问题
I am writing a small instrumentation tool. I must insert the instrumentation routine within the binary file. A good approach should be to insert those routines in a separate code segment and a separate data segment, could you explain how to accomplish this? Furthemore how can I modify the size of the code segment in the original file?
Best,
回答1:
I must insert the instrumentation routine within the binary file. A good approach should be to insert those routines in a separate code segment and a separate data segment
What is a binary file? There is a big difference between doing this for a relocable (ET_REL) object file, vs. doing this for a fully linked executable (ET_EXEC)or shared library (ET_DYN).
could you explain how to accomplish this?
For an ET_REL, it should be fairly straight-forward: you read the file header, which points to section headers, which tells you where .data and .text sections are. You then write a new file, extending the sections you want, copying everything else, and adjusting the section headers to reflect new section offsets and sizes.
For an ET_DYN or ET_EXEC, the problem is very likely too hard: you'll need to adjust relocation tables, hash tables, program headers; keeping all the structures self-consistent and properly aligned.
回答2:
In a Black Hat presentation by Shaun Clowes, Shaun is taking two strategies regarding to making modifications in ELF executable:
In file patch - doing it by extending the Segment
In core patch (on the fly) - doing it by taking advantage on memory space available due to Segment alignment.
It is called "Black Hat USA 2002 - Fixing/Making Holes in Binaries" (Youtube)
来源:https://stackoverflow.com/questions/15702768/how-to-extend-a-elf-binary