I am working on a school research on the Dirty Cow vulnerability. During my research I found some solutions (for example this one) that inject some shellcode into vDSO (into the function __vdso_clock_gettime).
This solution and all of its derivates use a hard-coded constant as an offset for the symbol __vdso_clock_gettime within the vDSO. This constant however is not valid for all versions of the kernel and vDSO (at least not for Android devices).
Is there a better way to find the address (the offset) of a symbol inside vDSO in C/C++? I tried
handle = dlopen("[vdso]", RTLD_LAZY);
with [vdso] being the output of
dladdr((void*)vdso_addr, &dlinfo);
LOG("dladdr: %s", dlinfo.dli_fname);
with vdso_addr found in /proc/self/auxv, but I am getting dlopen failed: library "[vdso]" not found.
I know vDSO is a system matter and that a normal program should not decide whether to call functions from it or not, but is there some universal way to find the address of the symbol in C/C++ without disassembling every possible version of vDSO and making a database of the addresses?
How does the system get the addresses of symbols during a virtual system call to the vDSO?
See https://www.kernel.org/doc/Documentation/ABI/stable/vdso
"Programs that dynamically link to glibc will use the vDSO automatically. Otherwise, you can use the reference parser in tools/testing/selftests/vDSO/parse_vdso.c"
and
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/vDSO/parse_vdso.c