Re: question about interposing routines in libSystem.B.dylib
Re: question about interposing routines in libSystem.B.dylib
- Subject: Re: question about interposing routines in libSystem.B.dylib
- From: Kevin Van Vechten <email@hidden>
- Date: Thu, 9 Feb 2006 17:02:41 -0800
There are some interesting constraints, such as when you override one
symbol in a .o, you need to override them all. The syscalls you're
interested should be relatively easy to intercept for a couple of
reasons--first, each is in their own .o, and second, you don't need
to use RTLD_NEXT, you can simply invoke the syscall directly.
Of course invoking syscalls directly isn't recommended for a
production system (since that ABI is not guaranteed), so use with
caution.
See the darwintrace library for an example:
<http://cvs.opendarwin.org/cgi-bin/cvsweb.cgi/proj/darwinbuild/
darwintrace/darwintrace.c?rev=1.13&content-type=text/x-cvsweb-markup>
- Kevin
On Feb 9, 2006, at 4:50 PM, Will Stockwell wrote:
Hi,
I'm attempting to develop an interposition library to catch a few
system calls on the application side (i.e., interpose the system
call's system library analogue). It seems, however, whenever I
attempt to build such a library that interposes, for example,
malloc, I have a dependency on libSystem.B.dylib. This is the
library in which the malloc system library routine is stored.
otool also tells me dlsym (needed to do interposition) is contained
in libSystem.B.dylib. According to Apple documentation, it is not
possible to interpose dependent libraries and it further seems I
can't do interposition without this particular library.
I'm using the following simple code for a dry run:
// *** BEGIN CODE ***
#include <stdio.h>
#include <dlfcn.h>
void *malloc(size_t size)
{
static void * (*func)();
printf ("malloc(%d) called\n", size);
if(!func)
func = (void *(*)()) dlsym(RTLD_NEXT, "malloc");
return(func(size));
}
// *** END CODE ***
And building the dylib as follows:
$ gcc -dynamiclib -o interpose.dylib -fPIC interpose.c
Of course, this turns up the following messages about duplicate
malloc symbols:
ld: warning multiple definitions of symbol _malloc
/var/tmp//cczzOOvT.o definition of _malloc in section (__TEXT,__text)
/usr/lib/gcc/powerpc-apple
-darwin8/4.0.0/../../../libSystem.dylib(malloc.So) definition of
_malloc
And attemptnig to have it loaded via DYLD_INSERT_LIBRARIES results
in a seg fault (not a suprise).
My sense is that it's just plain silly that it's not possible to do
something like this. Any ideas out there? It's definitely
possible to interpose malloc, open, etc. on other systems. Does
anyone know how I can achieve this under darwin? Googling around
hasn't turned up much. And, if it matters, the calls I'm most
interested in interposing are open, close, read, write, connect,
accept, pipe, and fork.
Your help is greatly appreicated,
Will
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40opendarwin.org
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden