There is an executable ELF file "glinkd". I need to supplement the implementation of certain functions by intercepting them. I came across a handy tool LD_PRELOAD . It works fine on any elf files, but unfortunately the patch file needed for me, he refused. This is expressed in the fact that when my library is loaded into “glinkd”, nothing simply happens, as if this file has some kind of protection.

I didn’t find anything in Google about protection from LD_PRELOAD .

How do I patch elf files:

  1. testso.cpp :

     #include <cstdio> void __attribute__ ((constructor)) module_load(void); void __attribute__ ((destructor)) module_unload(void); void module_load(void) { printf("hello from .so!\n"); } void module_unload(void) { }

    I compile:

    g ++ -fPIC -c testso.cpp -o testso.o -m32 -std = c ++ 0x g ++ -shared -Wl, -soname, libtestso.so -o libtestso.so testso.o -m32 -std = c ++ 0x

  2. test_prog.cpp:

     #include <cstdio> int main() { printf("Hello from executable!\n"); }

    I compile:

    g ++ -o test_prog test_prog.cpp -m32

  3. Patches test_prog :

     root@ubuntu:/home/glinkd# LD_PRELOAD=/home/glinkd/libtestso.so ./test_prog hello from .so! Hello from executable! root@ubuntu:/home/glinkd#

  4. Patch glinkd :

     root@ubuntu:/home/glinkd# LD_PRELOAD=/home/glinkd/libtestso.so ./glinkd Usage: ./glinkd configurefile section_num root@ubuntu:/home/glinkd#

As you can see, our .so simply ignored. Any idea what this protection is, and how can it be removed?

  • 2
    And this is not a defense. It's just that it is statically linked and does not use dynamic library loading - Mike
  • Is there any way to get glinkd to patch through LD_PRELOAD? - TheCooler
  • even if it is possible to load them somehow together, the standard mechanism of substitution of functions will not work. because in such a file all the required functions are already included in it and it will not cling to anything from the outside. - Mike
  • I just need to intercept the included functions that are contained in the .text section. - TheCooler
  • How do you like to do this with LD_PRELOAD. it will replace only downloadable ones from the outside in a standard way. not much i can understand. And if you want to correct the calls in RAM yourself, then let your process load this with clone into shared memory and rule how much it wants (most likely you will have to unlock the code segment protection from writing) - Mike

1 answer 1

From @Mike's comment :

It's impossible. In order for LD_PRELOAD work, it is necessary that someone uses it, and a dynamic loader uses it. But it works only with dynamically collected executables. Work with a static layout is possible only by self-loading the required ELF into its address space.