Menu
I'm trying to learn about the elf standard by writing an elf executable from scratch. Elf32 didn't pose much of a problem, using this code:
BITS 32
org 0x08048000
ehdr: ; Elf32_Ehdr
db 0x7F, "ELF", 1, 1, 1, 2 ; e_ident
times 8 db 0
dw 2 ; e_type
dw 3 ; e_machine
dd 1 ; e_version
dd _start ; e_entry
dd phdr - $$ ; e_phoff
dd 0 ; e_shoff
dd 0 ; e_flags
dw ehdrsize ; e_ehsize
dw phdrsize ; e_phentsize
dw 1 ; e_phnum
dw 0 ; e_shentsize
dw 0 ; e_shnum
dw 0 ; e_shstrndx
ehdrsize equ $ - ehdr
phdr: ; Elf32_Phdr
dd 1 ; p_type
dd 0 ; p_offset
dd $$ ; p_vaddr
dd $$ ; p_paddr
dd filesize ; p_filesz
dd filesize ; p_memsz
dd 5 ; p_flags
dd 0x1000 ; p_align
phdrsize equ $ - phdr
_start:
mov bl, 42
xor eax, eax
inc eax
int 0x80
filesize equ $ - $$
Source: http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html
I can assemble this into an executable with nasm and it executes just fine:
$ nasm -f bin -o test32 template32.asm
$ chmod +x test32
$ ./test32 ; echo $?
42
Next, I tried to do the same with 64 bits. I've read the differences that I found here: https://www.uclibc.org/docs/elf-64-gen.pdf
Here is the result of the modifications I implemented:
BITS 64
org 0x08048000
ehdr: ; Elf64_Ehdr
db 0x7F, "ELF", 2, 1, 1, 2 ; e_ident
times 7 db 0
db 0x10 ; e_nindent
dw 2 ; e_type
dw 3 ; e_machine
dd 1 ; e_version
dq _start ; e_entry
dq phdr - $$ ; e_phoff
dq 0 ; e_shoff
dd 0 ; e_flags
dw ehdrsize ; e_ehsize
dw phdrsize ; e_phentsize
dw 1 ; e_phnum
dw 0 ; e_shentsize
dw 0 ; e_shnum
dw 0 ; e_shstrndx
ehdrsize equ $ - ehdr
phdr: ; Elf64_Phdr
dd 1 ; p_type
dd 5 ; p_flags
dq 0 ; p_offset
dq $$ ; p_vaddr
dq $$ ; p_paddr
dq filesize ; p_filesz
dq filesize ; p_memsz
dq 0x1000 ; p_align
phdrsize equ $ - phdr
_start:
mov bl, 42
xor eax, eax
inc eax
int 0x80
filesize equ $ - $$
Using the same commands as above, I get this error:
./test64: cannot execute binary file: Exec format error
Something I noticed: When calling file on both test32 and test64, I get a message telling me that the section header size is corrupted. I find that weird because I don't have any section header... I've also looked at each files with 010 editor and an ELF template but everything looks fine to me.
EDIT:
32bit hex dump:
7f45 4c46 0101 0102 0000 0000 0000 0000
0200 0300 0100 0000 5480 0408 3400 0000
0000 0000 0000 0000 3400 2000 0100 0000
0000 0000 0100 0000 0000 0000 0080 0408
0080 0408 5b00 0000 5b00 0000 0500 0000
0010 0000 b32a 31c0 40cd 80
64 bit hex dump:
7f45 4c46 0201 0102 0000 0000 0000 0010
0200 0300 0100 0000 7880 0408 0000 0000
4000 0000 0000 0000 0000 0000 0000 0000
0000 0000 4000 3800 0100 0000 0000 0000
0100 0000 0500 0000 0000 0000 0000 0000
0080 0408 0000 0000 0080 0408 0000 0000
8000 0000 0000 0000 8000 0000 0000 0000
0010 0000 0000 0000 b32a 31c0 ffc0 cd80
342
This error typically occurs when a binary file for a certain processor architecture is run on a different architecture e.g., an x86 executable is run on an ARM CPU.
Usually, that error message means Linux doesn't recognize the file as a shell script or as an executable file. Typically the cause is running an executable on the wrong architecture - if you try to run x86 executables on an ARM CPU, this message comes up. To resolve, you need to use an ARM binary and not an x86 binary.
dw 3 ; e_machine
As per the System V Application Binary Interface AMD64 Architecture Processor Supplement that value should instead be 62 for Advanced Micro Devices X86-64. With that change, it runs for me.
98
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
