论坛徽章:: 1

电梯直达

1楼 [收藏(0)] [报告]

发表于 2017-07-11 21:19 |只看该作者 |倒序浏览

本帖最后由 shihyu 于 2017-07-12 00:29 编辑

#include <stdio.h>
#include <string.h>
#include <stddef.h>
#include <unistd.h>
#include <dlfcn.h>
void* malloc(size_t size)
{
char buf[32];
static void* (*real_malloc)(size_t) = NULL;
printf("ggggggggggg");
if (real_malloc == NULL) {
*(void**)(&real_malloc) = dlsym(RTLD_NEXT, "malloc");
}
sprintf(buf, "malloc called, size = %zu\n", size);
write(2, buf, strlen(buf));
return real_malloc(size);
}
void free(void* ptr)
{
char buf[32];
static void* (*real_free)(void* ptr) = NULL;
if (real_free == NULL) {
*(void**)(&real_free) = dlsym(RTLD_NEXT, "free");
}
sprintf(buf, "free called, ptr address = %p\n", ptr);
write(2, buf, strlen(buf));
real_free(ptr);
}

复制代码

gcc -D_GNU_SOURCE -shared -fPIC -o libmcount.so malloc_count.c -ldl
LD_PRELOAD=./libmcount.so ls

不明白在malloc函数里面 printf 函数会造成 crash ? 看網上dlsym hook一些例子只用 write or fprintf 而不用 printf

文库|博客

shihyu

家境小康

论坛徽章:: 1

2楼 [报告]

发表于 2017-07-12 00:27 |只看该作者

#define _GNU_SOURCE
#include <stdio.h>
#include <string.h>
#include <dlfcn.h>
typedef size_t (*strlen_t)(const char *str);
size_t strlen(const char *str) {
strlen_t real_strlen = (strlen_t) dlsym(RTLD_NEXT, "strlen");
printf("calling strlen.\n");
return real_strlen(str);
}

复制代码

#include <stdio.h>
#include <string.h>
int main(int argc, char* argv[])
{
char s[] = "hello, world!";
printf("length is %d\n", strlen(s));
return 0;
}

复制代码

我又测试一版本是 hook strlen 在里面用 printf 没问题
编译指令:
gcc -shared -fPIC hook.c -o hook.so -ldl
LD_PRELOAD=$PWD/hook.so ./test

这样是 printf 跟 malloc 之间有什么关系嘛？
printf 底层是会call到 malloc 所以造成 crash?

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

lxyscls

富足长乐

论坛徽章:: 14

3楼 [报告]

发表于 2017-07-12 11:53 |只看该作者

本帖最后由 lxyscls 于 2017-07-12 12:21 编辑

贴栈信息看下

LD_PRELOAD=./libmcount.so ls
1.cap    build       hello world malloc_count.c       node_modules  pmfm       swagger    t.c v2
aaaa.pcap  code       l          n2n_v2_fork-master    pip-9.0.1    RESTServer swagger.sh  t.cpp  whl
api       crossdomain  libmcount.so  n2n_v2_fork-master.zip  pktgen       RESTServerV2  t          t.o xxxlll

cat /etc/centos-release
CentOS Linux release 7.0.1406 (Core)

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

shihyu

家境小康

论坛徽章:: 1

4楼 [报告]

发表于 2017-07-12 14:10 |只看该作者

gdb ls core

#28848 0x00007fd3c8b45899 in printf () from /lib/x86_64-linux-gnu/libc.so.6
#28849 0x00007fd3c90dc89d in malloc () from ./libmcount.so
#28850 0x00007fd3c8b5d1d5 in _IO_file_doallocate () from /lib/x86_64-linux-gnu/libc.so.6
#28851 0x00007fd3c8b6b594 in _IO_doallocbuf () from /lib/x86_64-linux-gnu/libc.so.6
#28852 0x00007fd3c8b6a8f8 in _IO_file_overflow () from /lib/x86_64-linux-gnu/libc.so.6
#28853 0x00007fd3c8b6928d in _IO_file_xsputn () from /lib/x86_64-linux-gnu/libc.so.6
#28854 0x00007fd3c8b3d241 in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
#28855 0x00007fd3c8b45899 in printf () from /lib/x86_64-linux-gnu/libc.so.6
#28856 0x00007fd3c90dc89d in malloc () from ./libmcount.so
#28857 0x00007fd3c8b5d1d5 in _IO_file_doallocate () from /lib/x86_64-linux-gnu/libc.so.6
#28858 0x00007fd3c8b6b594 in _IO_doallocbuf () from /lib/x86_64-linux-gnu/libc.so.6
#28859 0x00007fd3c8b6a8f8 in _IO_file_overflow () from /lib/x86_64-linux-gnu/libc.so.6
#28860 0x00007fd3c8b6928d in _IO_file_xsputn () from /lib/x86_64-linux-gnu/libc.so.6
#28861 0x00007fd3c8b3d241 in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
#28862 0x00007fd3c8b45899 in printf () from /lib/x86_64-linux-gnu/libc.so.6
#28863 0x00007fd3c90dc89d in malloc () from ./libmcount.so
#28864 0x00007fd3c8b5d1d5 in _IO_file_doallocate () from /lib/x86_64-linux-gnu/libc.so.6
#28865 0x00007fd3c8b6b594 in _IO_doallocbuf () from /lib/x86_64-linux-gnu/libc.so.6
#28866 0x00007fd3c8b6a8f8 in _IO_file_overflow () from /lib/x86_64-linux-gnu/libc.so.6
#28867 0x00007fd3c8b6928d in _IO_file_xsputn () from /lib/x86_64-linux-gnu/libc.so.6
#28868 0x00007fd3c8b3d241 in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
#28869 0x00007fd3c8b45899 in printf () from /lib/x86_64-linux-gnu/libc.so.6
#28870 0x00007fd3c90dc89d in malloc () from ./libmcount.so
#28871 0x00007fd3c8b5d1d5 in _IO_file_doallocate () from /lib/x86_64-linux-gnu/libc.so.6
#28872 0x00007fd3c8b6b594 in _IO_doallocbuf () from /lib/x86_64-linux-gnu/libc.so.6
#28873 0x00007fd3c8b6a8f8 in _IO_file_overflow () from /lib/x86_64-linux-gnu/libc.so.6
#28874 0x00007fd3c8b6928d in _IO_file_xsputn () from /lib/x86_64-linux-gnu/libc.so.6
#28875 0x00007fd3c8b3d241 in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
<font color="#ff0000">#28876 0x00007fd3c8b45899 in printf () from /lib/x86_64-linux-gnu/libc.so.6
#28877 0x00007fd3c90dc89d in malloc () from ./libmcount.so</font>
#28878 0x00007fd3c8b5dcdd in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#28879 0x00007fd3c8ec49b6 in selinuxfs_exists () from /lib/x86_64-linux-gnu/libselinux.so.1
#28880 0x00007fd3c8ebfcdc in ?? () from /lib/x86_64-linux-gnu/libselinux.so.1
#28881 0x00007fd3c92ee6ba in ?? () from /lib64/ld-linux-x86-64.so.2
#28882 0x00007fd3c92ee7cb in ?? () from /lib64/ld-linux-x86-64.so.2
#28883 0x00007fd3c92dec6a in ?? () from /lib64/ld-linux-x86-64.so.2
#28884 0x0000000000000002 in ?? ()
#28885 0x00007ffc1b6f537a in ?? ()
#28886 0x00007ffc1b6f537d in ?? ()
#28887 0x0000000000000000 in ?? ()