How to preload the desock.so when running arm binary with qemu?

[jackfromeast]

Hi!
I not sure if preeny can work well with other architectures for example arm. What I'm trying to do is to 'desocket' an arm-based binary by preeny and to run it with qemu user mode.

And the problem occurred when I tried to preload the desock.so to the binary and using qemu-arm to run it. Auctually, I don't know how to preload the desock.so when working with qemu. Because it seems quite different from executing the binary itself.

I use the following command while making and the information of file desock.so also shown below.

make -i CC=arm-linux-gnueabi-gcc

apple@ubuntu:~/afl-qemu/preeny-master/arm-linux-gnueabi$ file desock.so
desock.so: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=d121c381bfce288e8d7c9b36eae7ca1d4bda41dd, not stripped

Normally, I use the following command to run the arm-based binary with qemu. The indispensable -L parameter shows the prefix of the dependent libs path of the target binary which was dynamically linked. When I export the LD_PRELOAD=xxx/desock.so, the -L didn't works anymore.
By the way, the binary would set up an HTTP server and wait for requests from sockets.

apple@ubuntu:squashfs-root$ qemu-arm -L . ./usr/sbin/httpd
sendto() error 2
[debug]add server push uri 3 video3.mjpg
[debug]add server push uri 4 video4.mjpg
gethostbyname:: Success

Is there anybody who can help me out?

[zardus]

If your libc supports LD_PRELOAD, you should be able to use the -E flag to qemu to set it.

…

On Fri, Feb 19, 2021 at 3:46 AM jackfromeast ***@***.***> wrote: Hi! I not sure if preeny can work well with other architectures for example arm. What I'm trying to do is to 'desocket' an arm-based binary by preeny and to run it with qemu user mode. And the problem occurred when I tried to preload the desock.so to the binary and using qemu-arm to run it. Auctually, I don't know how to preload the desock.so when working with qemu. Because it seems quite different from executing the binary itself. I use the following command while making and the information of file desock.so also shown below. make -i CC=arm-linux-gnueabi-gcc ***@***.***:~/afl-qemu/preeny-master/arm-linux-gnueabi$ file desock.so desock.so: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=d121c381bfce288e8d7c9b36eae7ca1d4bda41dd, not stripped Normally, I use the following command to run the arm-based binary with qemu. The indispensable -L parameter shows the prefix of the dependent libs path of the target binary which was dynamically linked. When I export the LD_PRELOAD=xxx/desock.so, the -L didn't works anymore. By the way, the binary would set up an HTTP server and wait for requests from sockets. ***@***.***:squashfs-root$ qemu-arm -L . ./usr/sbin/httpd sendto() error 2 [debug]add server push uri 3 video3.mjpg [debug]add server push uri 4 video4.mjpg gethostbyname:: Success Is there anybody who can help me out? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#80>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AA2LHF5B5LNY6GOEHUQD2HTS7Y6RXANCNFSM4X4ESI4Q> .

[jackfromeast]

Hi, I am so sorry that I had lots of other work to do.
I tried your suggestion, but it seems didn't work. The output is shown below. I guess I am still missing some dependent lib that the symbol can't be resolved. But what is it?

apple@ubuntu:squashfs-root$ qemu-arm -L . -E LD_PRELOAD=/desock.so ./usr/sbin/httpd

./usr/sbin/httpd: symbol '__aeabi_unwind_cpp_pr0': can't resolve symbol

By the way, I didn't have the source code of the arm binary so I can't recompile.

[jackfromeast]

I also tried this.

apple@ubuntu:squashfs-root$ qemu-arm -L . -E LD_PRELOAD=/home/apple/afl-qemu/preeny-master/arm-linux-gnueabi/desock.so  ./usr/sbin/httpd

./usr/sbin/httpd: symbol '__aeabi_unwind_cpp_pr0': can't resolve symbol