Heaptrack - Attaching to Running Process (December 11, 2014)
I’m happy to be back so soon with a status update on heaptrack: It is now possible to attach to an already running process!
Thanks to the great help from Celelibi on StackOverflow, I managed to achieve this important goal. Once you know what to do, it is actually extremely simple to patch a running process. I use GDB to attach to the process, then call
dlopen to load a special heaptrack library for runtime-injection. Then I call an initialization function which takes the desired output file as a parameter, and then detach GDB. To actually overwrite
malloc & friends, one can leverage
dl_iterate_phdr and the public ELF API on Linux systems to find dynamic sections that reference one of our target symbols in their global offset table (GOT). This can then be rewritten to point to our custom hooks. Some refactoring later, which stabilized the shutdown sequence to allows multiple heaptrack attach/detach sequences, we can now do this:
heaptrack -p $(pidof <yourapp>) # wait ^C heaptrack_print heaptrack.<yourapp>.$$.gz | less