diff --git a/README.md b/README.md index 6e6067cd2d50d602a2f71b3e7c32d5d7c9b8bda5..ac9b97fafb9444a6a5604ff3f6fa046b58be77e3 100644 --- a/README.md +++ b/README.md @@ -183,6 +183,7 @@ information propagation through setting the environment variables below. | `FIXUP_FUNCTION_RANGES` | If set, parsing the ELF files will entail an additional postprocessing step which checks if the gaps between known function boundaries consist of NOPs only. In this case, the `ranges` dictionary entry of the preceding function is updated to include the trailing NOPs. | | `MOUNT_PREFIX` | A path prefix that is removed from all paths generated in the uprobes file generated with the `--uprobe-strings` parameter. This way, the uprobes can be directly copied to the target file system. Additionally, `parse_collected_uprobes.py` respects (i.e., re-appends) this prefix when resolving the probes back to paths in the JSON file. | | `TAILOR_BINARIES` | If set, the transitive call propagation will also follow the control flow in functions in executable files (as checked by `os.access(<path>, X_OK)`) which may lead to eliminated functions in the executable. Otherwise, all local and exported functions in executable files are marked as used by `'BINARY'`. | +| `COPIED_BASE` | If set, the path to the interpreter from a `PT_INTERP` program header is modified by prepending the value of `COPIED_BASE` to the value in the header. This allows the integrated analysis of the loader for a copied file system tree. | ## Analyzing a collection of object files diff --git a/librarytrader/library.py b/librarytrader/library.py index 9bbfa5bb0d678898927fd6451e9134edc4fca874..ded463e4c906086c56939ff8d850e59ee7654852 100644 --- a/librarytrader/library.py +++ b/librarytrader/library.py @@ -82,6 +82,10 @@ class Library: if interp: self.interpreter = parse_cstring_from_stream(self.fd, interp['sh_offset']).decode('utf-8)') + copied_base = os.environ.get('COPIED_BASE') + if copied_base: + self.interpreter = os.path.abspath(os.path.join(copied_base, + self.interpreter.lstrip('/'))) self._version_names = {}