avoid using vtable verification by configuring dl_open_hook

Fixes direct-code-execution#57. Signed-off-by: Hajime Tazaki <[email protected]>
thehajime · Jan 12, 2018 · 2816415 · 2816415
1 parent 278a47a
commit 2816415
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/model/libc-dce.cc b/model/libc-dce.cc
@@ -145,8 +145,28 @@ extern void __stack_chk_fail (void);
 
 typedef void (*func_t)(...);
 
+struct dl_open_hook
+{
+  void *(*dlopen_mode) (const char *name, int mode);
+  void *(*dlsym) (void *map, const char *name);
+  int (*dlclose) (void *map);
+};
+
+void *niu_dlopen (const char *name, int mode)
+{
+  return dlopen(name, RTLD_LAZY);
+}
+
 extern "C" {
 
+static struct dl_open_hook dce_dl_open_hook =
+  {
+    .dlopen_mode = niu_dlopen,
+    .dlsym = dlsym,
+    .dlclose = dlclose
+  };
+
+
  extern int __libc_start_main(int *(main) (int, char * *, char * *), int argc, char * * ubp_av, void (*init) (void), void (*fini) (void), void (*rtld_fini) (void), void (* stack_end));
 
 void libc_dce (struct Libc **libc)
@@ -169,6 +189,9 @@ void libc_dce (struct Libc **libc)
   (*libc)->strpbrk_fn = dce_strpbrk;
   (*libc)->strstr_fn = dce_strstr;
   (*libc)->vsnprintf_fn = dce_vsnprintf;
+
+  extern struct dl_open_hook *_dl_open_hook;
+ _dl_open_hook = (struct dl_open_hook *)&dce_dl_open_hook;
 }
 } // extern "C"