Redirecting functions in shared ELF libraries

[Nytro]

Redirecting functions in shared ELF libraries

By Apriorit Inc, Anthony Shoumikhin | 2 Apr 2010 | Unedited contribution

This article gives brief description of ELF libs structure and functioning and also shows how to intercept function calls from one library into another

TABLE OF CONTENTS

1. The problem

1.1 What does redirecting mean?

1.2 Why redirecting?

2. Brief ELF explanation

2.1 Which parts does ELF file consist of?

2.2 How do shared ELF libraries link?

2.3 Some useful conclusions

3. The solution

3.1 What is the algorithm of redirection?

3.2 How to get the address, which a library has been loaded to?

3.3 How to write and restore a new function address?

4. Instead of conclusion

5. Useful links

1. The problem

We all use Dynamic Link Libraries (DLL). They have excellent facilities. First, such library loads into the physical address space only once for all processes. Secondly, you can expand the functionality of the program by loading the additional library, which will provide this functionality. And that is without restarting the program. Also a problem of updating is solved. It is possible to define the standard interface for the DLL and to influence the functionality and the quality of the basic program by changing the version of the library. Such methods of the code reusability were called "plug-in architecture". But let's move on.

Of course, not every dynamic link library relies only on itself in its implementation, namely, on the computational power of the processor and the memory. Libraries use libraries or just standard libraries. For example, programs in the C\C++ language use standard C\C++ libraries. The latter, besides, are also organized into the dynamic link form (libc.so and libstdc++.so). They are stored in the files of the specific format. My research was held for Linux OS where the main format of dynamic link libraries is ELF (Executable and Linkable Format).

Recently I faced the necessity of intercepting function calls from one library into another - just to process them in such a way. This is called the call redirecting.

1.1 What does redirecting mean?

First, let’s formulate the problem on the concrete example. Supposing we have a program called "test" on the C language (test.c file) and two split libraries (libtest1.c and libtest2.c files) with permanent contents and which were compiled beforehand. These libraries provide functions: libtest1() and libtest2(), respectively. In their implementation each of them uses the puts() function from the standard library of the C language.

A task consists in the following:

To replace the call of the puts() function for both libraries by the call of the redirected puts() function. The latter is implemented in the master program (test.c file) that can in its turn use the original puts() function;

To cancel the performed changes, that is to make so that the repeated call of libtest1() and libtest2() leads to the call of the original puts() function.

It is not allowed to change the code or recompile the libraries. We can change only the master program.

Articol complet:

http://www.codeproject.com/KB/library/elf-redirect.aspx