代码注入 - Solaris & Linux

发布于 2024-07-10 08:18:22 字数 271 浏览 12 评论 0原文

我有一个由第三方创建的可执行模块。 我想将我的代码(一种在单独线程中运行的看门狗)“注入”到这个进程中。

到目前为止,有两种可能的方法 - 一种是将我的代码作为可执行文件运行并在其之上动态加载进程(似乎非常困难和棘手),或者使我的代码成为共享对象,通过 LD_PRELOAD 加载它并从一些静态变量构造函数。

有更方便的方法吗? 我的操作系统是 Linux x86 和 Solaris-SPARC。

更新:如果可能的话,我不想修补进程,而是动态加载我的代码。

I have an executable module created by third party. I would like to "inject" my code (kind of watchdog running in separate thread) into this process.

So far there are two possible ways - one is to run my code as executable and dynamically load a proess on top of it (seems to be very hard and tricky) or to make my code a shared object, load it via LD_PRELOAD and initialize from some static variable constructor.

Are there more convenient ways to do this ?
My OS are Linux x86 and Solaris-SPARC.

Update: If possible, I'd like not to patch the process, but load my code dynamicaly.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

心清如水 2024-07-17 08:18:22

Sounds like you're looking for InjectSo. There's a Powerpoint presentation that explains how it works. I haven't gotten around to trying it out yet.

彩虹直至黑白 2024-07-17 08:18:22

Hotpatch 应该可以为你做到这一点。 它比injectso 更强大。

Hotpatch should do this for you. It is more capable than injectso.

梦太阳 2024-07-17 08:18:22

Rob Kennedy 向您介绍了 InjectSo - 这可能正是您所需要的。

请注意,将线程引入非线程进程会充满同步问题。 如果应用程序已经是线程化的,那么问题就不那么严重,但即使如此,应用程序也可能会拒绝它不知道的线程。

Rob Kennedy told you about InjectSo - that's probably what you need.

Beware that the introduction of a thread into a non-threaded process would be fraught with synchronization issues. The problems are less serious if the application is already threaded, but even so, the application may object to a thread that it doesn't know about.

汹涌人海 2024-07-17 08:18:22

我没有使用过提到的 InjectSo,但它是一个值得注意的信息。
如果您正在寻找替代方案,这里有一种注入代码的简单方法:

#include <stdio.h>
#include <sys/types.h>
#include <pwd.h>
int main()
{
    struct passwd* pswd = getpwuid(1000);
    if(pswd) 
        printf("%s\n", pswd->pw_name);
    return 0;
}

gcc test.c -o test

#define _GNU_SOURCE
#include <dlfcn.h>
#include <sys/types.h>
#include <pwd.h>
#include <stdlib.h>
#include <stdio.h>

static char* hocus = "hocus pocus";

struct passwd *getpwuid(uid_t uid)
{
    static struct passwd *(*orig_getpwuid)(uid_t uid);
    if(!orig_getpwuid) {
        orig_getpwuid = (struct passwd* (*)(uid_t))dlsym(RTLD_NEXT, "getpwuid");
    }

    struct passwd* original_passwd = (*orig_getpwuid)(uid);
    if(original_passwd) {
        original_passwd->pw_name = hocus;
    }
    // your code here
    return original_passwd;
}

gccject.c -shared -o libinject.so

run with LD_LIBRARY_PATH=。 LD_PRELOAD=libinject.so ./test

应该是 hocus pocus。 您可以覆盖任意 libc 函数,例如 printfsnprintf - 只需查找该模块使用的内容即可。

在“您的代码”中,您可以启动任意线程、看门狗等。

I have not used the mentioned InjectSo but it is a noteworthy information.
If you are looking for alternatives here is a simple way to inject your code:

#include <stdio.h>
#include <sys/types.h>
#include <pwd.h>
int main()
{
    struct passwd* pswd = getpwuid(1000);
    if(pswd) 
        printf("%s\n", pswd->pw_name);
    return 0;
}

gcc test.c -o test

#define _GNU_SOURCE
#include <dlfcn.h>
#include <sys/types.h>
#include <pwd.h>
#include <stdlib.h>
#include <stdio.h>

static char* hocus = "hocus pocus";

struct passwd *getpwuid(uid_t uid)
{
    static struct passwd *(*orig_getpwuid)(uid_t uid);
    if(!orig_getpwuid) {
        orig_getpwuid = (struct passwd* (*)(uid_t))dlsym(RTLD_NEXT, "getpwuid");
    }

    struct passwd* original_passwd = (*orig_getpwuid)(uid);
    if(original_passwd) {
        original_passwd->pw_name = hocus;
    }
    // your code here
    return original_passwd;
}

gcc inject.c -shared -o libinject.so

run with LD_LIBRARY_PATH=. LD_PRELOAD=libinject.so ./test

Should say hocus pocus. You can override arbitrary libc functions, like printf, snprintf - just find what is that module using.

In the "your code here" you can start arbitrary threads, watchdogs etc.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文