How to Override C Functions on UNIX based OS’s

This example will guide on how to override C Functions in either linux or solaris by wrapping the calls to malloc and free.

This article is solely meant to be educational and by no means should be used to fix poorly written code.

Let’s create a file called malloc_guard.c:

First things first. Here are the required #include’s and #defines:

#define _GNU_SOURCE

#include <dlfcn.h>
#include <stdlib.h>
#include <stdio.h>

#define MALLOC_PAD 50

In order for some macro’s that we will be using to be declared, _GNU_SOURCE needs to be defined. We will be using functions that are found in the dlfcn library to find the address to malloc( ) itself. MALLOC_PAD will be the value of how many bytes to pad malloc( ) calls with.

Now we declare a function pointer that will later point to malloc( ):

static void (*orig_malloc)(size_t size) = NULL;

Here is the malloc( ) function we create:

void* malloc(size_t size)
{
  void *allocated = NULL;

  if(!orig_malloc)
{
fprintf(stderr, "malloc_guard:: wrapping malloc\n");
fflush(stderr);
*(void **) (&orig_malloc) = dlsym(RTLD_NEXT, "malloc");
}

allocated = orig_malloc(size+MALLOC_PAD);
if(!allocated)
{
fprintf(stderr, "malloc_guard:: --MALLOC RETURNED NULL PTR--\n");
fflush(stderr);
}

  return allocated;
}

Alright, there it is, a padded malloc call, suitable for fixing some bad implementation.

The next step is to make sure this malloc( ) is called in place of the standard malloc( ) call. There are two ways to do this, dynamically and statically.

In order to compile this into a dynamic library we use:
gcc malloc_guard.c -fPIC -shared -o malloc_guard.so

Once you have the malloc_guard.so library, you can set your environment to look for the malloc in this library before it looks in glibc by defining LD_PRELOAD.

(ba)sh shell:
export LD_PRELOAD=$PWD/malloc_guard.so

You can verify that any program you call is using your malloc by seeing “malloc_guard:: wrapping malloc” print out to stderr.

To have your malloc( ) be called every time you run a specific program, just compile it into a static library object file and link it in at compile time.

How is this useful? This code snippet can be taken and be revised to pinpoint bugs in code.  Library functions other than malloc and free can be intercepted to display debug data, such as printing values of arguments or what not.

About these ads

5 thoughts on “How to Override C Functions on UNIX based OS’s

  1. Nice post. I’ll keep this in mind the next time I’m debugging. Usually I find the root of these problems using
    valgrind and/or strace where possible. The rest of my solutions involve ritual sacrifices. Your’s is a very cool idea though.

  2. Challenge: intercept dlsym safely while still holding a function pointer to the original dlsym. It is possible, but not in the way you’d expect it to be.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s