Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I load and execute an ELF binary executable manually?

Tags:

c

elf

Suppose the binary is PIC, how can I load it into memory and execute the entry point? I'm doing this to get familiar with ELF so execve is not allowed.

like image 383
Je Rog Avatar asked Jul 02 '11 02:07

Je Rog

People also ask

How do I load an ELF binary file?

Loading an ELF binary is handled by the load_elf_binary () function, which starts by examining the ELF header to check that the file in question does indeed look like a supported ELF format .

What is an elf file?

ELF is a standard file format for executables, libraries, and more. Just like in our “Hello World” application; myapp is an ELF file (without even knowing it) and used other modules, such as the dynamic loader (which we’ll talk about later) to execute it. By design, the ELF format is flexible, extensible, and cross-platform.

How to speed up the execution of an elf file?

/usr/bin/execstack – display or change if stack is executable /usr/bin/prelink – remaps/relocates calls in ELF files, to speed up the process

How to get better at analyzing ELF files and samples?

For those who love to read actual source code, have a look at a documented ELF structure header file from Apple. Tip: If you like to get better in the analyzing files and samples, then start using the popular binary analysis tools that are available. Was this article useful to you?

1 Answers

These are the basic steps:

  1. Read the program headers to find the LOAD directives and determine the total length of mappings you'll need, in pages.
  2. Map the lowest-address LOAD directive with the total length (which may be greater than the file length), letting mmap assign you an address. This will reserve contiguous virtual address space.
  3. Map the remining LOAD directives over top of parts of this mapping using MAP_FIXED.
  4. Use the program headers to find the DYNAMIC vector, which will in turn give you the address of the relocation vector(s).
  5. Apply the relocations. Assuming your binary was a static-linked PIE binary, they should consist entirely of RELATIVE relocations (just adding the base load address), meaning you don't have to perform any symbol lookups or anything fancy.

  6. Construct an ELF program entry stack consisting of the following sequence of system-word-sized values in an array on the stack:

    ARGC ARGV[0] ARGV[1] ... ARGV[ARGC-1] 0 ENVIRON[0] ENVIRON[1] ... ENVIRON[N] 0 0

  7. (This step requires ASM!) Point the stack pointer at the beginning of this array and jump to the loaded program's entry point address (which can be found in the program headers).

like image 102
R.. GitHub STOP HELPING ICE Avatar answered Oct 22 '22 02:10

R.. GitHub STOP HELPING ICE
Sign in to Comment

Related questions

Why does vkGetPhysicalDeviceMemoryProperties return multiple identical memory types?
May C evaluate with multiple floating-point formats?
AF_PACKET and Ethernet
How to use own copy of static library in each shared library
C standard regarding sizeof overflowing size_t
What is compile-time encapsulation in C?
Undefined behaviour by declaration [duplicate]
Prevent process from opening new file descriptor on Linux but allow receiving file descriptors via sockets
Detect usage of macro? (errno)
how to slow down a process?
Endianness manipulation - is there a C library for this?
Construction an logical expression which will count bits in a byte
What can glStencil do?
Combine directory and file path - C
Time each CPU core spends in C0 power state
Creating a C++ DLL loadable by Lua
How to calculate (x,y) for a fixed arc length away from a point on a circumference
Dynamic FFI in Go
strncmp proper usage
C: Lock-Free Memory Allocation Library

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!