Detecting when the current execution is before or after main() has started

[AbbeyRoad]

Hi,

I am developing a shared library for preloading that will intercept certain standard C/C++ calls such as malloc/calloc.

It needs to perform certain initialization, which ought to happen when it is first called.

However the library cannot tell if main() has started or not. Note that a bunch of stuff happens before main() on most operating systems and my library gets called a few times even before main() is called.

My library needs to know that main has started, or that it has not started.

But how?

Anyone have ideas?

Thanks!

 

[kpedersen]

Are you able to intercept main?

You could do similar to what SDL does and provide the main() symbol in your library which simply calls _user_main().

Then you could #define main _user_main in a header so when the developer attempts to implement their own main, they inadvertently define _user_main that your library calls. Many compilers support forcing a header to be added for every compilation unit.

It feels a bit hacky but the benefit is that your implementation of main can then set a flag stating that main has been executed.

Or if it is acceptable to use a minimal bit of C++ code...

Potentially C++ global objects get initialized after the pre-main C code. You could add a single C++ object to set this flag (i.e in its constructor)?

 

[SirDice]

Hooking Libc Functions Part 1

Imagine the following C code:

klamp.works

 

[kpedersen]

Hooking Libc Functions Part 1

Imagine the following C code:

klamp.works

Isn't this for glibc only?
Though yes, potentially a similar idea can be used. Would be difficult to make it 100% portable however.

 

[SirDice]

Isn't this for glibc only?

Why would it? The technique is exactly the same, regardless of the library that's being hooked. You don't care about the application's main(), that's totally irrelevant. What matters is where a call to a specific function ends up.

On the Amiga it was easy to hook system functions. That functionality was built-in. Great for improving code that was originally in ROM. But also great for virusses and other horrible things. One notable virus hooked the functions to read sectors on disk. If it detected you were trying to read track 0 it would return a "default" MBR, regardless of what was really on disk at track 0. That way your virusscanner could never detect the virus on disk if the virus was active. Basically one of the first "stealth" virusses.

 

[shkhln]

It needs to perform certain initialization, which ought to happen when it is first called.

Can you put that into a constructor function?

__attribute__((constructor))
static void init() {
  // initialization stuff
}

 

[AbbeyRoad]

thanks shkhln, that worked beautifully.