2.png)
I'm your santa claus beheading your elf
category: general [glöplog]
So, I'm experimenting with manually writing elf headers. I'm wondering if anyone can give me a hint. My programs run successfully as long as their not larger then or access above beginning+0xfff. It seems when loading into memory the OS only allocs 0xfff of memory for it. I don't understand why- these numbers don't appear anyplace in my code. Anyway. this is my linker script
Code:
/* our virtual address is 0x1c000000 */
OUTPUT_FORMAT("binary")
TARGET("binary")
OUTPUT_ARCH(i386)
ENTRY(elf_head)
MEMORY
{
text (rwx) : org = 0x1c000000, len = 0xffff
data (w!x) : org = 0x1c010000, len = 0xffff
}
SECTIONS
{
. = 0;
.text : { *(.text) }
.rodata : { *(.rodata) }
.data : { *(.data) }
.bss : { *(.bss) }
}
.... and this is the elf.s file which contains the elf header
Code:
.text
.globl elf_head
.org 0
elf_head:
.byte 0x7f
.ascii "ELF"
.byte 1,1,1,0,0,0,0,0,0,0,0,0
.word 2 /* type, executable */
.word 3 /* machine, i386 */
.long 1 /* version, current */
.long main /* entry point */
.long prog_headers-elf_head /* program headers offset */
.long 0 /* section_headers offset */
.long 0 /* processor-flags */
.word prog_headers-elf_head /* elf header size */
.word end_prog_headers-prog_headers /* program entry size */
.word 1 /* number of entries */
.word 0 /* section entry size */
.word 0 /* number of entries */
.word 0 /* section strings table */
prog_headers:
.long 1 /* type, PT_LOAD */
.long 0 /* segment offset, 0 */
.long 0x1c000000 /* virtual address */
.long 0x1c000000 /* physical address */
.long 0x8000 /* filesize- for now 32k */
.long 0x800000 /* memory size, this should be enough */
.long 0x7 /* flags, rwx */
.long 0x4 /* align */
end_prog_headers:
/* do system calls */
.globl sys
.type sys,@function
sys:
pop %ecx
pop %eax
push %ecx
int $0x80
ret
any ideas?
how big is a page? 0x1000?
Ahh, that is the page size! huh, I wonder why this is an issue
I dunno much about ELF but I think your page alignment is wrong, it looks like it should be 0x1000 for 4k pages on i386, not "4". There's a quick tutorial here on this subject.
No go, I've adjusted the alignment to page size and it seems that the processor flags is ignored. I hear that executables can be either demand-paged or not, perhaps some flags someplace isn't correct.
humph...
humph...
Well I kinda figured it out. Apparently it allocs the file length. I'm assuming this is my fault but if you pad your executable with a bunch of zeros it's a cheap way to get around it for the moment. My program was under a page length so I guess that's the minimum. Zeros are ok if you're compressing- right. So, there's my information.
You could take a look at my source for this, which has a manually created header.
http://www.pouet.net/prod.php?which=51762
Worryingly I've forgotten how most of that works now :|
http://www.pouet.net/prod.php?which=51762
Worryingly I've forgotten how most of that works now :|
why thank you. I must say that that's a pretty impressive 1k!
