Modifying command line, environment, auxv etc.

[algra...@gmail.com]

An application being wrapped by DynamoRIO, would be started with

main(int argc, char **argv, void **envp) and this would allow it to get

the command line, environment and auxv. Is there any way to modify

these before the application gets control, so that it sees a modified

environment?

I guess I could use dr_get_proc_address(.., "main") and then wrap

the original main(), calling it with adjusted arguments. And also

wrap calls to getauxval() and getenv(). But can this be done more

directly by getting access to the actual data through the DR API?

[Derek Bruening]

For a regular dynamically-linked application, the dynamic loader also examines the auxvals and env before reaching main, so you may want to modify them at the very start and not just at main. For early injection on Linux you could walk the stack at the very start which is in the state the kernel set up with args and env and auxvals in a structured layout. For an API, for just the arguments, see https://github.com/DynamoRIO/dynamorio/issues/2662 where several routines were added: dr_get_app_args(), dr_app_arg_as_cstring(), dr_num_app_args().

--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dynamorio-users/25ae4f18-8699-4396-ac73-376dfec774cen%40googlegroups.com.

[algra...@gmail.com]

Thanks, I've been puzzling over how to make this work. dr_get_app_args() gets me

pointers to the argv strings, which are somewhere in the high stack following the

argv, envp and auxv pointer vectors. But I can't see how to get back from those

string pointers to auxv. Nor can I see how to get there from the current stack

pointer.

Given a pointer to the original argv, it should be possible to step forward through

argv and envp to auxv. DynamoRIO has the original argv (dr_get_app_args() uses it)

but it's not accessible through the API. So I don't see how to do this cleanly from

a client working just through the API... maybe I'm missing something.

[Derek Bruening]

To directly walk the stack maybe what you're missing is https://github.com/DynamoRIO/dynamorio/issues/1152 as without it you have to wait for the first block.  Once you have the initial stack pointer though the stack walk is straightforward, for early injection (not for attach mid-run).

To view this discussion on the web visit https://groups.google.com/d/msgid/dynamorio-users/861ff69b-e174-41c1-bb9a-016bc245cd0dn%40googlegroups.com.

[algra...@gmail.com]

Possibly that would fix it. I ended up doing it a different way -

call dr_get_app_arg() to get the address A of an argument string

(any one, argv[0] is fine). I know that A addresses a location in the

stack because that's where the strings are, and that somewhere

lower down the stack, A occurs in its own right, in argv. So I just scan

downwards from address A until I find a location containing A.

And then I know where argv is and can scan upwards through

envv and auxv, and overwrite them in place if desired.

That's a hack, and not entirely without risk, but it's got more

serious problems than that - firstly, it's not simple to extend any

of the vectors (except into the string area, which means moving

some of the strings elsewhere), but worse, overwriting the 

original vectors falsifies the information provided to DynamoRIO

and clients.

What I really want is to take a deep copy of the environment

(argv, env and auxv), possibly modify or extend it, and have

the target application under test (and whatever getenv() and

getauxval() it's using) see the new version, but have DynamoRIO

core and clients see the real version.