Hi,
I'm a student in computer science. As part of my master's project, I'm trying to intercept calls to functions in native libraries on the Android platform. The goal is to decide whether to allow the call or deny it in order to improve security.
Following the approach of a research paper [1], I want to modify the Procedure Linkage Table (PLT) and the Global Offset Table (GOT) of the ELF file. The idea is that I want to make all the function calls point to my own intercepting function, which decides whether to block the call or pass it through to the original target function.
The ELF specification [2] says (in Book III, Chapter 2 Program Loading and Dynamic Linking, page 2-13, Sections "Global Offset Table" and "Procedure Linkage Table") that the actual contents and form of the PLT and the GOT depend upon the processor. However, in the documentation "ELF for the ARM Architecture" [3], I was unable to see the exact specification of either of those tables.
I have 3 questions:
- How can I map a symbol to a GOT or PLT entry?
- Where do I find the precise specification of the GOT and PLT for ARM processors?
- As the PLT contains machine code; will I have to parse that code in order to modify the target address, or do all PLT entries look identical, so that I could just modify the memory at a constant offset for each PLT entry?
Thanks,
Manuel
[1]:
https://link.springer.com/chapter/10.1007/978-3-319-45744-4_23 (Stay in Your Cage! A Sound Sandbox for Third-Party Libraries on Android)
[2]:
http://refspecs.linuxbase.org/elf/elf.pdf (Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification Version 1.2)
[3]:
http://infocenter.arm.com/help/topic/com.arm.doc.ihi0044f/IHI0044F_aaelf.pdf (ELF for the ARM® Architecture)