elf

问题 I've been toying around with the ELFIO library. One of the examples, in particular, allows one to create an ELF file from scratch – defining sections, segments, entry point, and providing binary content to the relevant sections. I noticed that a program created this way segfaults when the code segment alignment is chosen less than the page size (0x1000): // Create a loadable segment segment* text_seg = writer.segments.add(); text_seg->set_type( PT_LOAD ); text_seg->set_virtual_address(

问题 I've been toying around with the ELFIO library. One of the examples, in particular, allows one to create an ELF file from scratch – defining sections, segments, entry point, and providing binary content to the relevant sections. I noticed that a program created this way segfaults when the code segment alignment is chosen less than the page size (0x1000): // Create a loadable segment segment* text_seg = writer.segments.add(); text_seg->set_type( PT_LOAD ); text_seg->set_virtual_address(

问题 I have installed Debian on qemu 64-bit ARM (followed this tutorial) uname -a Linux test 4.9.0-7-arm64 #1 SMP Debian 4.9.110-1 (2018-07-05) aarch64 GNU/Linux and I am trying to run 32 bit elf files on it, but some work some don't: bash: ./file_2: cannot execute binary file: Exec format error running file command on the file that runs, I get: file_1: ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, not stripped and the one that does not run: file_2: ELF 32-bit LSB

问题 I have installed Debian on qemu 64-bit ARM (followed this tutorial) uname -a Linux test 4.9.0-7-arm64 #1 SMP Debian 4.9.110-1 (2018-07-05) aarch64 GNU/Linux and I am trying to run 32 bit elf files on it, but some work some don't: bash: ./file_2: cannot execute binary file: Exec format error running file command on the file that runs, I get: file_1: ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, not stripped and the one that does not run: file_2: ELF 32-bit LSB

问题 In terms of embedded development using C code, I understand that when a program is compiled and linked, a binary or ELF file is produced which executes on the target. The ELF file will contain (along with alot of other stuff ) the addresses or address offsets of global variables. Now, when the C startup code executes first, it can copy non-const data / variables from flash memory into RAM if this data is to be modified throughout the program. This will then change the memory addresses of the

问题 I have a couple of doubts about how the kernel is loaded into memory. Upon inspecting /proc/kallsyms I'm able to find the address of various symbols in the kernel. $ cat /proc/kallsyms | head -n 10 00000000 t __vectors_start 80008240 T asm_do_IRQ 80008240 T _stext 80008240 T __exception_text_start 80008244 T do_undefinstr 80008408 T do_IPI 8000840c T do_DataAbort 800084a8 T do_PrefetchAbort 80008544 t gic_handle_irq 800085a0 T secondary_startup Is there any way I can find the base address at

问题 Suppose the binary is PIC, how can I load it into memory and execute the entry point? I'm doing this to get familiar with ELF so execve is not allowed. 回答1: These are the basic steps: Read the program headers to find the LOAD directives and determine the total length of mappings you'll need, in pages. Map the lowest-address LOAD directive with the total length (which may be greater than the file length), letting mmap assign you an address. This will reserve contiguous virtual address space.

问题 Before asking my question, I would like to cover some few technical details I want to make sure I've got correct: A Position Independent Executable (PIE) is a program that would be able to execute regardless of which memory address it is loaded into, right? ASLR (Address Space Layout Randomization) pretty much states that in order to keep addresses static, we would randomize them in some manner, I've read that specifically within Linux and Unix based systems, implementing ASLR is possible

问题 I am trying to retrieve the contents of an additional section within an ELF binary. At this point, I'm using the following code to retrieve the name of each section: #include <stdio.h> #include <unistd.h> #include <stdint.h> #include <stdlib.h> #pragma pack(push,1) #pragma pack(pop) #define EI_NIDENT 16 /* 32-bit ELF base types. */ typedef unsigned int Elf32_Addr; typedef unsigned short Elf32_Half; typedef unsigned int Elf32_Off; typedef signed int Elf32_Sword; typedef unsigned int Elf32_Word

问题 I need to get base address of stack inside my running process. This would enable me to print raw stacktraces that will be understood by addr2line (running binary is stripped, but addr2line has access to symbols). I managed to do this by examining elf header of argv[0] : I read entry point and substract it from &_start : #include <stdio.h> #include <execinfo.h> #include <unistd.h> #include <elf.h> #include <stdio.h> #include <string.h> void* entry_point = NULL; void* base_addr = NULL; extern