Heaptrack - Attaching to Running Process (December 11, 2014)
Hello all,
I’m happy to be back so soon with a status update on heaptrack: It is now possible to attach to an already running process!
Thanks to the great help from Celelibi on StackOverflow, I managed to achieve this important goal. Once you know what to do, it is actually extremely simple to patch a running process. I use GDB to attach to the process, then call dlopen to load a special heaptrack library for runtime-injection. Then I call an initialization function which takes the desired output file as a parameter, and then detach GDB. To actually overwrite malloc & friends, one can leverage dl_iterate_phdr and the public ELF API on Linux systems to find dynamic sections that reference one of our target symbols in their global offset table (GOT). This can then be rewritten to point to our custom hooks. Some refactoring later, which stabilized the shutdown sequence to allows multiple heaptrack attach/detach sequences, we can now do this:
heaptrack -p $(pidof <yourapp>)
# wait
^C
heaptrack_print heaptrack.<yourapp>.$$.gz | less