preeny
preeny copied to clipboard
zardus
How to preload the desock.so when running arm binary with qemu?
Hi!
I not sure if preeny can work well with other architectures for example arm. What I'm trying to do is to 'desocket' an arm-based binary by preeny and to run it with qemu user mode.
And the problem occurred when I tried to preload the desock.so to the binary and using qemu-arm to run it. Auctually, I don't know how to preload the desock.so when working with qemu. Because it seems quite different from executing the binary itself.
I use the following command while making and the information of file desock.so also shown below.
make -i CC=arm-linux-gnueabi-gcc
apple@ubuntu:~/afl-qemu/preeny-master/arm-linux-gnueabi$ file desock.so
desock.so: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=d121c381bfce288e8d7c9b36eae7ca1d4bda41dd, not stripped
Normally, I use the following command to run the arm-based binary with qemu. The indispensable -L parameter shows the prefix of the dependent libs path of the target binary which was dynamically linked. When I export the LD_PRELOAD=xxx/desock.so, the -L didn't works anymore.
By the way, the binary would set up an HTTP server and wait for requests from sockets.
apple@ubuntu:squashfs-root$ qemu-arm -L . ./usr/sbin/httpd
sendto() error 2
[debug]add server push uri 3 video3.mjpg
[debug]add server push uri 4 video4.mjpg
gethostbyname:: Success
Is there anybody who can help me out?
If your libc supports LD_PRELOAD, you should be able to use the -E flag to qemu to set it.
On Fri, Feb 19, 2021 at 3:46 AM jackfromeast [email protected] wrote:
Hi! I not sure if preeny can work well with other architectures for example arm. What I'm trying to do is to 'desocket' an arm-based binary by preeny and to run it with qemu user mode.
And the problem occurred when I tried to preload the desock.so to the binary and using qemu-arm to run it. Auctually, I don't know how to preload the desock.so when working with qemu. Because it seems quite different from executing the binary itself.
I use the following command while making and the information of file desock.so also shown below.
make -i CC=arm-linux-gnueabi-gcc
apple@ubuntu:~/afl-qemu/preeny-master/arm-linux-gnueabi$ file desock.so desock.so: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=d121c381bfce288e8d7c9b36eae7ca1d4bda41dd, not stripped
Normally, I use the following command to run the arm-based binary with qemu. The indispensable -L parameter shows the prefix of the dependent libs path of the target binary which was dynamically linked. When I export the LD_PRELOAD=xxx/desock.so, the -L didn't works anymore. By the way, the binary would set up an HTTP server and wait for requests from sockets.
apple@ubuntu:squashfs-root$ qemu-arm -L . ./usr/sbin/httpd sendto() error 2 [debug]add server push uri 3 video3.mjpg [debug]add server push uri 4 video4.mjpg gethostbyname:: Success
Is there anybody who can help me out?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/zardus/preeny/issues/80, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA2LHF5B5LNY6GOEHUQD2HTS7Y6RXANCNFSM4X4ESI4Q .
Hi, I am so sorry that I had lots of other work to do. I tried your suggestion, but it seems didn't work. The output is shown below. I guess I am still missing some dependent lib that the symbol can't be resolved. But what is it?
apple@ubuntu:squashfs-root$ qemu-arm -L . -E LD_PRELOAD=/desock.so ./usr/sbin/httpd
./usr/sbin/httpd: symbol '__aeabi_unwind_cpp_pr0': can't resolve symbol
By the way, I didn't have the source code of the arm binary so I can't recompile.
I also tried this.
apple@ubuntu:squashfs-root$ qemu-arm -L . -E LD_PRELOAD=/home/apple/afl-qemu/preeny-master/arm-linux-gnueabi/desock.so ./usr/sbin/httpd
./usr/sbin/httpd: symbol '__aeabi_unwind_cpp_pr0': can't resolve symbol