The insertion set operations are implicit when working with a binary file rather than a live process; they're more relevant for optimization (batching the inter-process writes) on a live process. You can create smaller insertion sets if you want all-or-nothing semantics, but it's not necessary when rewriting. Your skeleton here is correct.
What I believe will happen here (and the list I'm sure will correct me if I'm missing anything) is that the new text section and symbols will not contain the removed function, but it will not be erased from the original text section (which we preserve in case it contains data that we haven't found all references to). The removeFunction call should fail if there are any existing callers; you'd have to rewrite those edges first. It would not be hard to overwrite the original function in original .text with data of your choice, but AFAIK we don't currently do that.
--bw
________________________________________
From: Dyninst-api <dyninst-api-bounces@xxxxxxxxxxx> on behalf of Andreas Ziegler <ziegler@xxxxxxxxx>
Sent: Tuesday, September 26, 2017 1:23 AM
To: dyninst-api@xxxxxxxxxxx
Subject: [DynInst_API:] Removing functions with DyninstAPI
Hi,
I'm currently playing around with DyninstAPI and found in the documentation that
using a PatchModifier one can remove functions from a binary image (for example,
an ELF executable). But somehow I have trouble of connecting all the dots here,
so I'd like to know if the following schematic workflow is correct:
- Do BPatch_binaryEdit *app = BPatch::openBinary() for the file in question
- Call app->getImage()->findFunction() for the function name in question
- In the resulting BPatch_Vector<BPatch_function *>, use the first element and
call Dyninst::PatchAPI::convert to get a Dyninst::PatchAPI::PatchFunction *.
- Hand that Pointer to PatchModifier::remove()
- Call app->writeFile() to write the modified file to disk.
Is there any synchronisation needed before writing the file out? In other parts
of the documentation for PatchAPI the finalizeInsertionSet call comes up often,
but I don't see how that fits into the picture here.
In principle, this method should delete the function in question from the ELF
and leave it otherwise intact (assuming there are no internal callers for that
function, of course), right?
Best regards and thanks already!
Andreas
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}