i am using LD_PRELOAD to capture write() system call in linux . I am successfully able to do this for write system call and make it work.
我正在使用LD_PRELOAD来捕获linux中的write()系统调用。我成功地能够为写入系统调用执行此操作并使其工作。
But when i call printf() that time it does not work. If we observe printf stack trace using strace i found that, at the end printf calls write() system call to write to console, but at that time my write() system call is not called before actually calling the the write() system call.
但是当我调用printf()时,它不起作用。如果我们使用strace观察printf堆栈跟踪,我发现,最后printf调用write()系统调用写入控制台,但那时我的write()系统调用在实际调用write()系统调用之前没有被调用。
Anybody have any idea why is this happening ?
任何人都知道为什么会这样?
1 个解决方案
#1
11
Function calls made from one library to another or from the executable to a dynamically loaded library go through the PLT (Procedure Linkage Table) and are able to be redirected by the use of LD_PRELOAD. However, function calls within a library can be resolved at compile time and do not go through the PLT. Therefore they are unable to be redirected by LD_PRELOAD. Since printf and write are both compiled into libc.so.6, the call to write from printf never goes through the PLT to look for a possible redirection, but when you call write directly from your application (or from another shared library) it does.
从一个库到另一个库或从可执行文件到动态加载的库的函数调用通过PLT(过程链接表)并且能够通过使用LD_PRELOAD重定向。但是,库中的函数调用可以在编译时解析,而不是通过PLT。因此,它们无法被LD_PRELOAD重定向。由于printf和write都被编译成libc.so.6,因此从printf调用writef永远不会通过PLT寻找可能的重定向,但是当你直接从你的应用程序(或从另一个共享库)调用write时,它会。
#1
11
Function calls made from one library to another or from the executable to a dynamically loaded library go through the PLT (Procedure Linkage Table) and are able to be redirected by the use of LD_PRELOAD. However, function calls within a library can be resolved at compile time and do not go through the PLT. Therefore they are unable to be redirected by LD_PRELOAD. Since printf and write are both compiled into libc.so.6, the call to write from printf never goes through the PLT to look for a possible redirection, but when you call write directly from your application (or from another shared library) it does.
从一个库到另一个库或从可执行文件到动态加载的库的函数调用通过PLT(过程链接表)并且能够通过使用LD_PRELOAD重定向。但是,库中的函数调用可以在编译时解析,而不是通过PLT。因此,它们无法被LD_PRELOAD重定向。由于printf和write都被编译成libc.so.6,因此从printf调用writef永远不会通过PLT寻找可能的重定向,但是当你直接从你的应用程序(或从另一个共享库)调用write时,它会。