Dynamic libraries (aka shared libraries) are, essentially, libraries that can be linked to a program at run-time. The code is loaded only when needed and the entire library is not going to be included into the compiled binary. Shared libraries can be shared by many applications simultaneously while still occupying the same space in the kernel. I‟ll only go over compiling dynamic libraries with Linux as that is the OS with which I am most familiar.
Dynamic libraries are often used in function hooking because they are loaded before any standard library and overwrite functions. I‟ll go over an extremely simple function hook of strdup() function which just copies a string into a new place in memory and you can dynamically retrieve the location of the correct function. Here‟s an example of a simple function hook. First we decide what function we are going to hook. In my case, I‟ll be hooking the strdup() or string duplicator function. Next, look at the man page of the function:
Code:
char *strdup(const char *s);
Perfect. That‟s the template we‟re going to use to create our function. We‟re going to make a function with the same name as strdup() and with the same parameters, but we‟re going to replace its function.
Code:
char *strdup(const char *s)
{ return "Hello!";
}
In this example, any time the strdup function is called, rather than returning a memory address of dynamically allocated memory to which the supplied string was copied, it is returning a string “hello”. Now that we have this, let‟s have a function that uses strdup().
Code:
#include <stdio.h>
Int main(){
char *str = strdup(‚Testing 123‛);
printf(‚%s\n‛, char);
}
This function would print “Testing 123” without the hook, but when the hook is configured, it will print “Hello”. First, compile the C file like you would normally. No extraneous flags are required. Now, we are going to compile the new strdup() function:
Code:
gcc -shared -fpic -o ./libfoo.so
Once that is compiled, we‟re going to use something called LD_PRELOAD. Any shared library inside of LD_PRELOAD is going to be linked and loaded before ANY OTHER LIBRARY. This includes the C Standard library among others. There are 3 ways of preloading the library.
Code:
1. One Time only:
LD_PRELOAD=./libfoo.so ./foo
In this example, “foo” is the name of the binary you compiled normally. This will dynamically link the libfoo.so and call the strdup() function in that object as opposed to the legitimate kernel one.
Code:
2. During Terminal Life
export LD_PRELOAd=`pwd`/libfoo.so
I used „pwd‟ in this case because, if you change directory, it will be looking for the .so in that current directory. If, at any point, you want to un-export it, you may run:
Code:
unset LD_PRELOAD
OR
export LD_PRELOAD=
Code:
3. Until Manual Removal
echo `pwd`/libfoo.so > /etc/prc/ld.so.preload
With this, it is the equivalent of executing the LD_PRELOAD statement each time you boot up. This is not recommended for simply testing a library as, if it were to crash, it can be impossible to repair.
-H
Houga@entroy.cat
