What system calls does
When using the
dlopen API -
dlclose - what syscalls does it use?
I wrote two programs to compare:
one which loads a function from a shared object,
and one which embeds the function in the main binary.
dtruss to log system calls, the dynamic-loading version does something like this:
void* start = 0x10EA52000; size_t pagesize = getpagesize(); struct stat64 stat; stat64("plugin.so", &stat); int fd = open("plugin.so", 0, 0); mmap(start+(0*pagesize), 6*pagesize, PROT_READ|PROT_EXEC, MAP_FIXED|MAP_PRIVATE, fd, 0*pagesize); mmap(start+(6*pagesize), 1*pagesize, PROT_READ|PROT_WRITE, MAP_FIXED|MAP_PRIVATE, fd, 1*pagesize); mmap(start+(7*pagesize), stat.off_t - 7*pagesize, PROT_READ, MAP_FIXED|MAP_PRIVATE, fd, 2*pagesize); close(fd); munmap(start+(0*pagesize), 4096); munmap(start+(6*pagesize), 4096); munmap(start+(7*pagesize), 4096);
It’s notable that this does not use any special syscalls. Instead, the program uses standard UNIX syscalls to put the file in memory.
The program knows the offsets of three sections of the file: one executable (containing functions), one read/writable (containing global variables), and one readable (the Mach-O headers, at the end of the file?). The program maps these into memory at fixed locations.
More by Jim
- Your syntax highlighter is wrong
- Granddad died today
- The Three Ts of Time, Thought and Typing: measuring cost on the web
- I hate telephones
- The sorry state of OpenSSL usability
- The dots do matter: how to scam a Gmail user
- My parents are Flat-Earthers
- How Hacker News stays interesting
- Project C-43: the lost origins of asymmetric crypto
- The hacker hype cycle
- The inception bar: a new phishing method
- Time is running out to catch COVID-19
- A probabilistic pub quiz for nerds
- Smear phishing: a new Android vulnerability
Tagged . All content copyright James Fisher 2017. This post is not associated with my employer. Found an error? Edit this page.