Can't find Go binary symbols when running in Linux using Docker + Virtiofs + macOS host

Question

Can't find Go binary symbols when running in Linux using Docker + Virtiofs + macOS host

aviramha opened this issue a year ago · 3 comments

I know I keep finding the odd stuff, but really it's our users 🤣
We found out that for some reason, when our .so loads into a Go process running in a Docker container using Virtiofs it can't find any of it's symbols.

Sample code:

        let modules =     Module::enumerate_modules()
        .iter()
        .map(|m| m.name.clone())
        .collect();
        let module = modules.first().unwrap().clone();
        let symbols = Module::enumerate_symbols(&module);
        for symbol in symbols {
            trace!("{}", symbol.name);
        }

Prints nothing when Docker is using virtiofs but works great when using other file system virtualization.

I tried running with latest Frida (16.1.3) as I saw there was a lot of refactoring going on in related code, but didn't help.
Related issue:
metalbear-co/mirrord#1803

Answer 1 · 2023-08-17T15:38:58.000Z

The symbols can be found from lldb attached to same process.

Answer 2 · 2023-08-17T15:49:24.000Z

It seems that we reach gum_elf_module_load with source_path {source_path:"/host_virtiofs/Users/aviramhassan/Code/mirrord/mirrord/layer/tests/apps/app_go/20.go_test_app", ...}
which is probably the issue. I guess the file isn't accessible from that path.

Answer 3 · 2023-08-17T16:21:41.000Z

Okay,
I found the root cause
when running cat /proc/mypid/maps I can see the /host_virtiofs which leads me to believe that Frida gets the same

fffff657b000-fffff657c000 rw-p 00014000 fe:01 7092423                    /lib/aarch64-linux-gnu/libresolv-2.31.so
fffff657c000-fffff657e000 rw-p 00000000 00:00 0 
fffff657e000-fffff7dcb000 r-xp 00000000 00:8a 76256                      /host_virtiofs/Users/aviramhassan/Code/mirrord/target/debug/libmirrord_layer.so
fffff7dcb000-fffff7dda000 ---p 0184d000 00:8a 76256                      /host_virtiofs/Users/aviramhassan/Code/mirrord/target/debug/libmirrord_layer.so
fffff7dda000-fffff7fc4000 r--p 0184c000 00:8a 76256                      /host_virtiofs/Users/aviramhassan/Code/mirrord/target/debug/libmirrord_layer.so
fffff7fc4000-fffff7fca000 rw-p 01a36000 00:8a 76256                      /host_virtiofs/Users/aviramhassan/Code/mirrord/target/debug/libmirrord_layer.so
fffff7fca000-fffff7fcc000 rw-p 00000000 00:00 0 
fffff7fcc000-fffff7fed000 r-xp 00000000 fe:01 7092366                    /lib/aarch64-linux-gnu/ld-2.31.so
fffff7fef000-fffff7ff1000 rw-p 00000000 00:00 0 
fffff7ff2000-fffff7ff3000 r--p 00000000 00:00 0 
fffff7ff3000-fffff7ff4000 rw-p 00000000 00:00 0 
fffff7ff4000-fffff7ff5000 r--p 00000000 00:00 0 
fffff7ff5000-fffff7ff6000 rw-p 00000000 00:00 0 
fffff7ff6000-fffff7ff7000 r--p 00000000 00:00 0 
fffff7ff7000-fffff7ffa000 rw-p 00000000 00:00 0 
fffff7ffa000-fffff7ffc000 r--p 00000000 00:00 0                          [vvar]
fffff7ffc000-fffff7ffd000 r-xp 00000000 00:00 0                          [vdso]
fffff7ffd000-fffff7ffe000 r--p 00021000 fe:01 7092366                    /lib/aarch64-linux-gnu/ld-2.31.so
fffff7ffe000-fffff8000000 rw-p 00022000 fe:01 7092366                    /lib/aarch64-linux-gnu/ld-2.31.so
fffffffd9000-1000000000000 rw-p 00000000 00:00 0                         [stack]
vscode ➜ /workspaces/mirrord (virtiofs) $ cat /proc/29234/maps