读取 Elf 二进制中的 GOT 条目

发布于 2024-08-20 11:48:03 字数 1728 浏览 1 评论 0原文

我想写一个小函数的跟踪器。我用的是ptrace。我在 ubuntu x86_64 上。我想找到共享库函数的地址（例如printf）。

但我有一些关于全局偏移表的问题和疑问。我有以下代码：

size_t baseAddress = this->getBaseAddress();
Elf_Ehdr const * headerElf = static_cast<Elf_Ehdr const *> (this->_manager.readMemory((void*) baseAddress, sizeof (Elf_Ehdr)));
Elf_Phdr const * headerProgram = static_cast<Elf_Phdr const *> (this->_manager.readMemory((void*) (baseAddress + headerElf->e_phoff), headerElf->e_phentsize * headerElf->e_phnum));
unsigned int i = 0;
while (headerProgram[i].p_type != PT_DYNAMIC)
{
    ++i;
}
size_t addrToRead = headerProgram[i].p_vaddr;
Elf_Dyn const * dynSection = static_cast<Elf_Dyn const *> (this->_manager.readMemory((void*) addrToRead, sizeof (Elf_Dyn)));
while (dynSection->d_tag != DT_PLTGOT)
{
    addrToRead += sizeof (Elf_Dyn);
    dynSection = static_cast<Elf_Dyn const *> (this->_manager.readMemory((void*) addrToRead, sizeof (Elf_Dyn)));
}

size_t addrGot = dynSection->d_un.d_ptr/* + (4 * sizeof (Elf64_Word))*/;
std::cout << "addr got = " << std::hex << "0x" << dynSection->d_un.d_ptr << " 0x" << addrGot << std::endl;

Elf64_Word const * temp = (Elf64_Word const *) this->_manager.readMemory((void*) addrGot, sizeof (Elf64_Word));
struct link_map * linkList = (struct link_map *) this->_manager.readMemory((void*) *temp, sizeof (struct link_map));

函数readMemory读取跟踪进程的内存。

当我尝试读取 linkList->l_ld 时，它似乎没有指向动态部分。

我不确定我的代码是否正确。当我使用readelf时，GOT部分的地址与我的程序找到的地址相同。

我必须只读取 GOT 部分的第一个偏移量还是更多？ GOT入口点只包含指向struct link_map的绝对地址？

谢谢。

原文

I want to write a little function's tracer. I use ptrace.
I'm on ubuntu x86_64. I want to found the address of the shared library function (like printf).

But i have some problem and some question about the Global Offset Table.
I have the following code:

size_t baseAddress = this->getBaseAddress();
Elf_Ehdr const * headerElf = static_cast<Elf_Ehdr const *> (this->_manager.readMemory((void*) baseAddress, sizeof (Elf_Ehdr)));
Elf_Phdr const * headerProgram = static_cast<Elf_Phdr const *> (this->_manager.readMemory((void*) (baseAddress + headerElf->e_phoff), headerElf->e_phentsize * headerElf->e_phnum));
unsigned int i = 0;
while (headerProgram[i].p_type != PT_DYNAMIC)
{
    ++i;
}
size_t addrToRead = headerProgram[i].p_vaddr;
Elf_Dyn const * dynSection = static_cast<Elf_Dyn const *> (this->_manager.readMemory((void*) addrToRead, sizeof (Elf_Dyn)));
while (dynSection->d_tag != DT_PLTGOT)
{
    addrToRead += sizeof (Elf_Dyn);
    dynSection = static_cast<Elf_Dyn const *> (this->_manager.readMemory((void*) addrToRead, sizeof (Elf_Dyn)));
}

size_t addrGot = dynSection->d_un.d_ptr/* + (4 * sizeof (Elf64_Word))*/;
std::cout << "addr got = " << std::hex << "0x" << dynSection->d_un.d_ptr << " 0x" << addrGot << std::endl;

Elf64_Word const * temp = (Elf64_Word const *) this->_manager.readMemory((void*) addrGot, sizeof (Elf64_Word));
struct link_map * linkList = (struct link_map *) this->_manager.readMemory((void*) *temp, sizeof (struct link_map));

The function readMemory read on the memory of the traced process.

When I try to read the linkList->l_ld, it doesn't seem to point on a dynamic section.

I'm not sure my code is correct. When i use readelf, the address of GOT section is the same than my program found.

I must read only the first offset of the GOT section or more? The GOT entry point contains only absolute address that point to struct link_map?

Thank you.

分享到QQ

分享到微博