On Friday 23 March 2007 15:27, Philip Guenther wrote: > On 3/23/07, J.C. Roberts <[EMAIL PROTECTED]> wrote: > ... > > > Unfortunately, it actually is possible to remove the typically used > > function name symbols from dynamically loaded libraries (shared > > objects). Stripping the function name symbols (along with debug > > symbols) from shared libraries is often used in copyright > > protection schemes as a way to thwart auditing and analysis. The > > resoning is because some feel that the function names help with > > understanding the code. > > > > -BUT important thing to remember is the protected programs using > > these libraries _only_ work because they are not calling the shared > > library functions by name. > > Bzzt. Symbols in shared libraries *are* referenced by name. There's > a completely separate symbol table used (the ".dynsym" section) by > the dynamic linker that has the information it needs. It should be > obvious that the calling of shared library functions *is* by name, as > you can dynamically override the functions by loading other shared > libraries with the same name. Indeed, LD_PRELOAD would be almost > useless if that wasn't true. > > *Please* go read up on (at least!) the ELF standard before making > authoritative sounding statements about how shared libraries and > symbol tables work. > > > Philip Guenther
I don't mind being beaten with a clue stick when I'm wrong, heck I even appreciated it, but in this case what I said was entirely accurate. You assumed everything is elf but your assumption is wrong. There are many different types of shared libraries, many operating systems which use them and many ways in which their functions can be called. You should also note at the end of my previous post I even stated the possible exception with elf shared libraries due to DF_SYMBOLIC being set in DT_FLAGS. You are correct that calling shared library functions is "normally" done by their name, and I stated as much, but "nomrally" is not the same as "always" and there is certainly more than one way to call a function from a shared library. -Before making authoritative sounding statements about how shared libraries and symbol tables work, please go read *more* than just the standard for ELF executable format. ;-) OK, turning your words on you was probably a bit too pointed but I really meant it in good humor. Unfortunately, there are tons of executable format standards and I seriously doubt anyone will completely learn, understand and memorize all of the details in all of the standards in one lifetime. Sometimes knowing the basics of a handful of the executable format standards is better than knowing only one really well. As for doing more reading (besides the standards :-), I do need to read up on strip(1) since a quick test shows it does seem to be smart enough to leave function names alone in elf shared objects even when using --strip-all. How various implementations of strip(1) work with other executable/library formats is still a big mystery and worth investigating. If you want to see an example of a shared library "protected" by removing function names, I think some the redistibutable FlexLM stuff does it (globetrotter.com) and they support a wide variety archs, os's and formats. It's worth a peek if you've never seen one before. jcr
