I'm proud to announce the release of libhijack 0.6.1 for FreeBSD and Linux. This is mainly a maintenance release with one new feature for FreeBSD users. This release fixes bugs relating to writing data to the child process via ptrace. The new feature for FreeBSD users is the ability to resolve the RTLD's symbols. This wasn't properly being done before. You can download the new release from GitHub by going to the Tags page and downloading the 0.6.1 tarball or right from SoldierX. Read below if you want a technical reason for the new feature for FreeBSD.
FreeBSD includes two different versions of the RTLD's functions, mainly dlopen
and its related functions. The first being the real functions inside the RTLD. The second being stub functions inside libc. When attempting to resolve the RTLD's functions from inside the child process, dlopen
resolves to the real functions. When attempting to resolve the RTLD's functions from the parent process, dlopen
resolves to the fake stub functions. This is because I do not have direct access to the RTLD's Obj_Entry object. Furthermore, the RTLD's section headers are stripped out upon load. Even if I could get at the Obj_Entry object, I wouldn't be able to resolve functions to their names. So I developed a little workaround that adds new API functions to libhijack that allows you to resolve those functions. The new API is limited to FreeBSD only as Linux does not have this issue. If you want to see the source, take a look at this file.