fix: __libc_dlopen_mode not found

this still doesn't solve the problem where symtab is not available
jm33-m0 · Apr 3, 2024 · 322d071 · 322d071
1 parent add0a7e
commit 322d071
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 12 deletions.
diff --git a/core/lib/agent/elf.go b/core/lib/agent/elf.go
@@ -18,20 +18,21 @@ import (
 
 // GetSymFromLibc: Get pointer to a libc function
 // that is currently loaded in target process, ASLR-proof
-func GetSymFromLibc(pid int, sym string) (addr int64) {
-	libc_path, base, offset := GetLibc(pid)
-	if base == 0 {
+func GetSymFromLibc(pid int, sym string) (addr int64, err error) {
+	libc_path, base, offset, err := GetLibc(pid)
+	if base == 0 || err != nil {
+		err = fmt.Errorf("libc not found: %v", err)
 		return
 	}
 	elf_file, err := elf.Open(libc_path)
 	if err != nil {
-		log.Printf("ELF open: %v", err)
+		err = fmt.Errorf("ELF open: %v", err)
 		return
 	}
 	defer elf_file.Close()
-	syms, err := elf_file.DynamicSymbols()
+	syms, err := elf_file.Symbols()
 	if err != nil {
-		log.Printf("ELF symbols: %v", err)
+		err = fmt.Errorf("ELF symbols: %v", err)
 		return
 	}
 	for _, s := range syms {
@@ -40,25 +41,31 @@ func GetSymFromLibc(pid int, sym string) (addr int64) {
 			break
 		}
 	}
+	if addr == 0 {
+		err = fmt.Errorf("scanned %d symbols, symbol (addr 0x%x) %s not found", len(syms), addr, sym)
+		return
+	}
 	log.Printf("Address of %s is 0x%x", sym, addr)
 
 	return
 }
 
 // GetLibc get base address, ASLR offset value, and path of libc
 // by parsing /proc/pid/maps
-func GetLibc(pid int) (path string, addr, offset int64) {
+func GetLibc(pid int) (path string, addr, offset int64, err error) {
 	map_path := fmt.Sprintf("/proc/%d/maps", pid)
 
 	f, err := os.Open(map_path)
 	if err != nil {
+		err = fmt.Errorf("open %s: %v", map_path, err)
 		return
 	}
+	defer f.Close()
 	scanner := bufio.NewScanner(f)
 	for scanner.Scan() {
 		line := scanner.Text()
-		if !strings.Contains(line, "libc-") ||
-			!strings.Contains(line, " r-xp ") {
+		isLibc := strings.Contains(line, "libc.so") && strings.Contains(line, " r-xp ")
+		if !isLibc {
 			continue
 		}
 		fields := strings.Fields(line)
@@ -70,6 +77,12 @@ func GetLibc(pid int) (path string, addr, offset int64) {
 			addr, offset, path)
 		break
 	}
+
+	// check if we got the right libc
+	if path == "" {
+		err = fmt.Errorf("scanned map file, libc not found")
+	}
+
 	return
 }
 

diff --git a/core/lib/agent/injector.go b/core/lib/agent/injector.go
@@ -204,9 +204,9 @@ func InjectorHandler(pid int, method string) (err error) {
 
 // inject a shared library into target process
 func InjectSharedLib(so_path string, pid int) (err error) {
-	dlopen_addr := GetSymFromLibc(pid, "__libc_dlopen_mode")
-	if dlopen_addr == 0 {
-		return fmt.Errorf("failed to get __libc_dlopen_mode address for %d", pid)
+	dlopen_addr, err := GetSymFromLibc(pid, "__libc_dlopen_mode")
+	if err != nil {
+		return fmt.Errorf("failed to get __libc_dlopen_mode address for %d: %v", pid, err)
 	}
 	shellcode := gen_dlopen_shellcode(so_path, dlopen_addr)
 	if len(shellcode) == 0 {