Dll was injected at (nil).
jlamur opened this issue · comments
Hello,
I can't inject my library. Command used (as root) : hotpatcher -v -l hook.so -s start_here $$. Here is the stdout :
Options Given:
Verbose Level: 1
Process PID: 4324
Symbol name: start_here
Library name: hook.so
Dry run: false
[ld_load_maps:278] Max number of mappings present: 48
[ld_find_library:440] Found entry /lib/x86_64-linux-gnu/ld-2.23.so matching /lib64/ld-linux-x86-64.so.2
[ld_find_library:376] Doing best substring search for libc.
[ld_find_library:440] Found entry /lib/x86_64-linux-gnu/libc-2.23.so matching libc
[ld_find_library:376] Doing best substring search for libdl.
[ld_find_library:440] Found entry /lib/x86_64-linux-gnu/libdl-2.23.so matching libdl
[ld_find_library:376] Doing best substring search for libpthread.
[ld_find_library:447] Library libpthread not found in procmaps
[hotpatch_gather_functions:104] libpthread not mapped.
[hotpatch_gather_functions:106] Found malloc at 0x7f062f3f0550 in libc
[hotpatch_gather_functions:107] Found realloc at 0x7f062f3f0c40 in libc
[hotpatch_gather_functions:108] Found free at 0x7f062f3f0a70 in libc
[hotpatch_gather_functions:122] Found dlopen at 0x7f062f736f70 in libdl
[hotpatch_gather_functions:123] Found dlclose at 0x7f062f736fe0 in libdl
[hotpatch_gather_functions:124] Found dlsym at 0x7f062f737040 in libdl
[hotpatch_inject_library:620] Allocating 1024 bytes in the target.
[hotpatch_inject_library:741] Dll opened at 0x0
Dll was injected at (nil)
Invocation of start_here() returned (nil)
In case it's needed, the source code of hook.cpp (I compiled with g++ -shared -fPIC -nostartfiles -o hook.so hook.cpp) :
#include <stdio.h>
int start_here() {
printf("Starting to hook...\n");
return 0xff;
}
I suspect the libpthread not mapped to be the source of the problem.
Hello.
Your code is C++. That means start_here is not a C symbol. You have to
use the mangled symbol name for start_here that g++ has generated for you.
$ nm hook.so | grep start_here
Otherwise, compile your program as C using gcc or use "extern C" to
declare start_here so that the symbol name is C-style and not C++ style.
The pthread search is done regardless. It is useful to know whether your
target program has pthread loaded or not.
If your custom hook DLL needs pthread and the target doesn't have
pthread loaded, then you need to inject pthread as well.
--Vikas
On 05/24/2016 09:36 AM, Kadriles wrote:
Hello,
I can't inject my library. Command used (as root) : |hotpatcher -v -l
hook.so -s start_here $$|. Here is the stdout :|Options Given: Verbose Level: 1 Process PID: 4324 Symbol name:
start_here Library name: hook.so Dry run: false [ld_load_maps:278] Max
number of mappings present: 48 [ld_find_library:440] Found entry
/lib/x86_64-linux-gnu/ld-2.23.so matching /lib64/ld-linux-x86-64.so.2
[ld_find_library:376] Doing best substring search for libc.
[ld_find_library:440] Found entry /lib/x86_64-linux-gnu/libc-2.23.so
matching libc [ld_find_library:376] Doing best substring search for
libdl. [ld_find_library:440] Found entry
/lib/x86_64-linux-gnu/libdl-2.23.so matching libdl
[ld_find_library:376] Doing best substring search for libpthread.
[ld_find_library:447] Library libpthread not found in procmaps
[hotpatch_gather_functions:104] libpthread not mapped.
[hotpatch_gather_functions:106] Found malloc at 0x7f062f3f0550 in libc
[hotpatch_gather_functions:107] Found realloc at 0x7f062f3f0c40 in
libc [hotpatch_gather_functions:108] Found free at 0x7f062f3f0a70 in
libc [hotpatch_gather_functions:122] Found dlopen at 0x7f062f736f70 in
libdl [hotpatch_gather_functions:123] Found dlclose at 0x7f062f736fe0
in libdl [hotpatch_gather_functions:124] Found dlsym at 0x7f062f737040
in libdl [hotpatch_inject_library:620] Allocating 1024 bytes in the
target. [hotpatch_inject_library:741] Dll opened at 0x0 Dll was
injected at (nil) Invocation of start_here() returned (nil) |In case it's needed, the source code of |hook.cpp| (I compiled with
|g++ -shared -fPIC -nostartfiles -o hook.so hook.cpp|) :|#include <stdio.h> int start_here() { printf("Starting to hook...\n");
return 0xff; } |I suspect the |libpthread not mapped| to be the source of the problem.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#13
Thank you for your reactivity and your help @vikasnkumar.
I tried your 3 proposed solutions but none of them worked !
I get the same stdout everytime...
To clarify I tried :
- The same code compiled with gcc :
gcc -shared -fPIC -nostartfiles -o hook.so hook.cpp. - To add
extern "C"around mymain()function (then compiled with g++). - The same code, and then to pass the symbol of
start_heregenerated with C++.
First, I rannm hook.so | grep start_herewhich gave me this :0000000000000380 T _Z10start_herev.
Then I tried to inject with :hotpatcher -v -l hook.so -s _Z10start_herev $$.
You need to use the full path and not just hook.so. So it should be
"/path/to/hook.so".
Can you test with the test hook library libhotpatchtest.so that comes
with hotpatch first ?
If that works, then hotpatch works on your system by itself.
Also, what kind of Linux are you running on ?
--Vikas
On 05/24/2016 01:15 PM, Kadriles wrote:
Thank you for your reactivity and your help @vikasnkumar
https://github.com/vikasnkumar.I tried your 3 proposed solutions but none of them worked !
I get the same stdout everytime...To clarify I tried :
The same code compiled with gcc : |gcc -shared -fPIC -nostartfiles -o hook.so hook.cpp|.
To add |extern "C"| around my |main()| function (then compiled with g++).
The same code, and then to pass the symbol of |start_here| generated with C++. First, I ran |nm hook.so | grep start_here| which gave me this : |0000000000000380 T _Z10start_herev|. Then I tried to inject with : |hotpatcher -v -l hook.so -s _Z10start_herev $$|.—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#13 (comment)
./hook.so worked !!! 👍
Even is the project is really old, I can suggest to add an error && exit when the injected library wasn't located.
Anyway, thank you for having took the time to answer me.