Had some success today hooking APIs on linux.
Don't think that this is going to be a techy blog-site. Just pasting here for later references. Looks like blog site is quite handy repository.
Keywords: LD_PRELOAD, dlsym
http://sourceware.org/ml/libc-alpha/2001-05/msg00321.html
One more note:
LD_PRELOAD is supported for most of the UNIX flavors. I had tried it on HPUX in patni and it worked there.
read that it will work for SOLARIS and AIX also.
-----------------------------------------------------------
follow these 3 simple steps to hook APIs in Linux.
Step1: create a file with following code..say preload.c
//the blogger treats < as tags..removing < from include statements
#include dlfcn.h
#include stdio.h
#include sys/types.h
#include sys/socket.h
#if defined(RTLD_NEXT)
#define REAL_LIBC RTLD_NEXT
#else
#define REAL_LIBC ((void *) -1L)
#endif
int connect(int sockfd, const struct sockaddr *serv_addr, socklen_t
addrlen)
{
printf("NEOACCEL: connect hacked\n");
static int (*o_dlconnect) ( int sockfd, const struct sockaddr *serv_addr, socklen_t addrlen )=0;
printf( "dlopen was called\n" );
o_dlconnect = (int(*)( int sockfd, const struct sockaddr *serv_addr, socklen_t addrlen )) dlsym(REAL_LIBC,"connect");
return (*o_dlconnect)( sockfd, serv_addr, addrlen );
}
Step2: compile it using cmd line
gcc -Wall -fPIC -shared -o preload.so preload.c -ldl
Step3: Define env variable LD_PRELOAD as:
export LD_PRELOAD=absolute file-path of preload.so, inclding filename
and you are done....
some good respources:
http://neworder.box.sk/newsread.php?newsid=13857
http://www.security.nnov.ru/articles/reveng/
www.phrack.org
Popular Posts
-
RBI has now mandated that every credit card transaction must enforce the user to enter a secure PIN pre-registered with the banks. Of cours... -
Here is an example perl script to send email from a Linux box. VERY IMPORTAT: @ symbol in this file MUST be escaped as \@. for e.g. if y...
-
Here are the settings that need to be done in Windows 7 for kernel debugging: 1. start cmd with admin rights 2. run bcdedit to see existi...
-
After a long time, I got a chance to setup Visual studio and code few things. I could setup Visual studio express edition smoothly but wh...
-
Scenario: You wanna debug an application but you dont have the code for it? You suspect some functions that are failing, you dont feel like ...
-
I got a small appliance (x86 based desktop appliance) where I was installing our custom fedora 9 distribution. Everything was fine except th...
-
Had some success today hooking APIs on linux. Don't think that this is going to be a techy blog-site. Just pasting here for later refere...
-
Just writing some quick notes. Its is compulsary to sign your driver with a digital certificate on Windows 7 64bit edition. In fact it is ...
-
I attended the seminar organized by SEAP on legal issues in InfoTech organized at PSPL, Pune. It was a good event to attend and was very inf...
-
After working as part of sales team I have become more result oriented. I weigh every second in terms of how much I have progressed towards ...
3 comments:
You should be able to use C++, you probably just need to wrap (or prefix) your function with extern "C" { /* your function */ }
This is because the C++ compiler may mangle your function name and the exported name or signature will look different.
Thanks Jamie. You are right
May just be the Most excellent subject that i browsed through all holiday season?
Post a Comment