![]() For instance, you can add calls to new functions at particular addresses, intercept library calls and change them, and much more. The downside is that dynamic instrumentation often has high overhead. You can also try to statically modify the program to add the desired behavior. One challenge is that you often need to muck around with the executable file format. Some tools, such as elfsh from the ERESI project exist for this, but I have found them buggy and difficult to use.Īnother strategy for static instrumentation is to "recompile". You can do this by decompiling the program, modifying the source code, and recompiling. In theory, you could also use a tool like BAP to lift the program to IL, modify it, and then re-compile it using LLVM. However, the current version is probably not mature enough for this. You can use LD_PRELOAD to override functions that are going to be dynamically linked. This is a nice option when you want to change the behavior of a library function. Naturally, it does not work on statically linked binaries, or for static functions. You can often make simple changes to a binary using a hex-editor. For instance, if there is a function call or branch you would like to skip, you can often replace it with nop instructions. If you need to add a large amount of new code, you will probably need to use something like elfsh from the ERESI project to help you resize the binary. Very often, you can change the behavior of a program by carefully hooking into it. Whether you can add the functionality you want this way depends on how the program is constructed. It helps if the program comes in the form of one main executable plus several libraries. Edited file with hex fiend cannot execute binary file plus# ![]() You can hook into any call that the program makes to shared libraries by linking your own library in first, with LD_PRELOAD. ![]() Write a library that defines a function foo, and set the environment variable LD_PRELOAD to the path to your compiled (. so) library when you start the program: then the program will call your foo instead of the one it intends. You can call the original foo function from your replacement by obtaining a pointer to it with dlsym().
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |