Global Offset Table Tracker
Subsystem for tracking accesses to external function calls made through pointers in an inferior's Global Offset Table, such as those made by the stubs in the Procedure Linkage Table.
Currently, it does this by attatching watchpoints to the entries in the GOT and taking note of where the call came from, but it could be done much faster by injecting our own code into the program space to track this.
Classes:
-
RelocTypes–This class contains all the relocation type constants so that one may
-
TrapAllocator–Utility that allocates and manages executable addresses in the space of the
-
Patcher–Watches for changes made by program code to the GOT and fixes them up.
-
Tracker–Class that tracks the accesses made to the entries in the GOT.
Functions:
-
is_mmap_error–Checks whether the return value of an mmap of indicates an error.
-
display_name–Return the display name for a symbol or objfile.
-
all_tracked_entries–Return an iterator over all of the GOT whose accesses are being tracked.
-
tracked_entry_by_address–Return the tracker associated with the entry at the given address, if any.
-
enable_got_call_tracking–Enable the analysis of calls made through the GOT.
-
disable_got_call_tracking–Disable the analysis of calls made through the GOT.
-
jump_slots_for–Returns the jump slot addresses described by the given dynamic section.
Attributes:
-
JUMP_SLOTS– -
IRELATIVE_SLOTS– -
TRAP_ALLOCATOR– -
GOT_TRACKING– -
INSTALLED_WATCHPOINTS(dict[int, tuple[Tracker, Patcher]]) –
module-attribute ¤
JUMP_SLOTS = {
"x86-64": {R_X86_64_JUMP_SLOT},
"i386": {R_386_JMP_SLOT},
"aarch64": {R_AARCH64_JUMP_SLOT},
"mips": {R_MIPS_JUMP_SLOT},
"powerpc": {R_PPC_JMP_SLOT},
"sparc": {R_SPARC_JMP_SLOT},
"arm": {R_ARM_JUMP_SLOT},
"armcm": {R_ARM_JUMP_SLOT},
"rv32": {R_RISCV_JUMP_SLOT},
"rv64": {R_RISCV_JUMP_SLOT},
}
module-attribute ¤
IRELATIVE_SLOTS = {
"x86-64": {R_X86_64_IRELATIVE},
"i386": {R_386_IRELATIVE},
"aarch64": {R_AARCH64_P32_IRELATIVE, R_AARCH64_IRELATIVE},
"mips": set(),
"powerpc": {R_PPC_IRELATIVE},
"sparc": {R_SPARC_IRELATIVE},
"arm": {R_ARM_IRELATIVE},
"armcm": {R_ARM_IRELATIVE},
"rv32": {R_RISCV_IRELATIVE},
"rv64": {R_RISCV_IRELATIVE},
}
module-attribute ¤
This class contains all the relocation type constants so that one may interpret the relocations types present in the DYNAMIC segment. These constants are defined in each of the processors' SystemV R4 psABI document, or equivalent, and should stay the same across all implementations of libc on systems that adhere to that ABI, such as Linux.
Most of these were sourced from GLibc, which conveniently lists all of the relocations types in a single file1.
Attributes:
-
R_RISCV_JUMP_SLOT– -
R_X86_64_JUMP_SLOT– -
R_386_JMP_SLOT– -
R_CRIS_JUMP_SLOT– -
R_390_JMP_SLOT– -
R_CKCORE_JUMP_SLOT– -
R_TILEPRO_JMP_SLOT– -
R_MICROBLAZE_JUMP_SLOT– -
R_TILEGX_JMP_SLOT– -
R_OR1K_JMP_SLOT– -
R_68K_JMP_SLOT– -
R_SPARC_JMP_SLOT– -
R_PPC_JMP_SLOT– -
R_PPC64_JMP_SLOT– -
R_ARM_JUMP_SLOT– -
R_MN10300_JMP_SLOT– -
R_ALPHA_JMP_SLOT– -
R_NIOS2_JUMP_SLOT– -
R_NDS32_JMP_SLOT– -
R_METAG_JMP_SLOT– -
R_M32R_JMP_SLOT– -
R_ARC_JMP_SLOT– -
R_MIPS_JUMP_SLOT– -
R_SH_JMP_SLOT– -
R_AARCH64_JUMP_SLOT– -
R_X86_64_IRELATIVE– -
R_386_IRELATIVE– -
R_RISCV_IRELATIVE– -
R_390_IRELATIVE– -
R_ARM_IRELATIVE– -
R_AARCH64_P32_IRELATIVE– -
R_PPC_IRELATIVE– -
R_PPC64_IRELATIVE– -
R_SPARC_IRELATIVE– -
R_AARCH64_IRELATIVE–
Utility that allocates and manages executable addresses in the space of the executing program that we can trap.
Methods:
-
alloc–Allocates a new address to where program execution can be diverted.
-
free–Indicates that an address obtained from alloc() can be recycled.
-
clear–Deletes all memory mappings and frees all addresses.
Attributes:
Bases: Breakpoint
Watches for changes made by program code to the GOT and fixes them up.
This class is paired with Tracker, and instances of both classes always function together.
Methods:
-
should_stop– -
stop–
Attributes:
Bases: Breakpoint
Class that tracks the accesses made to the entries in the GOT.
This class is paired with Patcher, and instances of both classes always function together.
Methods:
-
delete– -
should_stop– -
stop–
Attributes:
-
total_hits– -
target– -
dynamic_section– -
relocation_fn– -
relocation_index– -
link_map_entry– -
trapped_address– -
hits(dict[tuple[int, ...], int]) – -
silent–
Checks whether the return value of an mmap of indicates an error.
Return the display name for a symbol or objfile.
Ideally, we'd like to display all of the names of the symbols as text, but there is really nothing stopping symbol names from being stored in some fairly wacky encoding or really from having names that aren't text at all.
We should try our best to turn whatever the symbol name is into text, but not so much that non-text entries or entries in unknown encodings become unrecognizable.
Return an iterator over all of the GOT whose accesses are being tracked.
Return the tracker associated with the entry at the given address, if any.
Enable the analysis of calls made through the GOT.
Disable the analysis of calls made through the GOT.
Returns the jump slot addresses described by the given dynamic section.