Last active
May 2, 2024 13:23
-
-
Save yellowbyte/ec470d75ba7c14ebefed271c6fe58e9e to your computer and use it in GitHub Desktop.
example of using dlopen and dlsym to dynamically resolve call to `puts`. String reference to `puts` is also obfuscated.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // how to compile: gcc dynamic_loading.c -o dynamic_loading -ldl | |
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <dlfcn.h> | |
| #include <string.h> | |
| int main(int argc, char **argv) { | |
| void *handle; | |
| void (*go)(char *); | |
| // get a handle to the library that contains 'puts' function | |
| handle = dlopen ("/lib/x86_64-linux-gnu/libc.so.6", RTLD_LAZY); | |
| // each character in 'otsr' plus 1 in ascii is 'puts' | |
| char *encoded = "otsr"; | |
| int encoded_length = strlen(encoded); | |
| char *decoded = (char*)malloc((encoded_length+1) * sizeof(char)); | |
| for (int i = 0; i < encoded_length; i++){ | |
| decoded[i] = encoded[i]+1; | |
| } | |
| *decoded += '\0'; | |
| // reference to the dynamically-resolved function 'puts' | |
| go = dlsym(handle, decoded); | |
| go("hi"); // == puts("hi"); | |
| // cleanup | |
| free(decoded); | |
| dlclose(handle); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
why can't i pass the paramter to cgo so file...