0

如何检测 IMG 负载?我试图检测程序何时加载到内存中,以便在每个函数之前放置中断。我正在尝试执行 PIN 的 IMG_AddInstrumentFunction 之类的操作。

我迷路了,找不到有关它的信息。

谢谢

4

1 回答 1

1

这正是 r_brk 的用途。参见包含/link.h:

  struct r_debug
  {
    .....
    /* This is the address of a function internal to the run-time linker,
       that will always be called when the linker begins to map in a
       library or unmap it, and again when the mapping change is complete.
       The debugger can set a breakpoint at this address if it wants to
       notice shared object mapping changes.  */
    ElfW(Addr) r_brk;
    ....
   };

他们甚至继续解释如何在被调试者中找到这个值:

/* This symbol refers to the "dynamic structure" in the `.dynamic' section
   of whatever module refers to `_DYNAMIC'.  So, to find its own
   `struct r_debug', a program could do:
     for (dyn = _DYNAMIC; dyn->d_tag != DT_NULL; ++dyn)
       if (dyn->d_tag == DT_DEBUG)
     r_debug = (struct r_debug *) dyn->d_un.d_ptr;
   */
于 2014-01-15T21:30:39.577 回答