This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: How to access an applications ELF program header and ELFsection header at runtime
- From: Petr Baudis <pasky at suse dot cz>
- To: Bharath Ramesh <bramesh at vt dot edu>
- Cc: Carlos O'Donell <carlos at systemhalted dot org>,Eduardo <erocha dot ssa at gmail dot com>, libc-help at sourceware dot org
- Date: Tue, 5 Jan 2010 00:56:30 +0100
- Subject: Re: How to access an applications ELF program header and ELFsection header at runtime
- References: <68723fbe0908181959x957e72ei13602dc3993283d5@mail.gmail.com><01cb01ca2086$c004ffa0$400efee0$@edu><119aab440908190539t5a14703auf8763d849ccac6e2@mail.gmail.com><01d601ca20d2$4d005990$e7010cb0$@edu><119aab440908190849k5bb34588h8abe4744a5b99472@mail.gmail.com><022301ca20e5$e64fa7a0$b2eef6e0$@edu><68723fbe0908190914v75788869ufd28677bcd49c258@mail.gmail.com><20091022204927.GA27865@vt.edu><119aab440910230802g629f8c29x3f710b9f00cfb964@mail.gmail.com><20100104210329.GA6439@vt.edu>
Hi!
On Mon, Jan 04, 2010 at 04:03:31PM -0500, Bharath Ramesh wrote:
> On Fri, Oct 23, 2009 at 11:02:55AM -0400, Carlos O'Donell wrote:
> > On Thu, Oct 22, 2009 at 4:49 PM, Bharath Ramesh <bramesh@vt.edu> wrote:
> > > I am trying to play around with the symbols __data_start and __bss_start
> > > to access the location of the .data and .bss section. Is there any way I
> > > need to typecast these symbols so that I can get the information from
> > > these symbols.
> >
> > extern const char __symbol __attribute__((weak));
> > #define symbol ((unsigned long)&__symbol)
> >
>
> As mentioned in earlier emails to this thread [1] I need to access the
> .data and .bss sections of an application. I need to access this from
> the constructor of my shared library. I am not of the reason, but I am
> an unable to get access to __data_start. It always has a value of NULL
> address to it. I am able to get valid value for _edata, __bss_start and
> _end. When I use nm to list the symbols of the application __data_start
> does exist with an offset, but __data_start symbol for the shared
> library doesnt have any offset. Is there something I am missing, is
> there any way I can make sure that I get the valid address for these
> symbols from the constructor of the shared library.
I think these symbols correspond just to the sections in your local
ELF object, not in the main program; furthermore, there can be multiple
such sections in the ELF object, and all sorts of other hairy issues.
I think you are seriously best off just parsing /proc/self/maps, which
will give you up-to-date and complete information; you will probably
want to sync all PROT_WRITE mappings. Note that the mappings can change
over time - the heap will grow with brk()/sbrk(), new objects will be
linked in with dlopen(), mappings will come and go by mmap(), mremap()
and munmap()... and that's all I can think of, there might be more but
if you cover for these calls, you should probably cover most of the
cases...
...except it might be impossible to hijack mmap() calls inside glibc
(e.g. in malloc() ;-). I would say you have three reasonable (and
several unreasonable) choices: ptrace()ing your application to pick out
offending syscalls, patching the kernel to notify you about mapping
changes, or restricting your project to indeed support only static
storage synchronization and disallow dlopen().
--
Petr "Pasky" Baudis
A lot of people have my books on their bookshelves.
That's the problem, they need to read them. -- Don Knuth