-
Notifications
You must be signed in to change notification settings - Fork 0
sos22/elf-audit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Some simple libraries to make using the RTLD ELF auditing interfaces a bit easier. Look in test_audit.c for an example. Build it, and then load it like this: LD_AUDIT=/local/scratch/sos22/elf-audit/test_audit.so /bin/ls changing the path in the obvious way. You should see a load of output like this: _dl_get_tls_static_info(); -> 10 getrlimit(); -> 0 __sysconf(); -> 1000 __libc_dl_error_tsd(); -> 7f5cc157f678 __libc_pthread_init(); -> 7f5cc0b2b048 fopen64(/etc/selinux/config, r); malloc(238); -> 953220 free(953220); -> <void> -> 0 malloc(9); -> 953220 __asprintf_chk(7f5cc0f4f4c8, 1, %s%s); malloc(64); -> 953240 malloc(16); -> 9532b0 free(953240); -> <void> -> 15 __asprintf_chk(7f5cc0f4f4e0, 1, %s%s); malloc(64); -> 953240 malloc(24); -> 9532d0 free(953240); -> <void> -> 23 ... fwrite_unlocked(); -> c __errno_location(); -> 7f5cc157f628 __ctype_get_mb_cur_max(); -> 6 fwrite_unlocked(); -> c __errno_location(); -> 7f5cc157f628 __ctype_get_mb_cur_max(); -> 6 fwrite_unlocked(); -> 6 free(961740); -> <void> free(0); -> <void> free(95cb40); -> <void> exit(); __fpending(); -> 93 fclose(); showing all the library calls made by the application. I'm lazy, so the test module only decodes arguments for a very small set of functions, and doesn't do that particularly well. This depends on a fairly recent glibc. 2.7 is definitely new enough, 2.3 definitely isn't, and I'm not sure about any of the ones in between.
About
Wrapper to make using the RTLD ELF audit interfaces more palatable.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published