1

I'd like to find out which symbol is called when my code runs 'system' function.

In my sample code, when the header stdlib.h is specifically included, the symbol is called _system$UNIX2003, and when the header isn't included, there (probably) default symbol named _system (without the suffix $UNIX2003)

The following image shows my experiment results : enter image description here Why do we have different symbols for system ? Is there anyway to detect the correct symbol during runtime (I tried with dlsym, but i need handle for containing dynamic library, but couldn't figure out with library should i load with dlopen) ?

EDIT : this strange symbol mangling occur to me only when compiling under 32bits arch.

EDIT2: I was suggested to use implicit function pointer to acquire the address of the right symbol. but it won't work unless i specifically call that function in my code. otherwise, I get compilation error of using undeclared identifier 'system'

Zohar81
  • 4,554
  • 5
  • 29
  • 82
  • `system()`isn't a syscall. It will use one for creating a new process. –  Oct 28 '15 at 07:24
  • The library is probably just called `libc` as `system()` is part of the C standard. In any case, it is always linked as long as you don't instruct your compiler specifically not to. You should **always** include the header declaring the function you want to use. –  Oct 28 '15 at 07:29
  • @FelixPalmen, thanks for your comments, I edited my question accordingly. The function I mentioned in my question is 'system' but i referred for the more general case of obtaining symbol name from function during runtime. is there any way I can achieve this goal ? – Zohar81 Oct 28 '15 at 07:35
  • Sounds a bit like an *xy-problem* to me. Symbols are used by the (dynamic) linker, so no, at runtime (that is, *after* linking was done), there's no way to access them. What problem are you trying to solve doing this? –  Oct 28 '15 at 07:37
  • @FelixPalmen, I need this for function hooking. First, i'm trying to apply the method of _dyld_lookup_and_bind (from dylid.h) in order to get the pointer of this symbol. then, I use this pointer to override the function by my own implementation. – Zohar81 Oct 28 '15 at 07:42
  • I didn't do this so far, but you will get the pointer of `system()` at runtime by just treating `system` as a pointer. Wouldn't that be enough? If not, suggest to ask specifically about function hooking, there might be someone knowing a good answer. –  Oct 28 '15 at 07:58

0 Answers0