|
From: Tom H. <to...@co...> - 2009-08-25 14:26:23
|
On 25/08/09 15:21, Julian Seward wrote: > On Tuesday 25 August 2009 04:07:54 pm Tom Hughes wrote: > >> Not exactly - an STT_IFUNC symbol for strlen will be expected to point >> at the address of a routine that returns the address of the real strlen >> routine, rather than pointing directly at the address of a strlen routine. > > So we'd have to intercept calls to the the STT_IFUNC version of strlen, and > get them to return the address of our own strlen implementation. Yes? That's > pretty sucky. I wonder if there's a cleaner way to do it. > > (thinks more ..) > > So there are N different versions of strlen selected at run time, not > just one. So why can't we simply intercept calls to all of them? We > don't care which one ld.so would actually have selected. The real ones that it selects between are likely to be static functions that aren't in the ELF symbol table and hence aren't visible to us I guess? At least without full debuginfo. Tom -- Tom Hughes (to...@co...) http://www.compton.nu/ |