QBDIPreload is a small utility library that provides code injection capabilities using dynamic library injection. It currently only works under Linux using the LD_PRELOAD
mechanism and macOS using the DYLD_INSERT_LIBRARIES
mechanism. For other platforms please check out frida-qbdi-api
instead.
QBDIPreload exploits these library injection mechanisms to hijack the normal program startup. During the hijacking process QBDIPreload will call your code allowing you to setup and start your instrumentation. The compilation should produce a dynamic library (.so
under Linux, .dylib
under macOS) which should then be added to the matching environment variable (LD_PRELOAD
under Linux and DYLD_INSERT_LIBRARIES
under macOS) when running the target binary.
You can look at qbdi_preload_template
for a working example with build and usage instructions.
Note
QBDIPreload automatically takes care of blacklisting instrumentation of the C standard library and the OS loader as described in intro_limitations
.
Note
Please note that QBDIPreload does not allow instrumenting a binary before the main function (inside the loader and the library constructors / init) as explained in intro_limitations
.
Note
QBDIPreload is supposed to be used with LD_PRELOAD
or DYLD_INSERT_LIBRARIES
mechanisms to inject some code into the target process. Hence, the limitations of these also affect QBDIPreload (cannot inject suid binary, ...).
QBDIPRELOAD_INIT
QBDIPRELOAD_NO_ERROR
QBDIPRELOAD_NOT_HANDLED
QBDIPRELOAD_ERR_STARTUP_FAILED
qbdipreload_on_start
qbdipreload_on_premain
qbdipreload_on_main
qbdipreload_on_run
qbdipreload_on_exit
qbdipreload_hook_main
qbdipreload_threadCtxToGPRState
qbdipreload_floatCtxToFPRState