如何检测IMG负载?我试图检测程序何时加载到内存中,以便在每个函数之前放置中断。我正在尝试做一些像PIN的IMG_AddInstrumentFunction。
我迷路了,我无法找到有关它的信息。
THX
答案 0 :(得分:1)
这正是r_brk的用途。请参阅include / link.h:
struct r_debug
{
.....
/* This is the address of a function internal to the run-time linker,
that will always be called when the linker begins to map in a
library or unmap it, and again when the mapping change is complete.
The debugger can set a breakpoint at this address if it wants to
notice shared object mapping changes. */
ElfW(Addr) r_brk;
....
};
他们甚至继续解释如何在debugee中找到这个值:
/* This symbol refers to the "dynamic structure" in the `.dynamic' section
of whatever module refers to `_DYNAMIC'. So, to find its own
`struct r_debug', a program could do:
for (dyn = _DYNAMIC; dyn->d_tag != DT_NULL; ++dyn)
if (dyn->d_tag == DT_DEBUG)
r_debug = (struct r_debug *) dyn->d_un.d_ptr;
*/