Choosing the right io_getevents function from libaio.so.1 using dlsym
1
I'm trying to intercept calls to io_getevents (and other aio calls) by writing a shared library and using that with LD_PRELOAD before running a binary.
What I've noticed is that the "actual" io_getevents function that should be called is not the same as the one I get with dlsym and RTLD_NEXT.
I've written a minimal example of the problem.
#define _GNU_SOURCE
#include <stdio.h>
#include <dlfcn.h>
#include <libaio.h>
void print_dl_info(void *fn)
Dl_info dlInfo;
if(!dladdr(fn, &dlInfo))
fprintf(stderr, "dlInfo failed: %sn", dlerror());
return;
printf("dlInfo name %s, base %p, sname %s, saddr %pn",
dlInfo.dli_fname, dlInfo.dli_fbase, dlInfo.dli_sname, dlInfo.dli_saddr);
int main()
void *handle;
void *fn;
// Opening the shared library directly
handle = dlopen("libaio.so.1", RTLD_NOW);
if (handle == NULL)
fprintf(stderr, "dlopen failed: %sn", dlerror());
return 1;
fn = dlsym(handle, "io_getevents");
if (fn == NULL)
fprintf(stderr, "dlsym failed: %sn", dlerror());
return 1;
printf("When opening libaio.so.1 directlyn");
print_dl_info(fn);
dlclose(handle);
// Just using RTLD_NEXT (this is what I was using with LD_PRELOAD)
// It gives a different function address.
fn = dlsym(RTLD_NEXT, "io_getevents");
printf("When using RTLD_NEXTn");
print_dl_info(fn);
io_getevents(NULL, 0, 0, NULL, NULL);
return 0;
And here's the output
$ gcc test3.c -ldl -laio
$ ./a.out
When opening libaio.so.1 directly
dlInfo name /lib/x86_64-linux-gnu/libaio.so.1, base 0x7fc9a1bbb000, sname io_getevents, saddr 0x7fc9a1bbb650
When using RTLD_NEXT
dlInfo name /lib/x86_64-linux-gnu/libaio.so.1, base 0x7fc9a1bbb000, sname io_getevents, saddr 0x7fc9a1bbb770
$ nm -D /lib/x86_64-linux-gnu/libaio.so.1
00000000000006a0 T io_cancel
00000000000006d0 T io_cancel
00000000000006c0 T io_destroy
0000000000000650 T io_getevents
0000000000000770 T io_getevents
0000000000000590 T io_queue_init
00000000000005b0 T io_queue_release
00000000000005d0 T io_queue_run
0000000000000710 T io_queue_wait
00000000000005c0 T io_queue_wait
00000000000006b0 T io_setup
0000000000000690 T io_submit
0000000000000000 A LIBAIO_0.1
0000000000000000 A LIBAIO_0.4
U __stack_chk_fail
Without using dlsym/dlopen, I tried the following
#define _GNU_SOURCE
#include <stdio.h>
#include <string.h>
#include <libaio.h>
int main(int argc, char **argv)
io_context_t ctx;
// Using gdb to print its address
io_getevents(ctx, 0, 0, NULL, NULL);
return 0;
And ran it as follows -
$ gcc -g test1.c -laio
$ gdb a.out
(gdb) set step-mode on
(gdb) b 7
Breakpoint 1 at 0x400575: file test1.c, line 7.
(gdb) r
Starting program: a.out
Breakpoint 1, main (argc=1, argv=0x7fffffffe5b8) at test1.c:9
9 io_getevents(ctx, 0, 0, NULL, NULL);
(gdb) s
0x00007ffff7bd5650 in io_getevents () from /lib/x86_64-linux-gnu/libaio.so.1
Q1. Why is it that one of them uses the address 650 and the other 750?
Q2. It looks like I need to use the one ending with 650. When I used LD_PRELOAD and intercepted an io_getevents function and sent it to the 750 address, it didn't work. To fix this, I hardcoded the address using dlInfo.dli_fbase + 0x650. Is there a better way to do it?
c ld-preload aio
asked Nov 16 '18 at 4:00
algrebealgrebe
1,002716
add a comment |
1
I'm trying to intercept calls to io_getevents (and other aio calls) by writing a shared library and using that with LD_PRELOAD before running a binary.
What I've noticed is that the "actual" io_getevents function that should be called is not the same as the one I get with dlsym and RTLD_NEXT.
I've written a minimal example of the problem.
#define _GNU_SOURCE
#include <stdio.h>
#include <dlfcn.h>
#include <libaio.h>
void print_dl_info(void *fn)
Dl_info dlInfo;
if(!dladdr(fn, &dlInfo))
fprintf(stderr, "dlInfo failed: %sn", dlerror());
return;
printf("dlInfo name %s, base %p, sname %s, saddr %pn",
dlInfo.dli_fname, dlInfo.dli_fbase, dlInfo.dli_sname, dlInfo.dli_saddr);
int main()
void *handle;
void *fn;
// Opening the shared library directly
handle = dlopen("libaio.so.1", RTLD_NOW);
if (handle == NULL)
fprintf(stderr, "dlopen failed: %sn", dlerror());
return 1;
fn = dlsym(handle, "io_getevents");
if (fn == NULL)
fprintf(stderr, "dlsym failed: %sn", dlerror());
return 1;
printf("When opening libaio.so.1 directlyn");
print_dl_info(fn);
dlclose(handle);
// Just using RTLD_NEXT (this is what I was using with LD_PRELOAD)
// It gives a different function address.
fn = dlsym(RTLD_NEXT, "io_getevents");
printf("When using RTLD_NEXTn");
print_dl_info(fn);
io_getevents(NULL, 0, 0, NULL, NULL);
return 0;
And here's the output
$ gcc test3.c -ldl -laio
$ ./a.out
When opening libaio.so.1 directly
dlInfo name /lib/x86_64-linux-gnu/libaio.so.1, base 0x7fc9a1bbb000, sname io_getevents, saddr 0x7fc9a1bbb650
When using RTLD_NEXT
dlInfo name /lib/x86_64-linux-gnu/libaio.so.1, base 0x7fc9a1bbb000, sname io_getevents, saddr 0x7fc9a1bbb770
$ nm -D /lib/x86_64-linux-gnu/libaio.so.1
00000000000006a0 T io_cancel
00000000000006d0 T io_cancel
00000000000006c0 T io_destroy
0000000000000650 T io_getevents
0000000000000770 T io_getevents
0000000000000590 T io_queue_init
00000000000005b0 T io_queue_release
00000000000005d0 T io_queue_run
0000000000000710 T io_queue_wait
00000000000005c0 T io_queue_wait
00000000000006b0 T io_setup
0000000000000690 T io_submit
0000000000000000 A LIBAIO_0.1
0000000000000000 A LIBAIO_0.4
U __stack_chk_fail
Without using dlsym/dlopen, I tried the following
#define _GNU_SOURCE
#include <stdio.h>
#include <string.h>
#include <libaio.h>
int main(int argc, char **argv)
io_context_t ctx;
// Using gdb to print its address
io_getevents(ctx, 0, 0, NULL, NULL);
return 0;
And ran it as follows -
$ gcc -g test1.c -laio
$ gdb a.out
(gdb) set step-mode on
(gdb) b 7
Breakpoint 1 at 0x400575: file test1.c, line 7.
(gdb) r
Starting program: a.out
Breakpoint 1, main (argc=1, argv=0x7fffffffe5b8) at test1.c:9
9 io_getevents(ctx, 0, 0, NULL, NULL);
(gdb) s
0x00007ffff7bd5650 in io_getevents () from /lib/x86_64-linux-gnu/libaio.so.1
Q1. Why is it that one of them uses the address 650 and the other 750?
Q2. It looks like I need to use the one ending with 650. When I used LD_PRELOAD and intercepted an io_getevents function and sent it to the 750 address, it didn't work. To fix this, I hardcoded the address using dlInfo.dli_fbase + 0x650. Is there a better way to do it?
c ld-preload aio
asked Nov 16 '18 at 4:00
algrebealgrebe
1,002716
1
That might be symbol-versioning. Use option--with-symbol-versionsofnm(1)Also there is adlvsym(3)function (obviously a non-standard, non-portable extension).
– Lorinczy Zsigmond
Nov 16 '18 at 4:54
Thank you for your reply! I'm currently running ubuntu 16.04 and nm does not have that option. I'll have to update binutils. Will try this out soon!
– algrebe
Nov 16 '18 at 5:16
1
You are right. I usedobjdump -T /lib/x86_64-linux-gnu/libaio.so.1and found two versionsLIBAIO_0.4and(LIBAIO_0.1). Thank you!
– algrebe
Nov 16 '18 at 5:28
add a comment |
1
1
1
I'm trying to intercept calls to io_getevents (and other aio calls) by writing a shared library and using that with LD_PRELOAD before running a binary.
What I've noticed is that the "actual" io_getevents function that should be called is not the same as the one I get with dlsym and RTLD_NEXT.
I've written a minimal example of the problem.
#define _GNU_SOURCE
#include <stdio.h>
#include <dlfcn.h>
#include <libaio.h>
void print_dl_info(void *fn)
Dl_info dlInfo;
if(!dladdr(fn, &dlInfo))
fprintf(stderr, "dlInfo failed: %sn", dlerror());
return;
printf("dlInfo name %s, base %p, sname %s, saddr %pn",
dlInfo.dli_fname, dlInfo.dli_fbase, dlInfo.dli_sname, dlInfo.dli_saddr);
int main()
void *handle;
void *fn;
// Opening the shared library directly
handle = dlopen("libaio.so.1", RTLD_NOW);
if (handle == NULL)
fprintf(stderr, "dlopen failed: %sn", dlerror());
return 1;
fn = dlsym(handle, "io_getevents");
if (fn == NULL)
fprintf(stderr, "dlsym failed: %sn", dlerror());
return 1;
printf("When opening libaio.so.1 directlyn");
print_dl_info(fn);
dlclose(handle);
// Just using RTLD_NEXT (this is what I was using with LD_PRELOAD)
// It gives a different function address.
fn = dlsym(RTLD_NEXT, "io_getevents");
printf("When using RTLD_NEXTn");
print_dl_info(fn);
io_getevents(NULL, 0, 0, NULL, NULL);
return 0;
And here's the output
$ gcc test3.c -ldl -laio
$ ./a.out
When opening libaio.so.1 directly
dlInfo name /lib/x86_64-linux-gnu/libaio.so.1, base 0x7fc9a1bbb000, sname io_getevents, saddr 0x7fc9a1bbb650
When using RTLD_NEXT
dlInfo name /lib/x86_64-linux-gnu/libaio.so.1, base 0x7fc9a1bbb000, sname io_getevents, saddr 0x7fc9a1bbb770
$ nm -D /lib/x86_64-linux-gnu/libaio.so.1
00000000000006a0 T io_cancel
00000000000006d0 T io_cancel
00000000000006c0 T io_destroy
0000000000000650 T io_getevents
0000000000000770 T io_getevents
0000000000000590 T io_queue_init
00000000000005b0 T io_queue_release
00000000000005d0 T io_queue_run
0000000000000710 T io_queue_wait
00000000000005c0 T io_queue_wait
00000000000006b0 T io_setup
0000000000000690 T io_submit
0000000000000000 A LIBAIO_0.1
0000000000000000 A LIBAIO_0.4
U __stack_chk_fail
Without using dlsym/dlopen, I tried the following
#define _GNU_SOURCE
#include <stdio.h>
#include <string.h>
#include <libaio.h>
int main(int argc, char **argv)
io_context_t ctx;
// Using gdb to print its address
io_getevents(ctx, 0, 0, NULL, NULL);
return 0;
And ran it as follows -
$ gcc -g test1.c -laio
$ gdb a.out
(gdb) set step-mode on
(gdb) b 7
Breakpoint 1 at 0x400575: file test1.c, line 7.
(gdb) r
Starting program: a.out
Breakpoint 1, main (argc=1, argv=0x7fffffffe5b8) at test1.c:9
9 io_getevents(ctx, 0, 0, NULL, NULL);
(gdb) s
0x00007ffff7bd5650 in io_getevents () from /lib/x86_64-linux-gnu/libaio.so.1
Q1. Why is it that one of them uses the address 650 and the other 750?
Q2. It looks like I need to use the one ending with 650. When I used LD_PRELOAD and intercepted an io_getevents function and sent it to the 750 address, it didn't work. To fix this, I hardcoded the address using dlInfo.dli_fbase + 0x650. Is there a better way to do it?
c ld-preload aio
asked Nov 16 '18 at 4:00
algrebealgrebe
1,002716
I'm trying to intercept calls to io_getevents (and other aio calls) by writing a shared library and using that with LD_PRELOAD before running a binary.
What I've noticed is that the "actual" io_getevents function that should be called is not the same as the one I get with dlsym and RTLD_NEXT.
I've written a minimal example of the problem.
#define _GNU_SOURCE
#include <stdio.h>
#include <dlfcn.h>
#include <libaio.h>
void print_dl_info(void *fn)
Dl_info dlInfo;
if(!dladdr(fn, &dlInfo))
fprintf(stderr, "dlInfo failed: %sn", dlerror());
return;
printf("dlInfo name %s, base %p, sname %s, saddr %pn",
dlInfo.dli_fname, dlInfo.dli_fbase, dlInfo.dli_sname, dlInfo.dli_saddr);
int main()
void *handle;
void *fn;
// Opening the shared library directly
handle = dlopen("libaio.so.1", RTLD_NOW);
if (handle == NULL)
fprintf(stderr, "dlopen failed: %sn", dlerror());
return 1;
fn = dlsym(handle, "io_getevents");
if (fn == NULL)
fprintf(stderr, "dlsym failed: %sn", dlerror());
return 1;
printf("When opening libaio.so.1 directlyn");
print_dl_info(fn);
dlclose(handle);
// Just using RTLD_NEXT (this is what I was using with LD_PRELOAD)
// It gives a different function address.
fn = dlsym(RTLD_NEXT, "io_getevents");
printf("When using RTLD_NEXTn");
print_dl_info(fn);
io_getevents(NULL, 0, 0, NULL, NULL);
return 0;
And here's the output
$ gcc test3.c -ldl -laio
$ ./a.out
When opening libaio.so.1 directly
dlInfo name /lib/x86_64-linux-gnu/libaio.so.1, base 0x7fc9a1bbb000, sname io_getevents, saddr 0x7fc9a1bbb650
When using RTLD_NEXT
dlInfo name /lib/x86_64-linux-gnu/libaio.so.1, base 0x7fc9a1bbb000, sname io_getevents, saddr 0x7fc9a1bbb770
$ nm -D /lib/x86_64-linux-gnu/libaio.so.1
00000000000006a0 T io_cancel
00000000000006d0 T io_cancel
00000000000006c0 T io_destroy
0000000000000650 T io_getevents
0000000000000770 T io_getevents
0000000000000590 T io_queue_init
00000000000005b0 T io_queue_release
00000000000005d0 T io_queue_run
0000000000000710 T io_queue_wait
00000000000005c0 T io_queue_wait
00000000000006b0 T io_setup
0000000000000690 T io_submit
0000000000000000 A LIBAIO_0.1
0000000000000000 A LIBAIO_0.4
U __stack_chk_fail
Without using dlsym/dlopen, I tried the following
#define _GNU_SOURCE
#include <stdio.h>
#include <string.h>
#include <libaio.h>
int main(int argc, char **argv)
io_context_t ctx;
// Using gdb to print its address
io_getevents(ctx, 0, 0, NULL, NULL);
return 0;
And ran it as follows -
$ gcc -g test1.c -laio
$ gdb a.out
(gdb) set step-mode on
(gdb) b 7
Breakpoint 1 at 0x400575: file test1.c, line 7.
(gdb) r
Starting program: a.out
Breakpoint 1, main (argc=1, argv=0x7fffffffe5b8) at test1.c:9
9 io_getevents(ctx, 0, 0, NULL, NULL);
(gdb) s
0x00007ffff7bd5650 in io_getevents () from /lib/x86_64-linux-gnu/libaio.so.1
Q1. Why is it that one of them uses the address 650 and the other 750?
Q2. It looks like I need to use the one ending with 650. When I used LD_PRELOAD and intercepted an io_getevents function and sent it to the 750 address, it didn't work. To fix this, I hardcoded the address using dlInfo.dli_fbase + 0x650. Is there a better way to do it?
c ld-preload aio
c ld-preload aio
asked Nov 16 '18 at 4:00
algrebealgrebe
1,002716
asked Nov 16 '18 at 4:00
algrebealgrebe
1,002716
asked Nov 16 '18 at 4:00
algrebealgrebe
1,002716
asked Nov 16 '18 at 4:00
algrebealgrebe
1,002716
asked Nov 16 '18 at 4:00
algrebealgrebe
1,002716
1,002716
1
That might be symbol-versioning. Use option--with-symbol-versionsofnm(1)Also there is adlvsym(3)function (obviously a non-standard, non-portable extension).
– Lorinczy Zsigmond
Nov 16 '18 at 4:54
Thank you for your reply! I'm currently running ubuntu 16.04 and nm does not have that option. I'll have to update binutils. Will try this out soon!
– algrebe
Nov 16 '18 at 5:16
1
You are right. I usedobjdump -T /lib/x86_64-linux-gnu/libaio.so.1and found two versionsLIBAIO_0.4and(LIBAIO_0.1). Thank you!
– algrebe
Nov 16 '18 at 5:28
add a comment |
1
That might be symbol-versioning. Use option--with-symbol-versionsofnm(1)Also there is adlvsym(3)function (obviously a non-standard, non-portable extension).
– Lorinczy Zsigmond
Nov 16 '18 at 4:54
Thank you for your reply! I'm currently running ubuntu 16.04 and nm does not have that option. I'll have to update binutils. Will try this out soon!
– algrebe
Nov 16 '18 at 5:16
1
You are right. I usedobjdump -T /lib/x86_64-linux-gnu/libaio.so.1and found two versionsLIBAIO_0.4and(LIBAIO_0.1). Thank you!
– algrebe
Nov 16 '18 at 5:28
1
1
That might be symbol-versioning. Use option
--with-symbol-versions of nm(1) Also there is a dlvsym(3) function (obviously a non-standard, non-portable extension).– Lorinczy Zsigmond
Nov 16 '18 at 4:54
That might be symbol-versioning. Use option
--with-symbol-versions of nm(1) Also there is a dlvsym(3) function (obviously a non-standard, non-portable extension).– Lorinczy Zsigmond
Nov 16 '18 at 4:54
Thank you for your reply! I'm currently running ubuntu 16.04 and nm does not have that option. I'll have to update binutils. Will try this out soon!
– algrebe
Nov 16 '18 at 5:16
Thank you for your reply! I'm currently running ubuntu 16.04 and nm does not have that option. I'll have to update binutils. Will try this out soon!
– algrebe
Nov 16 '18 at 5:16
1
1
You are right. I used
objdump -T /lib/x86_64-linux-gnu/libaio.so.1 and found two versions LIBAIO_0.4 and (LIBAIO_0.1). Thank you!– algrebe
Nov 16 '18 at 5:28
You are right. I used
objdump -T /lib/x86_64-linux-gnu/libaio.so.1 and found two versions LIBAIO_0.4 and (LIBAIO_0.1). Thank you!– algrebe
Nov 16 '18 at 5:28
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53331242%2fchoosing-the-right-io-getevents-function-from-libaio-so-1-using-dlsym%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53331242%2fchoosing-the-right-io-getevents-function-from-libaio-so-1-using-dlsym%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
That might be symbol-versioning. Use option
--with-symbol-versionsofnm(1)Also there is adlvsym(3)function (obviously a non-standard, non-portable extension).– Lorinczy Zsigmond
Nov 16 '18 at 4:54
Thank you for your reply! I'm currently running ubuntu 16.04 and nm does not have that option. I'll have to update binutils. Will try this out soon!
– algrebe
Nov 16 '18 at 5:16
1
You are right. I used
objdump -T /lib/x86_64-linux-gnu/libaio.so.1and found two versionsLIBAIO_0.4and(LIBAIO_0.1). Thank you!– algrebe
Nov 16 '18 at 5:28