[Gammaray-interest] New plugin idea: Event inspector
Christian Gagneraud
chgans at gmail.com
Thu Sep 21 11:25:07 CEST 2017
On 21 September 2017 at 21:11, Christian Gagneraud <chgans at gmail.com> wrote:
[...]
>> https://reverseengineering.stackexchange.com/questions/1992/what-is-plt-got
>
> Thanks for the link, there's more links to follow from there, some are
> definitely very interesting indeed.
>
> I have asked my question on the good old binutils mailing list:
> https://sourceware.org/ml/binutils/2017-09/msg00205.html
>
> We are not in the same situation, you are wrapping known symbol that
> are always resolved dynamically.
> I wan't to wrap symbols, that should actually be resolved either at
> build or run time, and i don't know the symbol name in advance...
>
> As explained in the binutils email, i didn't want to enforce how the
> binary is build (that's a gammaray requirement), but i had to give up,
> so now i'm looking into soft requirement on the final build-time
> linking process... Basically the idea is to make the final elf
> executable more friendly to the elf injector....
>
> Well that's the idea, and so far i'm unlucky! :(
>
> I wonder if it would be possible to use a mix of elf symbol injector
> and vtable injector (maid up the name 20 minutes ago!)...
>
> vtable are duplex communication channels, code in a shared library can
> call code in the executable by simply manipulating object defined in
> the very same shared library, and the magic is called vtable, so maybe
> it's possible to patch vtables at run time!
Which now makes me think about this "weird" clang warning:
warning: 'A' has no out-of-line virtual method definitions; its vtable
will be emitted in every translation unit [-Wweak-vtables]
See eg.: https://stackoverflow.com/questions/23746941/what-is-the-meaning-of-clangs-wweak-vtables
If i understand correctly, it means that for every such warning the
"vtable injector" will have to track yet another potential copy of a
given vtable....
Which means maintaining the same hooks on different instances of a
vtable object... joy, joy....
I do believe that we can leverage Qt introspection system to a new
level in GammaRay, if it is desirable. Everything i talked about so
far was linux specific, thought.
Chris
>
> Chris
More information about the Gammaray-interest
mailing list