From owner-freebsd-current@FreeBSD.ORG Fri Jul 4 14:43:23 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D27112DD for ; Fri, 4 Jul 2014 14:43:23 +0000 (UTC) Received: from mail-qa0-x231.google.com (mail-qa0-x231.google.com [IPv6:2607:f8b0:400d:c00::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8D8C42136 for ; Fri, 4 Jul 2014 14:43:23 +0000 (UTC) Received: by mail-qa0-f49.google.com with SMTP id w8so1378188qac.22 for ; Fri, 04 Jul 2014 07:43:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=gq8p9yl5l1QbQFDouWe1AhTZCUWzsXMJDy6Yzdci6oE=; b=I6Ee/avHzsa1478vL+I2BZD2CPFwe/1yDVQ40BgeR/qOpFd32emmzufSCyr1b6RLl9 Kqem5LaLuKaHBlC1kcdlc4VPKiCDfpHXVPoKpjbykHFncH/EGB3FRWyJEwZqYT8CiNZb +VW9CtkLotY5ltqdk1mCpQXYenpLJC7T0yzsqzc7AMhJFEoBjAGm59hA3W0uZNBAyPI5 d8DXpW8QRuCtNaeG9fFwgQ5ZS3j4pzPkIvH+74QDCqGiENc/kfVimHt9v0IRLHXm4tIt aH0RxEvC/LviPccEnfCjrAHI+k0fQrKJhrYQx5vm9q1z4Utn5tXEwtod+MbDe5yHoJhO 9fsQ== X-Received: by 10.140.101.115 with SMTP id t106mr17991098qge.91.1404485002597; Fri, 04 Jul 2014 07:43:22 -0700 (PDT) Received: from pwnie.vrt.sourcefire.com (moist.vrt.sourcefire.com. [198.148.79.134]) by mx.google.com with ESMTPSA id p15sm56001373qar.34.2014.07.04.07.43.21 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Jul 2014 07:43:22 -0700 (PDT) Date: Fri, 4 Jul 2014 10:43:20 -0400 From: Shawn Webb To: "Ivan A. Kosarev" Subject: Re: Intercepting calls in PIC mode Message-ID: <20140704144320.GT4365@pwnie.vrt.sourcefire.com> References: <53B69A43.3000100@ivan-labs.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KqBSqvdnnccM6+Kg" Content-Disposition: inline In-Reply-To: <53B69A43.3000100@ivan-labs.com> X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jul 2014 14:43:24 -0000 --KqBSqvdnnccM6+Kg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable You could hijack the GOT entry, but that assumes the symbol has been resolved first (either LD_BIND_NOW or the function has been called at least once). You could also use LD_PRELOAD. On Jul 04, 2014 04:12 PM +0400, Ivan A. Kosarev wrote: > Hello, >=20 > Consider the following: >=20 > --- > #include > #include >=20 > extern "C" void* memset(void *block, int c, size_t size) > __attribute__((weak, alias("__int_memset"), visibility("default"))); >=20 > extern "C" __attribute__((visibility("default"))) > void* __int_memset(void *block, int c, size_t size) { > puts("Hello"); > return NULL; > } >=20 > int main() > { > void *(*F)(void *b, int c, size_t len) =3D memset; > char a[5]; > memset(a, 0, sizeof(a)); > F(a, 0, sizeof(a)); > return 0; > } > --- >=20 > It intercepts the memset() calls without issue on both x86-64 FreeBSD=20 > 9.2 and Linux. However, with the -fPIC option specified in the cc's=20 > command line, only the first (direct) call work on FreeBSD, but not the= =20 > second (indirect) one. Note is that on Linux both the calls are=20 > intercepted--no matter whether the -fPIC option is specified or not. >=20 > The question is: is there a way to intercept indirect calls on FreeBSD? >=20 > Thanks, >=20 > --=20 >=20 > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" --KqBSqvdnnccM6+Kg Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJTtr2HAAoJEGqEZY9SRW7upvkQAMlyShpF+HIPvP3eC7sNRlj7 T+P41Lzq57mT8v7xv0UzXEAmzrOSOd+FkgJOQurA8u3G3EBjNJenItH/uRsVNm4e //AEKODvEKXr83URTvt3nwU7Lnka1xOXEn//S0chJvRsrp0u3AXtgTCEgwpvH3nf FdU4lydpoJctrkhPVqomct8L33a4tu4bQ0rllWQrf9I4mP2R/WKBflWK5xaNRurU G6f9QTea25A4IYugQwB+LrNGCZU3ei5PwC8BffTJvgYdYa24Smbq69aCO1ux3brV n0lLMYYKpusDSH3Fw9ZnKYQ4h1017Tmgxxn0Mi5ooi9SGpgrTOVuAIPgx1D7rAlH Z4enb5rU9lzrCBmk+Tuwdou4TpGnnBx5weUDOozWqXQuR7SnL2p7YoPxMW66Bcc2 Xs2UaTAIbAcIYb733Xfwfwfpkipx0jOj6CO99/zlaR8qPJHM6F0nCGgY8kou2m9v cXQhYIjbM2YmF6GQ1Vewi/9MZkC2pG4B08TjhITqHUwKsBEw6s1OTcuPjmPix2fw rNPQVpbEElH2JE/FTm6uNkicmL2VT0zQ5oaYfcBxy6G3gvqnPNuwaRrOgJYZK8aM BADP3+3Sa06Wnl5cYgb5gADs0NNnI51MZlKTKEQoOWpRvwT90KCS1SiLwc5Wle1V XEOG4W0Z4oC7Hqrlclqt =Ju6q -----END PGP SIGNATURE----- --KqBSqvdnnccM6+Kg--