Is it possible to override one of the linux kernel functions using LD_PRELOAD?
是否可以使用LD_PRELOAD覆盖其中一个Linux内核函数?
For instance, I want to change the cookie_hash function in Linux/net/ipv4/syncookie.c for the listening socket for my program fooserver. Can I do it using LD_PRELOAD, or I need to recompile the kernel for that?
例如,我想更改Linux / net / ipv4 / syncookie.c中的cookie_hash函数,作为我的程序fooserver的监听套接字。我可以使用LD_PRELOAD来做,或者我需要为此重新编译内核吗?
Are there any other options?
还有其他选择吗?
Thanks,
谢谢,
3 个解决方案
#1
2
No, it is not possible to use LD_PRELOAD to replace a function in the kernel.
不,不可能使用LD_PRELOAD替换内核中的函数。
You will need to either recompile the kernel.
您需要重新编译内核。
If the function is in a kernel module, then you may be able to unload, recompile and reload the module without needing to restart the kernel.
如果函数在内核模块中,那么您可以卸载,重新编译和重新加载模块,而无需重新启动内核。
If this is something you will be doing frequently, then you will want to use a second computer, or a virtual machine, so you won't have to keep restarting the computer you're programming on.
如果您经常这样做,那么您将需要使用第二台计算机或虚拟机,这样您就不必继续重新启动正在编程的计算机。
#2
0
You have to use kprobes or systemtap to override kernel functions. It isn't necessary to recompile.
您必须使用kprobes或systemtap来覆盖内核函数。没有必要重新编译。
#3
0
You can do something similar in Linux Kernel. It isn't a trivial operation but what you should do is the next:
您可以在Linux Kernel中执行类似的操作。这不是一个微不足道的操作,但你应该做的是下一步:
- Find the address of the function you want to be replaced. There are several ways to achieve the address. The simplest one is 'cat /proc/kallsyms | grep cookie_hash ".
- 找到要替换的功能的地址。有几种方法可以实现该地址。最简单的是'cat / proc / kallsyms | grep cookie_hash“。
- From your module, you save the content of the address. It is the original 'cookie_hash' function.
- 从您的模块中,您可以保存地址的内容。这是原始的'cookie_hash'功能。
- Into this address, you place the address of your function 'my_cookie_hash'.
- 在此地址中,您可以放置函数“my_cookie_hash”的地址。
- At the end of your function 'my_cookie_hash', you call the original function 'cookie_hash'.
- 在函数'my_cookie_hash'结束时,调用原始函数'cookie_hash'。
There are many hidden traps and potential crashes, though. But generally, this approach works.
但是,有许多隐藏的陷阱和潜在的崩溃。但一般来说,这种方法有效。
#1
2
No, it is not possible to use LD_PRELOAD to replace a function in the kernel.
不,不可能使用LD_PRELOAD替换内核中的函数。
You will need to either recompile the kernel.
您需要重新编译内核。
If the function is in a kernel module, then you may be able to unload, recompile and reload the module without needing to restart the kernel.
如果函数在内核模块中,那么您可以卸载,重新编译和重新加载模块,而无需重新启动内核。
If this is something you will be doing frequently, then you will want to use a second computer, or a virtual machine, so you won't have to keep restarting the computer you're programming on.
如果您经常这样做,那么您将需要使用第二台计算机或虚拟机,这样您就不必继续重新启动正在编程的计算机。
#2
0
You have to use kprobes or systemtap to override kernel functions. It isn't necessary to recompile.
您必须使用kprobes或systemtap来覆盖内核函数。没有必要重新编译。
#3
0
You can do something similar in Linux Kernel. It isn't a trivial operation but what you should do is the next:
您可以在Linux Kernel中执行类似的操作。这不是一个微不足道的操作,但你应该做的是下一步:
- Find the address of the function you want to be replaced. There are several ways to achieve the address. The simplest one is 'cat /proc/kallsyms | grep cookie_hash ".
- 找到要替换的功能的地址。有几种方法可以实现该地址。最简单的是'cat / proc / kallsyms | grep cookie_hash“。
- From your module, you save the content of the address. It is the original 'cookie_hash' function.
- 从您的模块中,您可以保存地址的内容。这是原始的'cookie_hash'功能。
- Into this address, you place the address of your function 'my_cookie_hash'.
- 在此地址中,您可以放置函数“my_cookie_hash”的地址。
- At the end of your function 'my_cookie_hash', you call the original function 'cookie_hash'.
- 在函数'my_cookie_hash'结束时,调用原始函数'cookie_hash'。
There are many hidden traps and potential crashes, though. But generally, this approach works.
但是,有许多隐藏的陷阱和潜在的崩溃。但一般来说,这种方法有效。