I love the fact that it's all on one page and uses HTML anchors to get around. It makes it super simple to archive and read up later if the site ever goes down.
Thanks for the article! I'm really enjoying learning this stuff. One thing that came up which doesn't appear very clear is why `ld` continues to set the entrypoint for executables at 0x08048000 when that seems like such an arbitrary number held over from a version of Unix made decades ago. Wouldn't it be better to just get rid of that and start programs at 0x00000001? (leaving 0x0 open for NUL).
1. Space for NULL should be big enough for at least a medium-sized structure, otherwise (*NULL)->field = blah will overwrite your code.
2. Because of (1), Linux (for example) doesn't even allow processes to map the first page or so of memory.
3. On many platforms the PC needs to be aligned to a word boundary.
FDE: Frame Description Entry, CIE: Common Information Entry. AFAIR, they're used to unwind the stack in exceptions.
I think it's specified by itanium C++ ABI (which sounds archaic but actually many other processors use the same one).
I don't recall if these things are ELF features or if the ELF only knows about the "eh_frame" section. It's interesting and kinda sorta related low-level stuff IMO.
That new CoRev paper is interesting. I haven't had time to read it in detail but it sounds like an intriguing case for compiler/linker buffs.
Slightly OT, there was a very fun ActionScript exploit published by Mark Dowd of IBM in 2008. I'm reminded of it because it's about memory protection vulnerabilities.
"Application-Specific Attacks: Leveraging the ActionScript
Virtual Machine"
I don't know about that, but I did notice the author's photo looks like a passport pic (strict, formal). An unusual thing to include on a personal site, maybe.
+ University grades changing
+ Facebook hack
+ Email interception hack
+ Email accounts hack
+ Grade Changes hack
+ Website crashed hack
+ Word Press Blogs hack
+ Retrieval of lost file/documents
+ Erase criminal records hack
+ Databases hack
+ Sales of Dumps cards of all kinds
+ Untraceable Ip
+ Bank accounts hack
+ Individual computers hack
+ Websites hack
+ Control devices remotely hack
+ Burner Numbers hack
+ Verified Paypal Accounts hack
+ Any social media account hack
+ Android & iPhone Hack
+ server crashed hack
+ Text message interception hack
+ Twitters hack
+ Skype hack
+ Credit cards hacker
+ We can drop money into bank accounts.
+ credit score hack
+ blank credit card sale
+ Hack and use Credit Card to shop online
+ Monitor any phone and email address
+ Tap into anybody's call and monitor their
conversation
CONTACT:hackjam600@gmail.com
I like your page about making Android executables, especially the quote from Carmac and comment about the vurtues of being control freak. Have you tried to do the same thing for iOS? What is the current file and directory count for Xcode?
ELF is pretty generally applicable to all NIX and NIX-like platforms, so I often refer to the Solaris Libraries and Linkers guide which has a lot of generally useful information and guidance:
Also it is interesting that the powerpc elf loader verifies that the e_ehsize is the same size as the allocated buffer, perhaps they had an issue at one point.
31 comments
[ 3.1 ms ] story [ 65.3 ms ] threadThoughts for chapter 2: stuff that often confuses me: PLT, GOT, FDE/CIE.
1. Space for NULL should be big enough for at least a medium-sized structure, otherwise (*NULL)->field = blah will overwrite your code. 2. Because of (1), Linux (for example) doesn't even allow processes to map the first page or so of memory. 3. On many platforms the PC needs to be aligned to a word boundary.
One more question, though: how much space should be safe to leave for NULL? Is 128MB enough? Why not only as much as required?
I suppose it doesn't really matter anyway since the entry point location is virtual at this point anyway.
Linux allows you to configure the limit at /proc/sys/vm/mmap_min_addr.
I think it's specified by itanium C++ ABI (which sounds archaic but actually many other processors use the same one).
I don't recall if these things are ELF features or if the ELF only knows about the "eh_frame" section. It's interesting and kinda sorta related low-level stuff IMO.
http://wiki.dwarfstd.org/index.php?title=Exception_Handling
http://eli.thegreenplace.net/2011/08/25/load-time-relocation...
http://eli.thegreenplace.net/2011/11/03/position-independent...
http://stackoverflow.com/questions/12122446/how-does-c-linki...
And then you might want to skim through An Evil Copy: How the Loader Betrays You:
https://www.microsoft.com/en-us/research/publication/evil-co...
Slightly OT, there was a very fun ActionScript exploit published by Mark Dowd of IBM in 2008. I'm reminded of it because it's about memory protection vulnerabilities.
"Application-Specific Attacks: Leveraging the ActionScript Virtual Machine"
https://www.cs.utexas.edu/~shmat/courses/cs6431/dowd.pdf
http://nullprogram.com/blog/2016/11/17/
Makes you wonder how ELF's brother (PE) and daughter (WASM) are doing.
https://github.com/abraithwaite/teensy
https://docs.oracle.com/cd/E53394_01/html/E54813/glcfv.html#...
Anyone know of something equivalent for Mach-o?
https://github.com/sergev/elftoolchain/search?utf8=%E2%9C%93...
Also it is interesting that the powerpc elf loader verifies that the e_ehsize is the same size as the allocated buffer, perhaps they had an issue at one point.
https://github.com/torvalds/linux/blob/ba6d973f78eb62ffebb32...