Comments on: Overriding dynamic library calls (function interposition) http://wesley.vidiqatch.org/18-08-2009/overriding-dynamic-library-calls-function-interposition/ This blog does not need a smart-ass tagline Tue, 09 Mar 2010 12:01:18 +0000 http://wordpress.org/?v=2.9 hourly 1 By: Kees Cook http://wesley.vidiqatch.org/18-08-2009/overriding-dynamic-library-calls-function-interposition/comment-page-1/#comment-22112 Kees Cook Tue, 18 Aug 2009 21:34:13 +0000 http://wesley.vidiqatch.org/?p=497#comment-22112 You can easily LD_PRELOAD-override the functions that perform the sanity check of the OpenGL or DirectX DLL, too. Or you can perform post-execution library injection and Global-Offset-Table rewrites after the sanity checks have already finished. (Basically, manually performing the same things the linker does with LD_PRELOAD, but after the program is running, a bit complex, but doable.) You can easily LD_PRELOAD-override the functions that perform the sanity check of the OpenGL or DirectX DLL, too. Or you can perform post-execution library injection and Global-Offset-Table rewrites after the sanity checks have already finished. (Basically, manually performing the same things the linker does with LD_PRELOAD, but after the program is running, a bit complex, but doable.)

]]> By: Wesley http://wesley.vidiqatch.org/18-08-2009/overriding-dynamic-library-calls-function-interposition/comment-page-1/#comment-22111 Wesley Tue, 18 Aug 2009 21:12:33 +0000 http://wesley.vidiqatch.org/?p=497#comment-22111 <a href="#comment-22109" rel="nofollow">@wouter verhelst </a> Yea, okay. I have hidden the numbers now. Although it's not too hard to find out the needed numbers with a debugger, it will at least be a bit harder for cheaters now. @wouter verhelst
Yea, okay. I have hidden the numbers now. Although it’s not too hard to find out the needed numbers with a debugger, it will at least be a bit harder for cheaters now.

]]> By: TGM http://wesley.vidiqatch.org/18-08-2009/overriding-dynamic-library-calls-function-interposition/comment-page-1/#comment-22110 TGM Tue, 18 Aug 2009 16:48:59 +0000 http://wesley.vidiqatch.org/?p=497#comment-22110 EverQuest 2 Bots FTW! :D EverQuest 2 Bots FTW! :D

]]> By: wouter verhelst http://wesley.vidiqatch.org/18-08-2009/overriding-dynamic-library-calls-function-interposition/comment-page-1/#comment-22109 wouter verhelst Tue, 18 Aug 2009 15:37:01 +0000 http://wesley.vidiqatch.org/?p=497#comment-22109 It might be smart to hide the numbers in your code example if you don't want actual cheaters to abuse your system. It might be smart to hide the numbers in your code example if you don’t want actual cheaters to abuse your system.

]]> By: Jeff http://wesley.vidiqatch.org/18-08-2009/overriding-dynamic-library-calls-function-interposition/comment-page-1/#comment-22108 Jeff Tue, 18 Aug 2009 15:09:32 +0000 http://wesley.vidiqatch.org/?p=497#comment-22108 Cool stuff! Your post inspired me and my friend tonight to re-implement ForceBindIP (http://www.r1ch.net/stuff/forcebindip/) for Linux. It'll be going up on GitHub shortly. StarCraft has problems with multiple network interfaces, so to play over a VPN we'd been running it in a VM that knew only about the VPN, but no physical network interfaces. Now those of us who would like to forgo the virtualisation can happily do so. Thanks for the inspiration! =) Cool stuff!

Your post inspired me and my friend tonight to re-implement ForceBindIP (http://www.r1ch.net/stuff/forcebindip/) for Linux. It’ll be going up on GitHub shortly.

StarCraft has problems with multiple network interfaces, so to play over a VPN we’d been running it in a VM that knew only about the VPN, but no physical network interfaces. Now those of us who would like to forgo the virtualisation can happily do so.

Thanks for the inspiration! =)

]]> By: Philip Paeps http://wesley.vidiqatch.org/18-08-2009/overriding-dynamic-library-calls-function-interposition/comment-page-1/#comment-22105 Philip Paeps Tue, 18 Aug 2009 10:30:47 +0000 http://wesley.vidiqatch.org/?p=497#comment-22105 LD_PRELOAD is possibly one of the most useful features of the runtime linker on POSIXy systems. I have a "line-buffer" script in my $HOME/bin which preloads a shared library which basically does setvbuf(stdout, NULL, _IOLBF, 0) in a function marked __attribute__((constructor)) to force line buffering for misbehaving (ie: badly written) software for which I have no source code, or for which I don't feel like recompiling the source code. I'm also a great fan of tsocks, which uses LD_PRELOAD to wrap socket functions to force communications through a SOCKS proxy (like ssh -D). LD_PRELOAD is possibly one of the most useful features of the runtime linker on POSIXy systems. I have a “line-buffer” script in my $HOME/bin which preloads a shared library which basically does setvbuf(stdout, NULL, _IOLBF, 0) in a function marked __attribute__((constructor)) to force line buffering for misbehaving (ie: badly written) software for which I have no source code, or for which I don’t feel like recompiling the source code.

I’m also a great fan of tsocks, which uses LD_PRELOAD to wrap socket functions to force communications through a SOCKS proxy (like ssh -D).

]]> By: Scott Ritchie http://wesley.vidiqatch.org/18-08-2009/overriding-dynamic-library-calls-function-interposition/comment-page-1/#comment-22104 Scott Ritchie Tue, 18 Aug 2009 09:04:33 +0000 http://wesley.vidiqatch.org/?p=497#comment-22104 Programs that use rootkit-like functionality in Windows can't work in Wine, and a similar attack is plausible within Windows without such rootkits. So there's not much to worry about here for Wine users. Programs that use rootkit-like functionality in Windows can’t work in Wine, and a similar attack is plausible within Windows without such rootkits. So there’s not much to worry about here for Wine users.

]]>