2

Variatic functions such as printf can be wrapped using dlsym because it has a va_list version vprintf. So,

int printf(const char *format, ...); //is equivalent to
int vprintf(const char *format, va_list ap);

citing https://stackoverflow.com/a/51627404/6353189 which shows exactly this.

But since I don't see a va_list version of the clone syscall on linux, don't know how to wrap it.

Improve this question
2
  • "Variatic functions such as printf can be wrapped". You seem to be implying that only variadic functions can be wrapped. But that is not the case - the post you reference does not say that. Please describe your original problem and what you want to achieve with this "wrapping". Commented Sep 20, 2021 at 3:13
  • @kaylum: glibc clone is a variadic function Commented Sep 20, 2021 at 3:16

1 Answer 1

Reset to default
2

But since I don't see a va_list version of the clone syscall on linux, don't know how to wrap it.

The clone system call is not (and can't be) variadic. It always takes exactly 5 parameters (some of which may be ignored, depending on other values passed in).

You can wrap the function in a 7-parameter wrapper. If the caller doesn't supply all 7 arguments, the values which were not passed in will be "garbage", but that shouldn't matter, since these parameters were (presumably) unused when using the non-wrapped version.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

That's false. The clone system call does take only 5 arguments. Notably (and quite obviously) there are no "function" or "arg" arguments.
Many system calls ignore 1-7 parameters from the total 7.
@ktzap You are mistaken. Just disassemble the clone in libc.so.6 and convince yourself that it always passes 7 arguments to the kernel.
I did it and it's exactly as I said. You can look at the x86_64 source here. It's only passing 5 arguments (or 6, if you also count the system call number in eax). The "function" and "argument" args are inserted into the stack (which is passed in the 2nd arg, in the rsi register). The kernel doesn't know nor care about that "fake return" trick. And I don't think there is any system call which takes more than 6 arguments on x86_64 or i386.
@ktzap I see what you mean. I've edited the answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.