Redirecting functions in shared ELF libraries
7 min read
fairly easy
This article gives a brief description of ELF libs structure and functioning and also shows how to intercept function calls from one library into another.
Table of Contents

1. The problem

We all use Dynamic Link Libraries (DLL). They have excellent facilities. First, such library loads into the physical address space only once for all processes. Secondly, you can expand the functionality of the program by loading the additional library, which will provide this functionality. And that is without restarting the program. Also a problem of updating is solved. It is possible to define the standard interface for the DLL and to influence the functionality and the quality of the basic program by changing the version of the library. Such methods of the code reusability were called "plug-in architecture". But let's move on.

Of course, not every dynamic link library relies only on itself in its implementation, namely, on the computational power of the processor and the memory. Libraries use libraries or just standard libraries. For example, programs in the C\C++ language use standard C\C++ libraries. The latter, besides, are also organized into the dynamic link form ( and They are stored in the files of the specific format. My research was held for Linux OS where the main format of dynamic link libraries is ELF (Executable and Linkable Format).

Recently I faced the necessity of intercepting function calls from one library into another - just to process them in such a way. This is called the call redirecting.

1.1 What does redirecting mean?

First, let's formulate the problem on the concrete example. Supposing we have a program called «test» on the C language (test.c file) and two split libraries (libtest1.c and libtest2.c files) with permanent contents and which were compiled beforehand. These libraries provide functions: libtest1() and libtest2() , respectively. In their implementation each of them uses the puts() function from the standard library of the C language.

A task consists in the following:

To replace the call of the puts() function for both libraries by the call of the redirected puts()…
Apriorit Inc, Anthony Shoumikhin
Read full article