Menu
Hey, I've created an ELF file by hand, it has two sections(.text and .shstrtab) and a programm header which loads the .text section. The .text section is very small and it only consists of following three instructions...
# and exit
movl $0,%ebx # first argument: exit code
movl $1,%eax # system call number (sys_exit)
int $0x80 # call kernel
The readelf does not complain when I run it on this elf file. If I excute this file, then as soon as I execute it, it gets killed and the message "Killed" appears on the screen. I've gone through the following post here at stackoverflow and I'm still going through it.
Now my concern is that this programm does not ask for any (additional)memory and also is it really possible to do an ELF by hand and expect it to be tolerated at all by the system?.
Thank you,
689
you can use readelf and objdump to read parts of an elf file. You can also use 'hexdump filename' to get a hexdump of the contents of a binary file (this is likely only useful if you like reading machine code or you are writing an assembler).
The ELF file is built for an x86-64 bit machine. There are two important pieces of information present in the ELF header. One is the ELF program header part and the other is the ELF section header part. When a program is compiled, different things are generated after compilation.
ELF files are for execution or for linking. Depending on the primary goal, it contains the required segments or sections. Segments are viewed by the kernel and mapped into memory (using mmap). Sections are viewed by the linker to create executable code or shared objects.
“. hex” file is not a binary file, there are hexadecimal ASCII digits in it. “. elf” is a binary file which may be executable.
The ELF loader can send SIGKILL to your process for a variety of reasons; you probably have a bad address and/or length somewhere in the headers.
e.g. a PT_LOAD segment must map the appropriate part of the executable to a sensible address (the usual address for x86 Linux is 0x08048000, although that's probably not critical as long it is page aligned, not 0, and not too high) and the addresses in both the .text section header and the entry point in the ELF header need to match up with that.
There's no reason why you shouldn't be able to do this by hand (if the linker can create it, so can you!) - if you really want to. But note that if you simply assemble then link with symbols stripped (the -s flag to ld below):
$ cat exit.s
.globl _start
_start:
movl $0,%ebx
movl $1,%eax
int $0x80
$ as -o exit.o exit.s
$ ld -s -o exit exit.o
$ ./exit
$ hexdump -Cv exit
00000000 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 03 00 01 00 00 00 54 80 04 08 34 00 00 00 |........T...4...|
00000020 74 00 00 00 00 00 00 00 34 00 20 00 01 00 28 00 |t.......4. ...(.|
00000030 03 00 02 00 01 00 00 00 00 00 00 00 00 80 04 08 |................|
00000040 00 80 04 08 60 00 00 00 60 00 00 00 05 00 00 00 |....`...`.......|
00000050 00 10 00 00 bb 00 00 00 00 b8 01 00 00 00 cd 80 |................|
00000060 00 2e 73 68 73 74 72 74 61 62 00 2e 74 65 78 74 |..shstrtab..text|
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000090 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 |................|
000000a0 01 00 00 00 06 00 00 00 54 80 04 08 54 00 00 00 |........T...T...|
000000b0 0c 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 |................|
000000c0 00 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 |................|
000000d0 00 00 00 00 60 00 00 00 11 00 00 00 00 00 00 00 |....`...........|
000000e0 00 00 00 00 01 00 00 00 00 00 00 00 |............|
000000ec
$
...then the result is fairly minimal anyway (probably sufficiently minimal to compare with your failing hand-crafted file to see where you've gone wrong).
171
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
