thesis: Add second subsection
This commit is contained in:
@@ -70,7 +70,7 @@ From the [OPTIONS section in the Linux manual page gcc(1)](https://www.man7.org/
|
||||
> For example, `-Wl,-Map,output.map` passes `-Map output.map` to the linker.
|
||||
> When using the GNU linker, you can also get the same effect with `-Wl,-Map=output.map`.
|
||||
|
||||
* Need to re-link(/-comiple)
|
||||
* Need to re-link(/-compile)
|
||||
* Relatively simple code:
|
||||
* Function name: `__wrap_<symbol>`
|
||||
* Call to real function inside wrapper: `__real_<symbol>`
|
||||
|
||||
@@ -7,6 +7,84 @@ Lorem Ipsum.
|
||||
|
||||
Lorem Ipsum.
|
||||
|
||||
\subsection{Wrapper Functions in gcc}\label{subsec:wrapper-functions}
|
||||
|
||||
Another method for overriding functions is to tell the compiler directly, which functions should be overridden.
|
||||
The compiler, and the linker respectively, then directly link calls to the specified functions to wrapper functions.
|
||||
|
||||
The default linker \texttt{ld} includes such a feature.
|
||||
See the OPTIONS section in the ld(1) Linux manual page~\cite{ld.1}:
|
||||
|
||||
\begin{quote}
|
||||
\begin{description}
|
||||
\item[\texttt{-{}-wrap=\textit{symbol}}]
|
||||
Use a wrapper function for \texttt{\textit{symbol}}.
|
||||
Any undefined reference to \texttt{\textit{symbol}} will be resolved to \texttt{\_\_wrap\_\textit{symbol}}.
|
||||
Any undefined reference to \texttt{\_\_real\_\textit{symbol}} will be resolved to \texttt{\textit{symbol}}.
|
||||
|
||||
This can be used to provide a wrapper for a system function.
|
||||
The wrapper function should be called \texttt{\_\_wrap\_\textit{symbol}}.
|
||||
If it wishes to call the system function, it should call \texttt{\_\_real\_\textit{symbol}}.
|
||||
\lbrack\dots\rbrack
|
||||
\end{description}
|
||||
\end{quote}
|
||||
|
||||
The gcc compiler also supports this, by allowing to pass options to the linker.
|
||||
See the OPTIONS section in the gcc(1) Linux manual page~\cite{gcc.1}:
|
||||
|
||||
\begin{quote}
|
||||
\begin{description}
|
||||
\item[\texttt{-Wl,\textit{option}}]
|
||||
Pass \texttt{\textit{option}} as an option to the linker.
|
||||
If \texttt{\textit{option}} contains commas, it is split into multiple options at the commas.
|
||||
You can use this syntax to pass an argument to the option.
|
||||
For example, \texttt{-Wl,-Map,output.map} passes \texttt{-Map output.map} to the linker.
|
||||
When using the GNU linker, you can also get the same effect with \texttt{-Wl,-Map=output.map}.
|
||||
\lbrack\dots\rbrack
|
||||
\end{description}
|
||||
\end{quote}
|
||||
|
||||
This means, by specifying \texttt{-Wl,-{}-wrap=\textit{symbol}} when compiling using gcc,
|
||||
all calls from the currently compiled program to \texttt{\textit{symbol}} are redirected to \texttt{\_\_wrap\_\textit{symbol}}.
|
||||
To call the real function inside the wrapper, \texttt{\_\_real\_\textit{symbol}} may be used.
|
||||
The listings \ref{lst:wrap.c} and \ref{lst:wrap} try to illustrate this by overriding the \texttt{malloc} function of the C standard library.
|
||||
|
||||
\begin{listing}[htbp]
|
||||
\begin{minted}[linenos]{c}
|
||||
#include <stddef.h>
|
||||
|
||||
extern void *__real_malloc(size_t size);
|
||||
|
||||
void *__wrap_malloc(size_t size) {
|
||||
// before call to malloc
|
||||
void *ret = __real_malloc(size);
|
||||
// after call to malloc
|
||||
return ret;
|
||||
}
|
||||
\end{minted}
|
||||
\caption{Contents of \texttt{wrap.c}.}
|
||||
\label{lst:wrap.c}
|
||||
\end{listing}
|
||||
|
||||
\begin{listing}[htbp]
|
||||
\begin{minted}{shell}
|
||||
gcc -o main_wrapped main.c wrap.c -Wl,--wrap=malloc
|
||||
./main_wrapped
|
||||
\end{minted}
|
||||
\caption{Compile \texttt{main.c} and \texttt{wrap.c} and run the resulting program.}
|
||||
\label{lst:wrap}
|
||||
\end{listing}
|
||||
|
||||
This approach allows wrapping any function in a relatively clean way.
|
||||
But it is not possible to override functions in any given binary program.
|
||||
It is required to re-compile (or to re-link) a given program to use this feature of ld.
|
||||
Therefore, the source code (or the corresponding \texttt{*.out} files) needs to be available.
|
||||
Note, only calls from the targeted source code will be redirected, calls from other libraries won't.
|
||||
|
||||
Theoretically, it should be possible to re-link a given binary without having access to its source code.
|
||||
But due to other more straight-forward methods (see \ref{subsec:preloading}), this has not been further investigated.
|
||||
|
||||
|
||||
\subsection{Preloading using \texttt{LD\_PRELOAD}}\label{subsec:preloading}
|
||||
|
||||
To execute binary files on Linux systems, a dynamic linker is needed at runtime.
|
||||
@@ -33,7 +111,7 @@ See the ENVIRONMENT section in the ld.so(8) Linux manual page~\cite{ld.so.8}:
|
||||
\end{quote}
|
||||
|
||||
This means, by setting the environment variable \texttt{LD\_PRELOAD}, it is possible to override specific functions.
|
||||
The listings \ref{lst:preload.c} and \ref{lst:preload} try to illustrate this.
|
||||
The listings \ref{lst:preload.c} and \ref{lst:preload} try to illustrate this by overriding the \texttt{malloc} function of the C standard library.
|
||||
|
||||
\begin{listing}[htbp]
|
||||
\begin{minted}[linenos]{c}
|
||||
@@ -63,7 +141,7 @@ void *malloc(size_t size) {
|
||||
gcc -shared -fPIC -o preload.so preload.c
|
||||
LD_PRELOAD="$(pwd)/preload.so" ./main
|
||||
\end{minted}
|
||||
\caption{Compile \texttt{preload.so} and run a program with \texttt{LD\_PRELOAD}.}
|
||||
\caption{Compile \texttt{preload.c} and run a program with \texttt{LD\_PRELOAD}.}
|
||||
\label{lst:preload}
|
||||
\end{listing}
|
||||
|
||||
@@ -71,40 +149,9 @@ The function \texttt{dlsym} is used to retrieve the original address of the \tex
|
||||
\texttt{RTLD\_NEXT} indicates to find the next occurrence of \texttt{malloc} in the search order after the current object.
|
||||
\cite{dlsym.3}
|
||||
|
||||
Using this method, it is possible to override, and therefore wrap, any function as long as the targeted binary was not statically linked.
|
||||
By using this method, it is possible to override, and therefore wrap, any function as long as the targeted binary was not statically linked.
|
||||
Although, one has to be aware that not only function calls inside the targeted binary, but also calls inside other libraries (e.g., to \texttt{malloc}) are redirected to the overriding function.
|
||||
|
||||
\subsection{Wrapper Functions in \texttt{gcc}}\label{subsec:wrapper-functions}
|
||||
|
||||
From the OPTIONS section in the ld(1) Linux manual page~\cite{ld.1}:
|
||||
|
||||
\begin{quote}
|
||||
\begin{description}
|
||||
\item[\texttt{--wrap=\textit{symbol}}]
|
||||
Use a wrapper function for \texttt{\textit{symbol}}.
|
||||
Any undefined reference to \texttt{\textit{symbol}} will be resolved to \texttt{\_\_wrap\_\textit{symbol}}.
|
||||
Any undefined reference to \texttt{\_\_real\_\textit{symbol}} will be resolved to \texttt{\textit{symbol}}.
|
||||
|
||||
This can be used to provide a wrapper for a system function.
|
||||
The wrapper function should be called \texttt{\_\_wrap\_\textit{symbol}}.
|
||||
If it wishes to call the system function, it should call \texttt{\_\_real\_\textit{symbol}}.
|
||||
\lbrack\dots\rbrack
|
||||
\end{description}
|
||||
\end{quote}
|
||||
|
||||
From the OPTIONS section in the gcc(1) Linux manual page~\cite{gcc.1}:
|
||||
|
||||
\begin{quote}
|
||||
\begin{description}
|
||||
\item[\texttt{-Wl,\textit{option}}]
|
||||
Pass \texttt{\textit{option}} as an option to the linker.
|
||||
If \texttt{\textit{option}} contains commas, it is split into multiple options at the commas.
|
||||
You can use this syntax to pass an argument to the option.
|
||||
For example, \texttt{-Wl,-Map,output.map} passes \texttt{-Map output.map} to the linker.
|
||||
When using the GNU linker, you can also get the same effect with \texttt{-Wl,-Map=output.map}.
|
||||
\lbrack\dots\rbrack
|
||||
\end{description}
|
||||
\end{quote}
|
||||
|
||||
\subsection{Kernel Module}\label{subsec:kernel-module}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user