挂接静态链接的 ELF 二进制文件

我有一个应用程序，它有openssl 静态链接的 elf 二进制文件，我即将挂上它的一些 openssl 函数来获取预主密钥，从而允许我使用 wireshark 解密连接。

我知道并知道如何LD_PRELOAD或LD_LIBRARY_PATH挂钩共享库，但这是静态链接的二进制文件。

幸运的是，静态精灵没有剥离他们的调试符号，所以所有我要挂钩的命名函数都被识别出来了。

我该怎么做才能钩住这个静态链接的精灵？

ELF 标头：

Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 
Class:                             ELF32
Data:                              2's complement, little endian
Version:                           1 (current)
OS/ABI:                            UNIX - System V
ABI Version:                       0
Type:                              EXEC (Executable file)
Machine:                           Intel 80386
Version:                           0x1
Entry point address:               0x80ceae0
Start of program headers:          52 (bytes into file)
Start of section headers:          3285112 (bytes into file)
Flags:                             0x0
Size of this header:               52 (bytes)
Size of program headers:           32 (bytes)
Number of program headers:         8
Size of section headers:           40 (bytes)
Number of section headers:         28
Section header string table index: 27

程序标题：

Elf file type is EXEC (Executable file)                                                                                                                                                                                                      
Entry point 0x80ceae0                                                                                                                                                                                                                        
There are 8 program headers, starting at offset 52                                                                                                                                                                                           
Program Headers:                                                                                                                                                                                                                             
Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align                                                                                                                                                                    
PHDR           0x000034 0x08048034 0x08048034 0x00100 0x00100 R E 0x4                                                                                                                                                                      
INTERP         0x000134 0x08048134 0x08048134 0x00013 0x00013 R   0x1                                                                                                                                                                      
[Requesting program interpreter: /lib/ld-linux.so.2]                                                                                                                                                                                   
LOAD           0x000000 0x08048000 0x08048000 0x309507 0x309507 R E 0x1000                                                                                                                                                                 
LOAD           0x309520 0x08352520 0x08352520 0x13168 0x29934 RW  0x1000                                                                                                                                                                   
DYNAMIC        0x31c0fc 0x083650fc 0x083650fc 0x00100 0x00100 RW  0x4                                                                                                                                                                      
NOTE           0x000148 0x08048148 0x08048148 0x00020 0x00020 R   0x4                                                                                                                                                                      
GNU_EH_FRAME   0x2ccc30 0x08314c30 0x08314c30 0x0a06c 0x0a06c R   0x4                                                                                                                                                                      
GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
Section to Segment mapping:
Segment Sections...
00     
01     .interp 
02     .interp .note.ABI-tag .hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame .gcc_except_table 
03     .data .dynamic .ctors .dtors .jcr .got .bss 
04     .dynamic 
05     .note.ABI-tag 
06     .eh_frame_hdr 
07     

符号表：

...
8627: 081ddbb0   408 FUNC    GLOBAL DEFAULT   12 SSL_free
8629: 081de360   190 FUNC    GLOBAL DEFAULT   12 SSL_copy_session_id
8665: 081deba0   148 FUNC    GLOBAL DEFAULT   12 SSL_get_shared_ciphers
8848: 081df2f0    17 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_default_passw
8927: 081e03a0    42 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_cert_store
8996: 081de2d0    94 FUNC    GLOBAL DEFAULT   12 SSL_get_peer_certificate
9079: 081e0250    14 FUNC    GLOBAL DEFAULT   12 SSL_get_verify_result
9130: 081e52e0   269 FUNC    GLOBAL DEFAULT   12 SSL_CTX_use_RSAPrivateKey
9193: 081e0f70    20 FUNC    GLOBAL DEFAULT   12 SSL_SESSION_get_ex_data
9266: 081e0230    17 FUNC    GLOBAL DEFAULT   12 SSL_set_verify_result
9305: 081df350    17 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_verify_depth
9394: 081de230    14 FUNC    GLOBAL DEFAULT   12 SSL_CTX_get_verify_depth
9409: 081e1840    36 FUNC    GLOBAL DEFAULT   12 SSL_CTX_remove_session
9590: 081e3390    63 FUNC    GLOBAL DEFAULT   12 SSL_rstate_string
9655: 081df8c0   122 FUNC    GLOBAL DEFAULT   12 SSL_set_ssl_method
9662: 081e0360    20 FUNC    GLOBAL DEFAULT   12 SSL_CTX_get_ex_data
9691: 081de330    38 FUNC    GLOBAL DEFAULT   12 SSL_get_peer_cert_chain
9696: 081e0d20    20 FUNC    GLOBAL DEFAULT   12 SSL_CTX_set_client_CA_lis
9798: 081e0d50    68 FUNC    GLOBAL DEFAULT   12 SSL_get_client_CA_list
9810: 081de6f0   138 FUNC    GLOBAL DEFAULT   12 SSL_write
...