Library interaction with dlsym
I am writing an interpolation library to keep track of the use of some library functions in libc like open (), close (), connect (), etc. It works well in most applications. However, when I try to use PHP using in particular the PHP MySQL module, none of the calls to libc functions inside that module are tracked (hence no connect (), no socket (), etc.). 'strace' told me that the system is calling socket (), connect (), etc. Running the "file" in the module and libmysqlclient.so.16.0.0 said they were all dynamically linked. So it shouldn't be a static linking issue. What could be the problem?
I am using Fedora 11 64-bit.
Thank.
source to share
It looks like it wasn't caused by a static link. Actually PHP is dynamically linked with other libraries. The problem has to do with the way PHP loads extensions.
PHP loads extensions by calling dlopen () with the RTLD_LAZY flags, which means that the symbol will only be resolved when the link is made. This bypasses the interpolation given by LD_PRELOAD.
source to share
I agree with the above answer that these libraries can bypass calls to open (), write (), etc. in libc. In other words, these libraries can directly access system calls using assembly rather than using libc. While it is not all that easy to see applications using syscalls directly, it is not unheard of. If so, why not see interpolation in the library interpolation experiment. You have two paths, a quick one through strace and a more complex one in creating a kernel module that will intercept these calls at the kernel level and report any framework you build.
Have fun .. ErnestoB
source to share