I am trying to allocate a new VDSO inside my program from a RAM dump. I am on an "Linux user1-vbox 3.2.0-55-generic-pae #85-Ubuntu SMP Wed Oct 2 14:03:15 UTC 2013 i686 i686 i386 GNU/Linux"
The problem is :
- Memory replacement works perfectly fine
- call *%gs:0x10 that usually calls __kernel_vsyscall is completely lost
The thing is that every time I run my program, %gs is the same (0x33), but there must be something that keeps telling the proc that "VDSO is here", and that I would like to modify to say "hey, no, now, VDSO is there".
I searched a bit on Google, and I found that VDSO address is held inside the process memory with the help of two variables : AT_SYSINFO and AT_SYSINFO_EHDR. Both belong to an array called "auxv" that is located in the stack just after argc, argv and envp.
But even when I modify this value, my process still finds a way to know where its VDSO is. What way ?