Probing strXXX functions on Linux

From OC Systems Wiki!
Jump to: navigation, search

On recent version of Linux (RHEL 7, CentOS 7, ...) a number of the string functions (strXXX) are not resolved to the versions in /lib/libc.so, but instead are resolved to versions in /li/ld-linux.so. You can still probe those functions, but you will need to probe them in the shared library where they reside.

For example, you may have probed strlen() in libc.so before with a probe like this:

probe thread
{
   probe "strlen" in "libc.so"
   {
      ...
   }
}

You might then receive warning from Aprobe at runtime:

(W) Cannotfind symbol "strlen" in "libc.so"

Instead you may need to probe it in /lib/ld-linux.so like this:

probe thread
{
   probe "strlen" in "ld-linux.so"
   {
      ...
   }
}

You can determine in which shared library the functions are actually located using the nm tool:

nm /lib/ld-liunx.so.6 | grep str
[[snip]]
00019be0 t strchr
00019da0 t strcmp
00019dd0 t strdup
00019e20 t strlen
0001a6c0 t strncmp
00019ee0 t strnlen
00018350 t strsep
0001b3c0 i strstr