Check if libc.so use tcache

Question

I have ARM libc.so (GLIBC), How can I check if that libc.so used tcache, and what is the value of arena_max?

Can I check that information offline?

Does the libc have symbols? Is it part of a standard package? — sudhackar, Commented Jan 27, 2023 at 15:15
@sudhackar no. There is no symbols in that libc. I got that libc from device that I research — Kokomelom, Commented Jan 28, 2023 at 21:07

Rohit Gupta · Accepted Answer · 2023-02-05 00:03:05Z

You can check if the libc.so uses tcache and determine the value of arena_max by using a reverse engineering tool such as gdb. The following steps can be used to check for tcache:

Launch gdb: gdb -q libc.so
Load symbols: set environment LD_PRELOAD=
Run the following commands in gdb:

  break main

  run

  p ((struct malloc_state*)main_arena)->tcache_bins

To determine the value of arena_max, use the following command in gdb:

p ((struct malloc_state*)main_arena)->top

This will give you the address of the current top of the main arena, which you can use to determine its size. Keep in mind that these commands are for GLIBC, and the exact values and structure of the main arena may differ for different implementations of the libc.

Note: The above steps are contingent on the presence of debugging symbols in the target libc.so. In the absence of these symbols, alternative reverse engineering methods, such as BA, may be required to establish the usage of tcache and determine the value of arena_max.

Stack Exchange Network

Check if libc.so use tcache

1 Answer 1

Not the answer you're looking for? Browse other questions tagged
c
linux
libraries
heap
or ask your own question.

Hot Network Questions

Check if libc.so use tcache

1 Answer 1

Not the answer you're looking for? Browse other questions tagged clinuxlibrariesheap or ask your own question.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
c
linux
libraries
heap
or ask your own question.