动态链接库中函数的地址确定---PLT和GOT
来源:互联网 发布:mysql 字段名为关键字 编辑:程序博客网 时间:2024/05/03 10:21
- #include<</span>stdio.h>
- #include<</span>stdlib.h>
- #include<</span>pthread.h>
- void*
myfunc() - {
-
while(1) -
{ -
sleep(10); -
} -
return NULL; - }
- int
main() - {
-
sleep(15); -
pthread_t tid = 0; -
int ret = pthread_create(&tid,NULL,myfunc,NULL); -
if(ret) -
{ -
fprintf(stderr,"pthread create failed %m \n"); -
return -1; -
} -
ret = pthread_join(tid,NULL); -
if(ret) -
{ -
fprintf(stderr,"pthread join failed %m\n"); -
return -2; -
} -
return 0; - }
- root@libin:~/program/C/plt_got# LD_DEBUG=symbols ./test
- 2849: symbol=_res;
lookup in file=./test [0] - 2849: symbol=_res;
lookup in file=/lib/tls/i686/cmov/libpthread.so.0 [0] - 2849: symbol=_res;
lookup in file=/lib/tls/i686/cmov/libc.so.6 [0] - 2849: symbol=_IO_file_close;
lookup in file=./test [0] - 2849: symbol=_IO_file_close;
lookup in file=/lib/tls/i686/cmov/libpthread.so.0 [0] - 2849: symbol=_IO_file_close;
lookup in file=/lib/tls/i686/cmov/libc.so.6 [0] - 2849: symbol=rpc_createerr;
lookup in file=./test [0] - 2849: symbol=rpc_createerr;
lookup in file=/lib/tls/i686/cmov/libpthread.so.0 [0] - 2849: symbol=rpc_createerr;
lookup in file=/lib/tls/i686/cmov/libc.so.6 [0]
...................
===================================================================================
- 2849:
- 2849:
symbol=sleep; lookup in file=./test [0] - 2849:
symbol=sleep; lookup in file=/lib/tls/i686/cmov/libpthread.so.0 [0] - 2849:
symbol=sleep; lookup in file=/lib/tls/i686/cmov/libc.so.6 [0] - ===================================================================================
- 2849:
symbol=pthread_create; lookup in file=./test [0] - 2849:
symbol=pthread_create; lookup in file=/lib/tls/i686/cmov/libpthread.so.0 [0] - 2849:
symbol=__getpagesize; lookup in file=./test [0] - 2849:
symbol=__getpagesize; lookup in file=/lib/tls/i686/cmov/libpthread.so.0 [0] - 2849:
symbol=__getpagesize; lookup in file=/lib/tls/i686/cmov/libc.so.6 [0] - 2849:
symbol=mmap; lookup in file=./test [0] - 2849:
symbol=mmap; lookup in file=/lib/tls/i686/cmov/libpthread.so.0 [0] - 2849:
symbol=mmap; lookup in file=/lib/tls/i686/cmov/libc.so.6 [0]
- root@libin:~/program/C/plt_got# readelf -r test
- Relocation section '.rel.dyn' at offset 0x394 contains 2 entries:
- Offset Info Type Sym.Value Sym. Name
- 08049ff0 00000206 R_386_GLOB_DAT 00000000 __gmon_start__
- 0804a020 00000905 R_386_COPY 0804a020 stderr
- Relocation section '.rel.plt' at offset 0x3a4 contains 6 entries:
- Offset Info Type Sym.Value Sym. Name
- 0804a000 00000107 R_386_JUMP_SLOT 00000000 pthread_join
- 0804a004 00000207 R_386_JUMP_SLOT 00000000 __gmon_start__
- 0804a008 00000407 R_386_JUMP_SLOT 00000000 __libc_start_main
- 0804a00c 00000507 R_386_JUMP_SLOT 00000000 fprintf
- 0804a010 00000607 R_386_JUMP_SLOT 00000000 pthread_create
- 0804a014 00000707 R_386_JUMP_SLOT 00000000 sleep
- (gdb) b main
- Breakpoint 1 at 0x8048551: file test.c, line 19.
- (gdb) r
- Starting program: /home/libin/program/C/plt_got/test
- [Thread debugging using libthread_db enabled]
- Breakpoint 1, main () at test.c:19
- 19 sleep(15);
- (gdb) x/24x 0x8049ff4
- 0x8049ff4 <_GLOBAL_OFFSET_TABLE_>: 0x08049f18 0x0012c8f8 0x00123270 0x0804841a
- 0x804a004 <_GLOBAL_OFFSET_TABLE_+16>: 0x0804842a 0x0015daf0 0x0804844a 0x0804845a
- 0x804a014 <_GLOBAL_OFFSET_TABLE_+32>: 0x0804846a 0x00000000 0x00000000 0x0029c580
- 0x804a024 : 0x00000000 0x00000000 0x00000000 0x00000000
- 0x804a034: 0x00000000 0x00000000 0x00000000 0x00000000
- 0x804a044: 0x00000000 0x00000000 0x00000000 0x00000000
- [21] .dynamic DYNAMIC 08049f18 000f18 0000d8 08 WA 7 0 4
接下来,我们要分析PLT 和GOT的关系了。
- (gdb) disas main
- ....
- 0x0804857e <+54>: lea 0x1c(%esp),�x
- 0x08048582 <+58>: mov �x,(%esp)
- 0x08048585 <+61>: call 0x8048454
- 0x0804858a <+66>: mov �x,0x18(%esp)
- 0x0804858e <+70>: cmpl $0x0,0x18(%esp)
- .....
- libin@libin:~/program/C/plt_got$ objdump -dj .plt test
- test: file format elf32-i386
- Disassembly of section .plt:
- 08048404 :
- 8048404: ff 35 f8 9f 04 08 pushl 0x8049ff8
- 804840a: ff 25 fc 9f 04 08 jmp *0x8049ffc
- 8048410: 00 00 add %al,(�x)
- ...
- 08048414 :
- 8048414: ff 25 00 a0 04 08 jmp *0x804a000
- 804841a: 68 00 00 00 00 push $0x0
- 804841f: e9 e0 ff ff ff jmp 8048404 <_init+0x30>
- 08048424 <__gmon_start__@plt>:
- 8048424: ff 25 04 a0 04 08 jmp *0x804a004
- 804842a: 68 08 00 00 00 push $0x8
- 804842f: e9 d0 ff ff ff jmp 8048404 <_init+0x30>
- 08048434 <__libc_start_main@plt>:
- 8048434: ff 25 08 a0 04 08 jmp *0x804a008
- 804843a: 68 10 00 00 00 push $0x10
- 804843f: e9 c0 ff ff ff jmp 8048404 <_init+0x30>
- 08048444 :
- 8048444: ff 25 0c a0 04 08 jmp *0x804a00c
- 804844a: 68 18 00 00 00 push $0x18
- 804844f: e9 b0 ff ff ff jmp 8048404 <_init+0x30>
- 08048454 :
- 8048454: ff 25 10 a0 04 08 jmp *0x804a010
- 804845a: 68 20 00 00 00 push $0x20
- 804845f: e9 a0 ff ff ff jmp 8048404 <_init+0x30>
- 08048464 :
- 8048464: ff 25 14 a0 04 08 jmp *0x804a014
- 804846a: 68 28 00 00 00 push $0x28
- 804846f: e9 90 ff ff ff jmp 8048404 <_init+0x30>
- (gdb) x/10i 0x8048454
- 0x8048454 : jmp *0x804a010
- 0x804845a : push $0x20
- 0x804845f : jmp 0x8048404
- 0x8048464 : jmp *0x804a014
- 0x804846a : push $0x28
- 0x804846f : jmp 0x8048404
- 0x8048474: add %al,(�x)
- 0x8048476: add %al,(�x)
- 0x8048478: add %al,(�x)
- 0x804847a: add %al,(�x)
- (gdb) x/10x 0x804a010
- 0x804a010 <_GLOBAL_OFFSET_TABLE_+28>: 0x0804845a 0x0804846a 0x00000000 0x00000000
- 0x804a020 : 0x0029c580 0x00000000 0x00000000 0x00000000
- 0x804a030: 0x00000000 0x00000000
-
08048454 : -
8048454: ff 25 10 a0 04 08 jmp *0x804a010 -
804845a: 68 20 00 00 00 push $0x20 -
804845f: e9 a0 ff ff ff jmp 8048404 <_init+0x30>
- (gdb)
x/10i 0x8048404 -
0x8048404: pushl 0x8049ff8 -
0x804840a: jmp *0x8049ffc -
0x8048410: add %al,(%eax) -
0x8048412: add %al,(%eax) -
0x8048414 <</span>pthread_join@plt>: jmp *0x804a000 -
0x804841a <</span>pthread_join@plt+6>: push $0x0 -
0x804841f <</span>pthread_join@plt+11>: jmp 0x8048404 -
0x8048424 <</span>__gmon_start__@plt>: jmp *0x804a004 -
0x804842a <</span>__gmon_start__@plt+6>: push $0x8 -
0x804842f <</span>__gmon_start__@plt+11>: jmp 0x8048404
- (gdb)
x/10x 0x8049ffc - 0x8049ffc
<</span>_GLOBAL_OFFSET_TABLE_+8>: 0x00123270 0x0804841a 0x0804842a 0x0015daf0 - 0x804a00c
<</span>_GLOBAL_OFFSET_TABLE_+24>: 0x0804844a 0x0804845a 0x0804846a 0x00000000 - 0x804a01c
<</span>__dso_handle>: 0x00000000 0x0029c580 - (gdb)
x/10i 0x00123270 -
0x123270 <</span>_dl_runtime_resolve>: push %eax -
0x123271 <</span>_dl_runtime_resolve+1>: push %ecx -
0x123272 <</span>_dl_runtime_resolve+2>: push %edx -
0x123273 <</span>_dl_runtime_resolve+3>: mov 0x10(%esp),%edx -
0x123277 <</span>_dl_runtime_resolve+7>: mov 0xc(%esp),%eax -
0x12327b <</span>_dl_runtime_resolve+11>: call 0x11d5a0 <</span>_dl_fixup> -
0x123280 <</span>_dl_runtime_resolve+16>: pop %edx -
0x123281 <</span>_dl_runtime_resolve+17>: mov (%esp),%ecx -
0x123284 <</span>_dl_runtime_resolve+20>: mov %eax,(%esp) -
0x123287 <</span>_dl_runtime_resolve+23>: mov 0x4(%esp),%eax
- (gdb)
b main - Breakpoint 1 at 0x8048551:
file test.c, line 19. - (gdb)
r - Starting program:
/home/libin/program/C/plt_got/test - [Thread debugging using libthread_db enabled]
- Breakpoint 1,
main () at test.c:19 - 19
sleep(15); - (gdb)
watch *0x804a010 - Hardware watchpoint 2:
*0x804a010 - (gdb)
c - Continuing.
- Hardware watchpoint 2:
*0x804a010 - Old value
= 134513754 - New value
= 1260912 - _dl_fixup
(l=<</span>value optimized out>, reloc_arg=<</span>value optimized out>) at dl-runtime.c:155 - 155
dl-runtime.c: 没有那个文件或目录. -
in dl-runtime.c - (gdb)
bt - #0 _dl_fixup
(l=<</span>value optimized out>, reloc_arg=<</span>value optimized out>) at dl-runtime.c:155 - #1 0x00123280
in _dl_runtime_resolve () at ../sysdeps/i386/dl-trampoline.S:37 - #2 0x0804858a
in main () at test.c:21 - (gdb)
- (gdb)
x/10i 1260912 -
0x133d70 <</span>__pthread_create_2_1>: push %ebp -
0x133d71 <</span>__pthread_create_2_1+1>: mov %esp,%ebp -
0x133d73 <</span>__pthread_create_2_1+3>: push %edi -
0x133d74 <</span>__pthread_create_2_1+4>: push %esi -
0x133d75 <</span>__pthread_create_2_1+5>: push %ebx -
0x133d76 <</span>__pthread_create_2_1+6>: call 0x132340 <</span>__i686.get_pc_thunk.bx> -
0x133d7b <</span>__pthread_create_2_1+11>: add $0x10279,%ebx -
0x133d81 <</span>__pthread_create_2_1+17>: sub $0x4c,%esp -
0x133d84 <</span>__pthread_create_2_1+20>: mov 0xc(%ebp),%edx -
0x133d87 <</span>__pthread_create_2_1+23>: test %edx,%edx
参考文献:
0 0
- 动态链接库中函数的地址确定---PLT和GOT
- 动态链接库中函数的地址确定---PLT和GOT
- 动态链接库中函数的地址确定---PLT和GOT
- 动态链接库中函数的地址确定---PLT和GOT
- 动态链接库中函数的地址确定---PLT…
- 动态链接库中函数的地址确定---PLT…
- 聊聊Linux动态链接中的PLT和GOT(1)——何谓PLT与GOT
- 理解ELF动态链接中GOT与PLT表
- ELF文件动态链接时 GOT,PLT 的变化过程
- ELF文件动态链接时 GOT,PLT 的变化过程
- ELF文件动态链接时 GOT,PLT 的变化过程
- ELF文件动态链接时 GOT,PLT 的变化过程
- Linux动态链接之GOT与PLT
- Linux动态链接之GOT与PLT
- Linux动态链接之GOT与PLT
- Linux动态链接之GOT与PLT
- 聊聊Linux动态链接中的PLT和GOT(3)——公共GOT表项
- Android ELF文件中.got .plt .rel.plt .rel.dyn节的区别和联系
- Android 获取手机网络、SIM卡等信息
- HttpsURLConnection访问HTTPS链接时信任所有证书
- 火星坐标系 (GCJ-02) 与百度坐标系 (BD-09) 的转换算法
- Mysql 之 视图
- UIView简介
- 动态链接库中函数的地址确定---PLT和GOT
- 阿里云 购买与部署: 流程拾遗
- python 日期加减
- [Java]Spring数据库事务基础知识
- java中的包package
- ASCII码的那些事
- Android layout属性大全
- java 记——循环 统计正负数
- 【干货】不同场景下 如何进行MySQL迁移