLR (Address Space Layout Randomization), each time libapp.so would be loaded into different memory address, and I am unable to know the memory address of foo before execution.

I am thinking to somehow intercept the loading time, readout the memory address of libapp.so, perform some instrumentation on my_app with the memory address of foo, and then load my_app into the memory space.

So here is my question: how to intercept the loading process and acquire the memory address of libapp.so?

Advertisement

Answer

So here is my question: how to intercept the loading process and acquire the memory address of libapp.so?

This can’t work: my_app is loaded (mmapped into memory) by the kernel before the loader starts, and before it had a chance to look at LD_PRELOAD.

Your best bet is to either run the application with ASLR disabled (setarch $whatever -R my_app), or to arrange may_app such that libapp.so can dynamically instrument my_app once it knows its own load address.

Advertisement