Date: Fri, 4 Jul 2014 10:43:20 -0400 From: Shawn Webb <lattera@gmail.com> To: "Ivan A. Kosarev" <ivan@ivan-labs.com> Cc: freebsd-current@freebsd.org Subject: Re: Intercepting calls in PIC mode Message-ID: <20140704144320.GT4365@pwnie.vrt.sourcefire.com> In-Reply-To: <53B69A43.3000100@ivan-labs.com> References: <53B69A43.3000100@ivan-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--KqBSqvdnnccM6+Kg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
You could hijack the GOT entry, but that assumes the symbol has been
resolved first (either LD_BIND_NOW or the function has been called at
least once). You could also use LD_PRELOAD.
On Jul 04, 2014 04:12 PM +0400, Ivan A. Kosarev wrote:
> Hello,
>=20
> Consider the following:
>=20
> ---
> #include <stdio.h>
> #include <string.h>
>=20
> extern "C" void* memset(void *block, int c, size_t size)
> __attribute__((weak, alias("__int_memset"), visibility("default")));
>=20
> extern "C" __attribute__((visibility("default")))
> void* __int_memset(void *block, int c, size_t size) {
> puts("Hello");
> return NULL;
> }
>=20
> int main()
> {
> void *(*F)(void *b, int c, size_t len) =3D memset;
> char a[5];
> memset(a, 0, sizeof(a));
> F(a, 0, sizeof(a));
> return 0;
> }
> ---
>=20
> It intercepts the memset() calls without issue on both x86-64 FreeBSD=20
> 9.2 and Linux. However, with the -fPIC option specified in the cc's=20
> command line, only the first (direct) call work on FreeBSD, but not the=
=20
> second (indirect) one. Note is that on Linux both the calls are=20
> intercepted--no matter whether the -fPIC option is specified or not.
>=20
> The question is: is there a way to intercept indirect calls on FreeBSD?
>=20
> Thanks,
>=20
> --=20
>=20
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
--KqBSqvdnnccM6+Kg
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBAgAGBQJTtr2HAAoJEGqEZY9SRW7upvkQAMlyShpF+HIPvP3eC7sNRlj7
T+P41Lzq57mT8v7xv0UzXEAmzrOSOd+FkgJOQurA8u3G3EBjNJenItH/uRsVNm4e
//AEKODvEKXr83URTvt3nwU7Lnka1xOXEn//S0chJvRsrp0u3AXtgTCEgwpvH3nf
FdU4lydpoJctrkhPVqomct8L33a4tu4bQ0rllWQrf9I4mP2R/WKBflWK5xaNRurU
G6f9QTea25A4IYugQwB+LrNGCZU3ei5PwC8BffTJvgYdYa24Smbq69aCO1ux3brV
n0lLMYYKpusDSH3Fw9ZnKYQ4h1017Tmgxxn0Mi5ooi9SGpgrTOVuAIPgx1D7rAlH
Z4enb5rU9lzrCBmk+Tuwdou4TpGnnBx5weUDOozWqXQuR7SnL2p7YoPxMW66Bcc2
Xs2UaTAIbAcIYb733Xfwfwfpkipx0jOj6CO99/zlaR8qPJHM6F0nCGgY8kou2m9v
cXQhYIjbM2YmF6GQ1Vewi/9MZkC2pG4B08TjhITqHUwKsBEw6s1OTcuPjmPix2fw
rNPQVpbEElH2JE/FTm6uNkicmL2VT0zQ5oaYfcBxy6G3gvqnPNuwaRrOgJYZK8aM
BADP3+3Sa06Wnl5cYgb5gADs0NNnI51MZlKTKEQoOWpRvwT90KCS1SiLwc5Wle1V
XEOG4W0Z4oC7Hqrlclqt
=Ju6q
-----END PGP SIGNATURE-----
--KqBSqvdnnccM6+Kg--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140704144320.GT4365>