Find argc and argv from the library

Question

Find argc and argv from the library

How to find the program argcand argvof the shared object? I am writing a library in C that will be loaded through LD_PRELOAD. I managed to find the stack in two different ways:

Read rspthrough the built-in call __asm__.
Read /proc/<pid>/mapsand parse the entry for the stack.

Then I can create a pointer, point it to the stack segment, and then repeat the data search. The problem is that I cannot find an effective way to determine what bytes are argc, and a pointer to a pointer to a string argv.

I know it /proc/<pid>/cmdlinealso contains arguments, each of which is separate 0x00, but I am interested in finding everything in memory.

In gdb, I see a DWORDfor argcfollowed by QWORD, which is the first pointer. 20 bytes before the address argcis a pointer that points to a segment of the main program code. But this is not a deterministic way to identify argcand argv.

I saw some posts, but not working code:

+4

c ++ c pointers linux argv

B-mo Jan 21 '16 at 5:14

source share

2 answers

, , /proc/<pid>/cmdline, C (, ).

, (fx main) , (fx x86-64). , , main , - , , , .

, , main, /. , (, -, main ).

, , , , , , , CRT (, , ).

argv argc , CRT (Microsoft CRT , GNU AFAIK).

, , , GCC init CRT, argv argc -, . , , , CRT- (fx ).

0

skyking 21 . '16 6:33

rici · Accepted Answer · 2016-01-21T06:11:00+0000

, ( Gnu/Linux ), LD_PRELOAD.

; :

int foo(int argc, char **argv, char **env) {
   // Do something with argc, argv (and env, if desired)
}

.init_array:

__attribute__((section(".init_array"))) static void *foo_constructor = &foo;

, LD_PRELOADing , , foo, , argc argv, main ( environ).

Find argc and argv from the library

More articles: