查找图书馆argc和argv [英] Find argc and argv from a library
问题描述
我如何找到一个程序的 ARGC 和的argv 从共享对象?我写在C库,将通过 LD_ preLOAD 加载。我已经能够找到堆栈两种不同的方式:
How do I find a program's argc and argv from a shared object? I am writing a library in C that will be loaded via LD_PRELOAD. I've been able to find the stack two different ways:
- 读
RSP通过行内__ __ ASM电话。 - 读
的/ proc /< PID方式> /图并解析堆栈中的条目
- Read
rspvia inline__asm__call. - Read
/proc/<pid>/mapsand parse the entry for stack.
我可以再创建一个指针,在堆栈段点它,然后通过寻找数据迭代。问题是我无法找出一个有效的方法来确定字节是什么 ARGC 和指针的指针的argv 字符串。
I can then create a pointer, point it at the stack segment, then iterate through looking for data. The problem is I can't figure out an efficient way to determine what bytes are argc and the pointer to the pointer to the argv strings.
我知道的/ proc /&LT; PID&GT; / CMDLINE 还包含的参数,每个 0×00 分离,但我感兴趣的是在内存中找到任何东西。
I know that /proc/<pid>/cmdline also contains the arguments, each separated by 0x00, but I'm interested in finding everything in memory.
在gdb中我看到了一个 DWORD 为 ARGC 后跟一个 QWORD 这是第一个指针。 的ARGC 地址之前20个字节是指向回主程序的code段的指针。但是,这并不是识别 ARGC 和的argv 以确定的方式。
In gdb I see a DWORD for argc followed by a QWORD which is the first pointer. 20 bytes before the address of argc is a pointer that points back into the main program's code segment. But that's not a deterministic way to identify argc and argv.
我见过几个职位,但没有工作code:
I've seen a few posts but no working code:
- 的http://linux.derkeiler.com/Newsgroups/comp.os.linux.development.system/2005-07/0296.html
- https://sourceware.org/ml/libc-help/ 2009-11 / msg00010.html
- http://linux.derkeiler.com/Newsgroups/comp.os.linux.development.system/2005-07/0296.html
- https://sourceware.org/ml/libc-help/2009-11/msg00010.html
推荐答案
在你的第二个链接时,该响应包含工作源$ C $ C这对我来说(基于GNU / Linux ELF系统)工作得很好,包括在 LD_ preLOAD 。
This response in your second link contains working source code which worked fine for me (Gnu/Linux elf-based system), including during LD_PRELOAD.
在code是非常短;它包括一个功能:
The code is very short; it consists of a function:
int foo(int argc, char **argv, char **env) {
// Do something with argc, argv (and env, if desired)
}
和一个指向在 .init_array 节功能:
__attribute__((section(".init_array"))) static void *foo_constructor = &foo;
把那到一个共享库,然后LD_ preLOADing共享库肯定触发调用富当我尝试它,它显然与被叫 ARGC 和的argv 以后将被传递给主(也值 ENVIRON )。
Putting that into a shared library and then LD_PRELOADing the shared library certainly triggered the call to foo when I tried it, and it was clearly called with the argc and argv which would later be passed to main (and also the value of environ).
这篇关于查找图书馆argc和argv的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
