有没有办法使用特定的 C 函数/符号作为 nm 的输出 [英] Is there a way to use a particular C function/symbol as output by nm

问题描述

为了网络安全学习目的，我正在尝试分析编译文件，并想使用特定功能.

I'm trying to analyse a compiled file for cybersec learning purposes and want to use a particular function.

这是nm --defined-only ./compiled_file 的输出:

0000000000200d98 d _DYNAMIC
0000000000200f88 d _GLOBAL_OFFSET_TABLE_
0000000000000ba0 R _IO_stdin_used
0000000000000d64 r __FRAME_END__
0000000000000bfc r __GNU_EH_FRAME_HDR
0000000000201010 D __TMC_END__
0000000000201010 B __bss_start
0000000000201000 D __data_start
00000000000007d0 t __do_global_dtors_aux
0000000000200d90 t __do_global_dtors_aux_fini_array_entry
0000000000201008 D __dso_handle
0000000000200d88 t __frame_dummy_init_array_entry
0000000000200d90 t __init_array_end
0000000000200d88 t __init_array_start
0000000000000b90 T __libc_csu_fini
0000000000000b20 T __libc_csu_init
0000000000201010 D _edata
0000000000201018 B _end
0000000000000b94 T _fini
0000000000000660 T _init
0000000000000710 T _start
0000000000201010 b completed.7696
0000000000201000 W data_start
0000000000000740 t deregister_tm_clones
0000000000000810 t frame_dummy
0000000000000a92 T main
000000000000081a T function_I_would_like_to_use                 \\ << this one
0000000000000780 t register_tm_clones

我主要使用 Python(我对 C/C++ 知之甚少，只是基础知识)，因此，很自然地，我一直在尝试使用 ctypes 库在 Python 中处理这个文件，使用文件，但就我所见，上述函数名称均未出现在对象或其属性的 dir() 中.

I mainly use Python (I know very little about C/C++, just the basics), so, naturally, I've been trying to mess about with this file in Python using the ctypes library, creating a CDLL object with the file, but none of the function names above appear in the dir() of the object or of its attributes as far as I can see.

我从类似的东西开始:https://book.pythontips.com/en/latest/python_c_extension.html#ctypes 然后在 dir()/__dict__ 的兔子洞中越陷越深，试图找到我认出的东西，没有运气.

I started with something similar to this: https://book.pythontips.com/en/latest/python_c_extension.html#ctypes and then went deeper and deeper down the rabbit hole of dir()/__dict__ to try to find things I recognised, no luck.

如您所见，我正在尝试对这个 ELF 进行逆向工程，但我对机器代码没有任何真正了解，但希望我能在此过程中学到一些东西哈哈！出于练习的目的，我也宁愿在没有外部(第三方)库的情况下执行此操作.

As you can see, I'm trying to reverse engineer this ELF without any real knowledge of machine code, but hoping I'll learn something in the process haha! For the purposes of the exercise, I'd also rather do this without external (third-party) libraries.

file ./compiled_file 的输出是:

./compiled_file: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=cf62f3afa6f99f98a863d44932d2e
0f9f8594e71, not stripped

所以，我的主要问题是，如上所述，有没有办法在 Python 中调用 nm、objdump 等列出的定义"函数之一否则?我读到 BuildID[sha1] 可用于调试.我可能需要这个来满足我的目的吗?

So, my main question is, as above, is there a way to call one of the 'defined' functions listed by nm, objdump, etc. in Python or otherwise? I read that the BuildID[sha1] can be useful for debugging. Do I need this perhaps for my purposes?

我希望这个问题不要太宽泛.从本质上讲，我主要是在寻找是或否，也许在正确的方向上稍微点头，至于​​我是否可以使用上面的信息调用该函数！

I hope this question is not too broad. Essentially, I'm mainly looking for a yes or no, with perhaps a little nod in the right direction, as to whether I can call that function with the info I have above!

感谢第一个非常快速的回答和评论，我一直在用 C 中的 dlopen/dlsym 搞乱.脚本如下(改编自 这里:

thanks to the first, extremely quick answer and comment I've been messing about with dlopen/dlsym in C. Script is as follows (adapted from here):

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <dlfcn.h>

int main(int argc, char** argv) {
    void *handle;
    void (*func_in_question)(const char*);
    handle = dlopen("./compiled_file", RTLD_LAZY);
    if (!handle) {
        /* fail to load the library */
        fprintf(stderr, "Error: %s\n", dlerror());
        return EXIT_FAILURE;
    }
    *(void**)(&func_in_question) = dlsym(handle, "function_I_would_like_to_use");
    if (!func_in_question) {
        /* no such symbol */
        fprintf(stderr, "Error: %s\n", dlerror());
        dlclose(handle);
        return EXIT_FAILURE;
    }
    func_in_question(argv[1]);
    dlclose(handle);
    return EXIT_SUCCESS;
}

似乎按预期工作，除了返回:

Seems to work as expected, apart from it returns:

错误:./compiled_file:未定义符号:function_I_would_like_to_use

(同样的错误，事实上，导致我问这个问题¯\_(ツ)_/¯ )

(the same error, in fact, that led me to ask the question ¯\_(ツ)_/¯ )

然而，最初的问题已经得到解答.

The original question, however, has been answered.

推荐答案

是的，这是可能的.毕竟，在共享库中导出符号的目的是能够使用它们.在 C 中，您可以通过将库链接到应用程序(实际上不是 Python 的选项)或运行时加载库并找到所需符号(在 linux 上:dlopen, dlsym).联机帮助页示例显示了如何在 C 中执行此操作.

Yes, it is possible. The point of having exported symbols in shared libraries is to be able to use them - after all. In C, you can do this either by linking the library to the application (not really an option for python), or runtime loading the library and finding the required symbol (on linux: dlopen, dlsym). The manpage example shows how to do this in C.

这篇关于有没有办法使用特定的 C 函数/符号作为 nm 的输出的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！