Skip to main content

Подтасовка с пощью DTrace

Способ подтасовки 🙂

uname lies … Well, it’s been a while to say the least but I think it’s about time to put fingers to keys again and see what comes forth …

I’ve mentioned before some of the great things that can be achieved with destructive actions. Indeed many good examples are popping up – check out this cool example from Chris Gerhards blog. Today we’ll just take a quick look at another one (I actually have a bunch which I’ll try and write-up over the next few weeks).

In the UK we have run a series of events called Make-It-Fly which I’ve been involved with. Last week I did a session on DTrace which I hope everyone who was present enjoyed (I did anyway!). At the events I usually do quite a bit of hands on demo with most of it being hand cranked. However, one of the scripts I use that always gets a laugh is the following one which I don’t hand crank as I can never remember the offsets … If you’ve ever wanted to get uname(1) to return something different to normal then this is what you need:

#!/usr/sbin/dtrace -s

#pragma D option destructive

syscall::uname:entry { self->addr = arg0; }

syscall::uname:return { copyoutstr(“SunOS”, self->addr, 257); copyoutstr(“PowerPC”, self->addr+257, 257); copyoutstr(“5.5.1”, self->addr+(2572), 257); copyoutstr(“gate:1996-12-01”, self->addr+(2573), 257); copyoutstr(“PPC”, self->addr+(257*4), 257); }

Before we have:

# uname -a

SunOS homer 5.10 SunOS_Development sun4u sparc SUNW,Ultra-5_10

and like magic we morph into something else when the above script is ran:

# uname -a

SunOS PowerPC 5.5.1 gate:1996-12-01 PPC sparc SUNW,Ultra-5_10

Here at Sun we often test pieces of software on versions of Solaris that return something different to that which the software is expecting. Previously I would LD_PRELOAD a library in with my own uname hack. Now I can not only do this without bothering the application but I can present different uname information to different applications/users/whatever as I can predicate accordingly! Note, that the above script isn’t quite complete as it returns the incorrect ISA information. This is me being idle and a bit of twiddling with sysinfo() is all that’s needed. Maybe another day. ( Mar 21 2005, 05:20:00 PM GMT+00:00 )

http://blogs.sun.com/jonh/date/20050321#it_s_been_a_long

Смело прокатывает ! Проверял , железобетонно работает – и проще , чем раньше возня с LD_PRELOAD .