Created
February 5, 2019 21:50
-
-
Save bw2012/f5c51ab70d3a6305a224946b45976557 to your computer and use it in GitHub Desktop.
LD_PRELOAD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stddef.h> | |
| #define _GNU_SOURCE | |
| #include <dlfcn.h> | |
| #include <stdio.h> | |
| //==================================================================== | |
| // open | |
| //==================================================================== | |
| typedef int (*orig_open_f_type)(const char *pathname, int flags); | |
| int open(const char *pathname, int flags, ...) { | |
| orig_open_f_type orig_open = (orig_open_f_type)dlsym(RTLD_NEXT,"open"); | |
| int res = orig_open(pathname,flags); | |
| printf("open -> %d -> %s\n", res, pathname); | |
| return res; | |
| } | |
| typedef FILE* (*orig_fopen_f_type)(const char *fname, const char *mode); | |
| FILE *fopen(const char *fname, const char *mode) { | |
| printf("fopen -> %s\n", fname); //remember to include stdio.h! | |
| orig_fopen_f_type orig_fopen; | |
| orig_fopen = (orig_fopen_f_type)dlsym(RTLD_NEXT,"fopen"); | |
| return orig_fopen(fname, mode); | |
| } | |
| //==================================================================== | |
| // close | |
| //==================================================================== | |
| typedef int (*orig_close_f_type)(int fd); | |
| int close(int fd){ | |
| orig_close_f_type orig = (orig_close_f_type)dlsym(RTLD_NEXT,"close"); | |
| int res = orig(fd); | |
| printf("close -> %d\n", fd); | |
| return res; | |
| } | |
| //==================================================================== | |
| // read | |
| //==================================================================== | |
| typedef int (*orig_read_f_type)(int fd, void *buf, unsigned count); | |
| int read(int fd, void *buf, unsigned count) { | |
| printf("read -> %d -> %d bytes\n", fd, count); | |
| orig_read_f_type orig_read = (orig_read_f_type)dlsym(RTLD_NEXT,"read"); | |
| return orig_read(fd, buf, count); | |
| } | |
| //==================================================================== | |
| // | |
| //==================================================================== | |
| int puts(const char *str){ | |
| static int (*real_puts) (const char *format) = NULL; | |
| if (!real_puts) { | |
| real_puts = dlsym(RTLD_NEXT, "puts"); | |
| } | |
| return real_puts(str); | |
| } | |
| /* | |
| int printf(const char *format, ...){ | |
| static int (*real_printf) (const char *format, ...) = NULL; | |
| if (!real_printf){ | |
| real_printf = dlsym(RTLD_NEXT, "printf"); | |
| } | |
| return real_printf("my printf\n"); | |
| } | |
| */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| all: | |
| gcc -shared -fPIC inspect.c -o inspect.so -ldl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #export LD_DEBUG=all | |
| LD_PRELOAD=$PWD/inspect.so [victim file here] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment