dynamic libraries

[blount]

Hi, could you give me some hints/links on how does it work with resolving dynamic symbols? I would guess compiler puts in the place some syscall that returns the address for the desired function. Also if you can get the address of some function during runtime, how does dll randomization make applications safer?

[bluemoon]

which tool-chain and file format you used?
I used elf-ld, it put together a relocation section which describes on required information for patching the executable image.

Also if you can get the address of some function during runtime, how does dll randomization make applications safer?

It make injecting code harder since you cannot inject a fixed piece of code to the victim to call any service.

[blount]

What I rather meant is how does it work internaly in functions like GetProcAddress() in winapi or whatever counterpart in any other os. So it uses some sort of table that puts together addresses and symbols, is the position of the table some fixed accessible address so you can search in it any time? I guess the table is not that easily accessible should the dll randomization be effective. How do you access this table?

[bluemoon]

Im not familiar with windows PE but for ELF, there is a section specifically describe the symbols and it's offset within the image.

To calculate the function(or label) address you need a few things:
- the function lies in which section
- offset of the function within the section
- where did the section loaded(or mapped) (address space randomization play a part here)

The position on the symbol table is structured according to the file format, which is quite trivial for ELF.

How do you access this table?

It's within the file's header. I suppose you have access to the file content when you trying to implement a dynamic linker.

[blount]

uh-huh, i think i get it now