Your SlideShare is downloading. ×
FISL XIV - The ELF File Format and the Linux Loader
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

FISL XIV - The ELF File Format and the Linux Loader

972
views

Published on

These are the slides used in a lecture I gave in the XIV International Board on Free Software. In this lecture I gave a brief overview of the ELF specification (the ELF specification is a document …

These are the slides used in a lecture I gave in the XIV International Board on Free Software. In this lecture I gave a brief overview of the ELF specification (the ELF specification is a document describing the format of executable, shared libraries and relocatable objects files used in Linux and many others operating systems) and the Linux dynamic loader (which is a program that acts together with the OS to create and initialize a program address space among others tasks).


0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
972
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
24
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. The ELF File Format and the Linux Loader Divino C´esar S. Lucas Universidade de Campinas - Instituto de Computac¸ ˜ao Laborat´orio de Sistemas de Computac¸ ˜ao (www.lsc.ic.unicamp.br) XIV F´orum Internacional de Software Livre 05 de Julho de 2013
  • 2. The ELF Format The Linux ELF Loader Questions Agenda 1 The ELF (Executable and Linkable Format) Format 2 The Linux ELF Loader 3 Questions Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 3. The ELF Format The Linux ELF Loader Questions Relocatable, Shared Libraries and Executable Files What / Why ELFs? The ELF Header Sections Segments The Pieces of a Program gcc -c -O3 bob.c -o bob.o // relocatable files gcc -c -O3 main.c -o main.o gcc bob.o main.o -o hello // executable file gcc -shared -fPIC bob.c -o libhello.so // shared library gcc main.c -lhello -L. -o hello // dynamically linked executable Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 4. The ELF Format The Linux ELF Loader Questions Relocatable, Shared Libraries and Executable Files What / Why ELFs? The ELF Header Sections Segments What the file looks inside? The Matrix? Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 5. The ELF Format The Linux ELF Loader Questions Relocatable, Shared Libraries and Executable Files What / Why ELFs? The ELF Header Sections Segments What the file looks inside? The Matrix? Not. An ELF! Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 6. The ELF Format The Linux ELF Loader Questions Relocatable, Shared Libraries and Executable Files What / Why ELFs? The ELF Header Sections Segments The Executable and Linkable Format (ELF) Specification for Executable and Linkable Files. Successor of a.out and COFF formats. Besides Linux, it’s also used in: FreeBSD, OpenBSD, Solaris, HP-UX, etc. Used in many devices: PlayStation 3, Dreamcast, Some Nokia Cellphones. Support for modern programming languages and code reutilization. Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 7. The ELF Format The Linux ELF Loader Questions Relocatable, Shared Libraries and Executable Files What / Why ELFs? The ELF Header Sections Segments The ELF Header The ELF Header typedef struct elf32 hdr { unsigned char e ident [ EI NIDENT ] ; Elf32 Half e type ; Elf32 Half e machine ; Elf32 Word e version ; Elf32 Addr e entry ; Elf32 Off e phoff ; Elf32 Off e shoff ; Elf32 Word e flags ; Elf32 Half e ehsize ; Elf32 Half e phentsize ; Elf32 Half e phnum ; Elf32 Half e shentsize ; Elf32 Half e shnum ; Elf32 Half e shstrndx ; } Elf32 Ehdr ; Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 8. The ELF Format The Linux ELF Loader Questions Relocatable, Shared Libraries and Executable Files What / Why ELFs? The ELF Header Sections Segments The ELF Header - Example The ELF Header $ readelf -h executavel ELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2’s complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: Advanced Micro Devices X86-64 Version: 0x1 Entry point address: 0x400410 Start of program headers: 64 (bytes into file) Start of section headers: 4440 (bytes into file) Flags: 0x0 Size of this header: 64 (bytes) Size of program headers: 56 (bytes) Number of program headers: 9 Size of section headers: 64 (bytes) Number of section headers: 30 Section header string table index: 27 Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 9. The ELF Format The Linux ELF Loader Questions Relocatable, Shared Libraries and Executable Files What / Why ELFs? The ELF Header Sections Segments Program Representation Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 10. The ELF Format The Linux ELF Loader Questions Relocatable, Shared Libraries and Executable Files What / Why ELFs? The ELF Header Sections Segments ELF Sections Mainly used during static linking process. Used to group together program portions with are sematically related (eg: data / code / constructors / destructors). Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 11. The ELF Format The Linux ELF Loader Questions Relocatable, Shared Libraries and Executable Files What / Why ELFs? The ELF Header Sections Segments ELF Sections - Example ELF Header Sections Table . . . .text .data .bss . . . Allice.o ELF Header Sections Table Segments Table . . . .text .text .data .data .bss .bss . . . Executable ELF Header Sections Table . . . .text .data .bss . . . Bob.o Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 12. The ELF Format The Linux ELF Loader Questions Relocatable, Shared Libraries and Executable Files What / Why ELFs? The ELF Header Sections Segments ELF Sections - Example Section Table $ readelf -WS executavel [Nr] Name Type Address Off Size ES Flg Lk Inf Al [ 1] .interp PROGBITS 0000000000400238 000238 00001c 00 A 0 0 1 [11] .init PROGBITS 00000000004003c8 0003c8 000018 00 AX 0 0 4 [12] .plt PROGBITS 00000000004003e0 0003e0 000030 10 AX 0 0 16 [13] .text PROGBITS 0000000000400410 000410 000228 00 AX 0 0 16 [15] .rodata PROGBITS 0000000000400648 000648 000031 00 A 0 0 4 [22] .got PROGBITS 0000000000600fe0 000fe0 000008 08 WA 0 0 8 [24] .data PROGBITS 0000000000601010 001010 000020 00 WA 0 0 8 [25] .bss NOBITS 0000000000601030 001030 000010 00 WA 0 0 8 [28] .symtab SYMTAB 0000000000000000 0018d8 000690 18 29 48 8 [29] .strtab STRTAB 0000000000000000 001f68 00022b 00 0 0 1 Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 13. The ELF Format The Linux ELF Loader Questions Relocatable, Shared Libraries and Executable Files What / Why ELFs? The ELF Header Sections Segments ELF Segments Used mainly during process creation (by the dynamic loader). Used to group together sections with the same flags (all text, all data. Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 14. The ELF Format The Linux ELF Loader Questions Relocatable, Shared Libraries and Executable Files What / Why ELFs? The ELF Header Sections Segments ELF Segments - Example Program Headers $ readelf -Wl executavel Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000040 0x0000000000400040 0x0000000000400040 0x0001f8 0x0001f8 R E 0x8 INTERP 0x000238 0x0000000000400238 0x0000000000400238 0x00001c 0x00001c R 0x1 LOAD 0x000000 0x0000000000400000 0x0000000000400000 0x00079c 0x00079c R E 0x200000 LOAD 0x000e28 0x0000000000600e28 0x0000000000600e28 0x000208 0x000218 RW 0x200000 DYNAMIC 0x000e50 0x0000000000600e50 0x0000000000600e50 0x000190 0x000190 RW 0x8 NOTE 0x000254 0x0000000000400254 0x0000000000400254 0x000044 0x000044 R 0x4 GNU_EH_FRAME 0x00067c 0x000000000040067c 0x000000000040067c 0x00003c 0x00003c R 0x4 GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x8 GNU_RELRO 0x000e28 0x0000000000600e28 0x0000000000600e28 0x0001d8 0x0001d8 R 0x1 Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 15. The ELF Format The Linux ELF Loader Questions Relocatable, Shared Libraries and Executable Files What / Why ELFs? The ELF Header Sections Segments ELF Segments - Sections to Segments Mapping from Sections to Segments $ readelf -Wl executavel 00 01 .interp 02 .interp .gnu.hash .dynsym .dynstr .rela.dyn .rela.plt .init .plt .text .fini .rodata 03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .ctors .dtors .jcr .dynamic .got Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 16. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. How a Process Start? Function File Comment Shell/GUI user application Executes fork() to create a news process and execve() to replace the child. execve fs/exec.c Do some preprocessing stuff and calls search binary handler. search binary handler fs/exec.c Identify which type is the binary and calls the appropriate handler. load elf binary fs/binfmt elf.c Validate the binary file and do some preprocessing. start thread arch/x86/kernel/process.c Start a new thread of execution. Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 17. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Loader - workflow 1 Load the main binary. 2 Load the main binary dependencies (shared libraries). 3 Create a symbol resolution map. 4 Apply data relocations (fill the GOT table). 5 Apply function relocations (fill the GOT.PLT table). 6 Call libraries initializers, registry finalizers and start the program. Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 18. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Loading the main binary Loadable Segments $ readelf -Wl executavel Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000040 0x0000000000400040 0x0000000000400040 0x0001f8 0x0001f8 R E 0x8 INTERP 0x000238 0x0000000000400238 0x0000000000400238 0x00001c 0x00001c R 0x1 **** LOAD 0x000000 0x0000000000400000 0x0000000000400000 0x00079c 0x00079c R E 0x200000 **** LOAD 0x000e28 0x0000000000600e28 0x0000000000600e28 0x000208 0x000218 RW 0x200000 **** DYNAMIC 0x000e50 0x0000000000600e50 0x0000000000600e50 0x000190 0x000190 RW 0x8 NOTE 0x000254 0x0000000000400254 0x0000000000400254 0x000044 0x000044 R 0x4 GNU_EH_FRAME 0x00067c 0x000000000040067c 0x000000000040067c 0x00003c 0x00003c R 0x4 GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x8 GNU_RELRO 0x000e28 0x0000000000600e28 0x0000000000600e28 0x0001d8 0x0001d8 R 0x1 Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 19. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. The Dynamic Section/Segment Dynamic Information Block $ readelf -dW executavel Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000c (INIT) 0x4003c8 0x000000000000000d (FINI) 0x400638 0x000000006ffffef5 (GNU_HASH) 0x400298 0x0000000000000005 (STRTAB) 0x400318 0x0000000000000006 (SYMTAB) 0x4002b8 0x000000000000000a (STRSZ) 63 (bytes) 0x000000000000000b (SYMENT) 24 (bytes) 0x0000000000000003 (PLTGOT) 0x600fe8 0x0000000000000002 (PLTRELSZ) 48 (bytes) 0x0000000000000014 (PLTREL) RELA 0x0000000000000017 (JMPREL) 0x400398 0x0000000000000007 (RELA) 0x400380 0x0000000000000008 (RELASZ) 24 (bytes) 0x0000000000000009 (RELAENT) 24 (bytes) Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 20. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Dependences from my dependences... Executable libz.so liby.so ... libc.so libb.so liba.so libb.so libe.so libd.so libc.so liby.so libg.so libf.so libe.so Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 21. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Shared Libraries: ldd and ldconfig ldconfig to find dynamic dependencies $ ldconfig -p ... libBrokenLocale.so.1 (libc6, OS ABI: Linux 2.6.24) => /lib/i386-linux-gnu/libBrokenLocale.so.1 ld-linux-x86-64.so.2 (libc6,x86-64) => /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 libQtXml.so.4 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libQtXml.so.4 libQtWebKit.so.4 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libQtWebKit.so.4 libQtSvg.so.4 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libQtSvg.so.4 libQtSql.so.4 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libQtSql.so.4 ... Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 22. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Process Address Space Executable (.text) Executable (.data) Executable ( .bss) HEAP Library-A (.text) Library-A (.data) Library-A ( .bss) Library-B (.text) Library-B (.data) Library-B ( .bss) STACK Lower Addresses Higher Addresses Process Address Space Fixed distance Fixed distance Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 23. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Symbol resolution scope and ordering Executable libz.so liby.so ... libc.so libb.so liba.so libb.so libe.so libd.so libc.so liby.so libg.so libf.so libe.so Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 24. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Relocations Relocation is the process of connecting symbolic references with symbolic definitions. There are data relocations and function relocations. Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 25. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Relocations - Why do we need relocations (Part 1)? gcc -c -O3 bob.c -o bob.o // relocatable files gcc -c -O3 main.c -o main.o gcc bob.o main.o -o hello // executable file gcc -shared -fPIC bob.c -o libhello.so // shared library gcc main.c -lhello -L. -o hello // dynamically linked executable Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 26. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Relocations - Why do we need relocations (Part 1)? gcc -c -O3 bob.c -o bob.o // relocatable files gcc -c -O3 main.c -o main.o gcc bob.o main.o -o hello // executable file gcc -shared -fPIC bob.c -o libhello.so // shared library gcc main.c -lhello -L. -o hello // dynamically linked executable Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 27. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Relocations - Why do we need relocations (Part 2)? Executable (.text) Executable (.data) Executable ( .bss) HEAP Library-A (.text) Library-A (.data) Library-A ( .bss) Library-B (.text) Library-B (.data) Library-B ( .bss) STACK Process A . . . . . . Library-A (.text) Library-A (.data) Library-A ( .bss) Library-A (.data) Library-A ( .bss) Library-B (.text) Library-B (.data) Library-B ( .bss) Library-C (.text) Library-C (.data) Library-C ( .bss) . . . . . . Physical Memory Executable (.text) Executable (.data) Executable ( .bss) HEAP Library-A (.text) Library-A (.data) Library-A ( .bss) Library-C (.text) Library-C (.data) Library-C ( .bss) STACK Process B Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 28. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Relocations - Where are them? Data and function relocations $ readelf -rW executavel Relocation section ’.rela.dyn’ at offset 0x380 contains 1 entries: Offset Info Type Symbol’s Value Symbol’s Name + Addend 0000000000600fe0 0000000300000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0 Relocation section ’.rela.plt’ at offset 0x398 contains 2 entries: Offset Info Type Symbol’s Value Symbol’s Name + Addend 0000000000601000 0000000100000007 R_X86_64_JUMP_SLOT 0000000000000000 printf + 0 0000000000601008 0000000200000007 R_X86_64_JUMP_SLOT 0000000000000000 __libc_start_main + 0 Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 29. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Dynamic Symbol Table (dynsym) $ readelf -Ws libtest.so Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000000498 0 SECTION LOCAL DEFAULT 9 2: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 3: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND foo 4: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 5: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.2.5 (2) 6: 0000000000201018 0 NOTYPE GLOBAL DEFAULT ABS _edata 7: 0000000000201028 0 NOTYPE GLOBAL DEFAULT ABS _end 8: 0000000000201018 0 NOTYPE GLOBAL DEFAULT ABS __bss_start 9: 00000000000005ac 11 FUNC GLOBAL DEFAULT 11 function 10: 0000000000000498 0 FUNC GLOBAL DEFAULT 9 _init 11: 00000000000005f8 0 FUNC GLOBAL DEFAULT 12 _fini Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 30. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Dynamic String Table (dynstr) $ readelf -p .dynstr executavel String dump of section ’.dynstr’: [ 1] libhello.so [ d] __gmon_start__ [ 1c] _Jv_RegisterClasses [ 30] bob_speak [ 3a] _init [ 40] _fini [ 46] libc.so.6 [ 50] __libc_start_main [ 62] _edata [ 69] __bss_start [ 75] _end [ 7a] GLIBC_2.2.5 Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 31. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Global Offset Table gcc -shared -fPIC hello.c -o libhello.so #include <stdio . h> int valor1 ; int fun1 ( void ) { valor1 = 123; p r i n t f ( ” Valor de valor1 = %dn ” , valor1 ) ; return 0; } Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 32. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Global Offset Table objdump -d libhello.so 5f0 : mov 0x2009d9(% r i p ),% rax # 200fd0 < DYNAMIC+0x188> 5f7 : movl $0x7b ,(% rax ) Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 33. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Global Offset Table readelf -WS libhello.so [20] .got PROGBITS 0000000000200 fc8 000fc8 000020 08 WA 0 0 8 [21] . g o t . p l t PROGBITS 0000000000200fe8 000fe8 000028 08 WA 0 0 8 Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 34. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Global Offset Table readelf -Wr libhello.so Relocation section ’.rela.dyn’ at offset 0x428 contains 5 entries: Offset Info Type Symbol’s Value Symbol’s Name + Addend ... 0000000000200fd0 0000000c00000006 R_X86_64_GLOB_DAT 0000000000201028 valor1 + 0 ... Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 35. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Procedure Linkage Table objdump -d exec 4005 fd : c a l l q 400500 <fun1@plt> 400500 <fun1@plt >: 400500: jmpq ∗0x200b02(% r i p ) # 601008 < GLOBAL OFFSET TABLE +0x20> 400506: pushq $0x1 40050b : jmpq 4004e0 < i n i t +0x20> 4004e0 < l i b c s t a r t m a i n @ p l t −0x10 >: 4004e0 : pushq 0x200b0a(% r i p ) # 600 f f 0 < GLOBAL OFFSET TABLE +0x8> 4004e6 : jmpq ∗0x200b0c(% r i p ) # 600 f f 8 < GLOBAL OFFSET TABLE +0x10> 4004ec : nopl 0x0(%rax ) Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 36. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Procedure Linkage Table readelf -Wr exec Offset Info Type Symbol’s Value Symbol’s Name + Addend 0000000000601000 0000000100000007 R_X86_64_JUMP_SLOT 0000000000000000 __libc_start_main + 0 0000000000601008 0000000300000007 R_X86_64_JUMP_SLOT 0000000000000000 fun1 + 0 Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 37. The ELF Format The Linux ELF Loader Questions 1) Load the main binary 2) Load the main binary dependencies 3) Create a symbol resolution map 4 and 5) Apply data and function relocations 6) Initialize libraries and jump to program start. Program Initialization Flow Divino C´esar S. Lucas The ELF File Format and the Linux Loader
  • 38. The ELF Format The Linux ELF Loader Questions Thank you! Questions? divcesar [at] gmail [dot] com http://johntortugo.wordpress.com Divino C´esar S. Lucas The ELF File Format and the Linux Loader