[读书笔记]Binary Hancks(2) livepatch在X86下的实践

livepatch是个可以给运行时的进程打热补丁的工具。它可以方便的修改运行进程中的变量，也可以方便的替换运行进程中的函数，使用新的库函数来取代原来主进程中的函数!

1、livepatch源码下载：
http://sourcehoge.net/Software/livepatch/

2、binutil下载(笔者使用的版本为2.15)：
http://ftp.gnu.org/gnu/binutils/

3、编译binutil包：
2.15版本的binutil包有一个小BUG，编译时会报这个错误：
gcc -DHAVE_CONFIG_H -I. -Ihttp://www.cnblogs.com/binutils-2.15/gas -I. -D_GNU_SOURCE -I. -Ihttp://www.cnblogs.com/binutils-2.15/gas -I../bfd -Ihttp://www.cnblogs.com/binutils-2.15/gas/config -Ihttp://www.cnblogs.com/binutils-2.15/gas/../include -Ihttp://www.cnblogs.com/binutils-2.15/gas/.. -Ihttp://www.cnblogs.com/binutils-2.15/gas/../bfd -Ihttp://www.cnblogs.com/binutils-2.15/gas/../intl -I../intl -DLOCALEDIR="\"/home/public/study/binutils/target_x86/build/share/locale\""   -W -Wall -Wstrict-prototypes -Wmissing-prototypes -g -O2 -c http://www.cnblogs.com/binutils-2.15/gas/app.c
In file included from ./targ-cpu.h:1,
                 from http://www.cnblogs.com/binutils-2.15/gas/config/obj-elf.h:42,
                 from ./obj-format.h:1,
                 from http://www.cnblogs.com/binutils-2.15/gas/config/te-linux.h:4,
                 from ./targ-env.h:1,
                 from http://www.cnblogs.com/binutils-2.15/gas/as.h:626,
                 from http://www.cnblogs.com/binutils-2.15/gas/app.c:30:
http://www.cnblogs.com/binutils-2.15/gas/config/tc-i386.h:451: error: array type has incomplete element type
make[3]: *** [app.o] Error 1
make[3]: Leaving directory `/home/public/study/binutils/target_x86/gas'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/public/study/binutils/target_x86/gas'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/home/public/study/binutils/target_x86/gas'
make: *** [all-gas] Error 2
jimmy@linux-jimmy:/home/public/study/binutils/target_x86>

修改方法：
(1)、把../binutils-2.15/gas/config/tc-i386.h文件第451行：
extern const struct relax_type md_relax_table[];
修改为：
extern const struct relax_type * md_relax_table;

把../binutils-2.15/gas/config/tc-i386.c中对应的数据结构修改为：const struct relax_type md_relax_table_ex[];
添加：const struct relax_type * md_relax_table = md_relax_table_ex;

补丁： diff -Nur binutils-2.15 binutils-2.15.jimmy/
diff -Nur binutils-2.15/gas/config/tc-i386.c binutils-2.15.jimmy/gas/config/tc-i386.c
--- binutils-2.15/gas/config/tc-i386.c  2004-05-18 03:36:09.000000000 +0800
+++ binutils-2.15.jimmy/gas/config/tc-i386.c    2010-02-22 21:29:41.000000000 +0800
@@ -363,7 +363,7 @@
    prefix), and doesn't work, unless the destination is in the bottom
    64k of the code segment (The top 16 bits of eip are zeroed).  */

-const relax_typeS md_relax_table[] =
+const relax_typeS md_relax_table_ex[] =
 {
   /* The fields are:
      1) most positive reach of this state,
@@ -402,6 +402,8 @@
   {0, 0, 4, 0}
 };

+const relax_typeS * md_relax_table = md_relax_table_ex;
+
 static const arch_entry cpu_arch[] = {
   {"i8086",    Cpu086 },
   {"i186",     Cpu086|Cpu186 },
diff -Nur binutils-2.15/gas/config/tc-i386.h binutils-2.15.jimmy/gas/config/tc-i386.h
--- binutils-2.15/gas/config/tc-i386.h  2004-05-18 03:36:09.000000000 +0800
+++ binutils-2.15.jimmy/gas/config/tc-i386.h    2010-02-22 21:26:12.000000000 +0800
@@ -448,7 +448,7 @@

 #define md_operand(x)

-extern const struct relax_type md_relax_table[];
+extern const struct relax_type * md_relax_table;
 #define TC_GENERIC_RELAX_TABLE md_relax_table

 extern int optimize_align_code;

4、编译livepatch包：
这里要修改一下Makefile：
jimmy@linux-jimmy:/home/public/study/livepatch/source> cat Makefile
#
# Makefile for livepatch
# $Id: Makefile 330 2004-11-03 11:38:02Z ukai $
# Copyright (C) 2004 Fumitoshi UKAI <ukai@debian.or.jp>
# All rights reserved.
# This is free software with ABSOLUTELY NO WARRANTY.
#
# You can redistribute it and/or modify it under the terms of
# the GNU General Public License version 2.
#

BINUTILS_DIR=/home/public/study/binutils/target_x86/build

CFLAGS=-Wall -O2 -g -I$(BINUTILS_DIR)/include

all: livepatch

livepatch: livepatch.o
        $(CC) -o $@ $<  -L$(BINUTILS_DIR)/lib -lbfd -liberty -lopcodes

fixup: fixup.o
        $(CC) -o $@ $< -L$(BINUTILS_DIR)/lib -lbfd -liberty -lopcodes

bfd: bfd.o
        $(CC) -o $@ $< -L$(BIN_UTILS_DIR)/lib -lbfd -liberty -lopcodes

clean:
        -rm -f *.o
        -rm -f livepatch fixup bfd

# EOF

5、测试：
jimmy@linux-jimmy:/home/public/study/livepatch/test> ./test.sh
in main process test_func:0
in main process test_func_x:0
in main process test_func:1
in main process test_func_x:1
in main process test_func:2
in main process test_func_x:2
in main process test_func:3
in main process test_func_x:3
in main process test_func:4
in main process test_func_x:4
bfd_openr: No such file or directory
dl test @ 0xb7f0f000 [8220] libtest.so
jmp 0x804841f 0xb7f0f45c　　<- 打上补丁，主进程的调用函数调用到补丁变库中!
in livepatch test_func:5
in main process test_func_x:-5  <- 补丁函数又回调到了主进程中的函数
in livepatch test_func:6
in main process test_func_x:-6
in livepatch test_func:7
in main process test_func_x:-7
in livepatch test_func:8
in main process test_func_x:-8
in livepatch test_func:9
in main process test_func_x:-9
in livepatch test_func:10
in main process test_func_x:-10
./test.sh: line 11:  8195 Killed                  ./test
jimmy@linux-jimmy:/home/public/study/livepatch/test>
 
6、完整源码与测试包(不包括binutils)：

 https://files.cnblogs.com/WuCountry/livepatch.rar