31 comments

[ 3.1 ms ] story [ 65.3 ms ] thread
It's great, thanks!

Thoughts for chapter 2: stuff that often confuses me: PLT, GOT, FDE/CIE.

I love the fact that it's all on one page and uses HTML anchors to get around. It makes it super simple to archive and read up later if the site ever goes down.
Well, you can also fork and git clone it: https://github.com/cirosantilli/cirosantilli.github.io/blob/... :-)
Thanks for the article! I'm really enjoying learning this stuff. One thing that came up which doesn't appear very clear is why `ld` continues to set the entrypoint for executables at 0x08048000 when that seems like such an arbitrary number held over from a version of Unix made decades ago. Wouldn't it be better to just get rid of that and start programs at 0x00000001? (leaving 0x0 open for NUL).
Definitely not. In rough order of importance:

1. Space for NULL should be big enough for at least a medium-sized structure, otherwise (*NULL)->field = blah will overwrite your code. 2. Because of (1), Linux (for example) doesn't even allow processes to map the first page or so of memory. 3. On many platforms the PC needs to be aligned to a word boundary.

I see. I've obviously got a lot more to learn. Thanks :)

One more question, though: how much space should be safe to leave for NULL? Is 128MB enough? Why not only as much as required?

I suppose it doesn't really matter anyway since the entry point location is virtual at this point anyway.

It's impossible to know how much exactly is required. (While structures are fixed size, arrays indices are not.)

Linux allows you to configure the limit at /proc/sys/vm/mmap_min_addr.

I know PLT and GOT but am unfamiliar with the acronyms FDE/CIE. Can you say what those are?
FDE: Frame Description Entry, CIE: Common Information Entry. AFAIR, they're used to unwind the stack in exceptions.

I think it's specified by itanium C++ ABI (which sounds archaic but actually many other processors use the same one).

I don't recall if these things are ELF features or if the ELF only knows about the "eh_frame" section. It's interesting and kinda sorta related low-level stuff IMO.

This tutorial should be read alongside his Address Relocation answer from Stack Overflow:

http://stackoverflow.com/questions/12122446/how-does-c-linki...

And then you might want to skim through An Evil Copy: How the Loader Betrays You:

https://www.microsoft.com/en-us/research/publication/evil-co...

That new CoRev paper is interesting. I haven't had time to read it in detail but it sounds like an intriguing case for compiler/linker buffs.

Slightly OT, there was a very fun ActionScript exploit published by Mark Dowd of IBM in 2008. I'm reminded of it because it's about memory protection vulnerabilities.

"Application-Specific Attacks: Leveraging the ActionScript Virtual Machine"

https://www.cs.utexas.edu/~shmat/courses/cs6431/dowd.pdf

Great article...

Makes you wonder how ELF's brother (PE) and daughter (WASM) are doing.

Is it just me, or are the author's ears slightly pointed?
I don't know about that, but I did notice the author's photo looks like a passport pic (strict, formal). An unusual thing to include on a personal site, maybe.
Yeah, standard booth pic for document format. I don't think I used it in any documents however.
+ University grades changing + Facebook hack + Email interception hack + Email accounts hack + Grade Changes hack + Website crashed hack + Word Press Blogs hack + Retrieval of lost file/documents + Erase criminal records hack + Databases hack + Sales of Dumps cards of all kinds + Untraceable Ip + Bank accounts hack + Individual computers hack + Websites hack + Control devices remotely hack + Burner Numbers hack + Verified Paypal Accounts hack + Any social media account hack + Android & iPhone Hack + server crashed hack + Text message interception hack + Twitters hack + Skype hack + Credit cards hacker + We can drop money into bank accounts. + credit score hack + blank credit card sale + Hack and use Credit Card to shop online + Monitor any phone and email address + Tap into anybody's call and monitor their conversation CONTACT:hackjam600@gmail.com
My favourite page on ELF executables of all time: http://www.muppetlabs.com/~breadbox/software/tiny/teensy.htm..., "A Whirlwind Tutorial on Creating Really Teensy ELF Executables for Linux (or, 'Size Is Everything')"
An interesting read, thanks a lot!
That one is awesome and inspired me to write http://www.hanshq.net/making-executables.html
I like your page about making Android executables, especially the quote from Carmac and comment about the vurtues of being control freak. Have you tried to do the same thing for iOS? What is the current file and directory count for Xcode?
Impressive work.

Anyone know of something equivalent for Mach-o?