c 和 LD_PRELOAD.拦截了 open 和 open64 调用，但未拦截 stat64 [英] c and LD_PRELOAD. open and open64 calls intercepted, but not stat64

问题描述

我做了一个小的共享库，试图拦截 open、open64、stat 和 stat64 系统调用.当我导出LD_PRELOAD并运行oracle的sqlplus时，可以看到open和open64调用的痕迹，但是没有stat和stat64调用的痕迹.共享库是一个单独的 c 文件，其中包含 sys 调用的所有定义.为什么会发生某些系统调用被拦截而其他系统调用没有被拦截的情况?感谢您的帮助.

I've done a little shared library that tries to intercept open, open64, stat and stat64 sys calls. When I export LD_PRELOAD and run oracle's sqlplus, I can see the traces of the open and open64 calls, but no traces of the stat and stat64 calls. The shared library is a single c file with all the definitions of the sys calls in it. Why does it happen that some syscalls are intercepted and others don't? thanks for your help.

推荐答案

因为 GNU libc 实现了 open() 和 open64()正如您所期望的(即它们只是您可以使用 LD_PRELOAD 挂钩的动态链接符号)，但是使用 stat() 和 stat64 做了一些特别的事情().

Because the GNU libc implements open() and open64() as you'd expect (i.e. they're just dynamically linked symbols that you can hook into with LD_PRELOAD), but does something special with stat() and stat64().

如果您查看由 libc 导出的符号(例如使用 nm -D/libc/libc.so.6)，您会发现它没有't 实际上提供符号 stat 或 stat64!

If you look at the symbols exported by libc (e.g. with nm -D /libc/libc.so.6), you'll see that it doesn't actually provide the symbols stat or stat64!

对这些函数的调用被包装 - 在编译时(如果可能)由 <sys/stat.h> 中的内联函数，或者(失败)由 提供的静态链接定义>libc_nonshared.a.

Calls to these functions are wrapped - either at compile time (if possible) by inline functions in <sys/stat.h>, or (failing that) statically linked definitions provided by libc_nonshared.a.

实际调用的动态链接函数是__xstat()或__xstat64()；这些需要一个额外的第一个参数，一个整数，它是一个版本号，指示调用者期望的 struct stat 布局.尝试挂钩这些.

The actual dynamically linked functions which are called are __xstat() or __xstat64(); and these take an additional first argument, an integer, which is a version number indicating the layout of struct stat that is expected by the caller. Try hooking these instead.

(所有这一切的重点是允许动态链接的 libc 支持使用 struct stat 的各种不兼容布局和 mode_t 中的位定义的二进制文件; 如果你查看 /usr/include/sys/stat.h 你会发现这个效果的注释.fstat(), fstat64()、lstat()、lstat64() 和 mknod() 也同样受到影响.)

(The point of all this is to allow the dynamically linked libc to support binaries which use various incompatible layouts of struct stat and definitions of bits in mode_t; if you look in /usr/include/sys/stat.h you'll find a comment to this effect. fstat(), fstat64(), lstat(), lstat64() and mknod() are also affected in the same way.)

这篇关于c 和 LD_PRELOAD.拦截了 open 和 open64 调用，但未拦截 stat64的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！