ELF 101

454 views

Published on

ELF Binary format 101

Published in: Technology
  • Be the first to comment

  • Be the first to like this

ELF 101

  1. 1. ELF 101 cmj 1
  2. 2. • If you know how to • create a minimal ELF file by hand • self-modified code (SMC) 2
  3. 3. You can pass this slides ! 3
  4. 4. ELF • Executable and Linkable Format • Means it can • Execute as a binary • Linked by another binary 4
  5. 5. • Build a minimal ELF by hand • General header • Program header • Machine code 5
  6. 6. • General Header - Basic ELF information • System - 32 / 64 bits • Architecture - AMD / ARM / PPC / … • Class - Big / Little Endian • … etc 6
  7. 7. • Program Header - Running and Code Location • Memory type - RWX • Memory address location from 7
  8. 8. • Machine Code - Translate Instruction to Code • Register - RAX / ESP / RIP • Memory - 0x1000178 • syscall table - syscall / int 8
  9. 9. See Hex 9
  10. 10. General Header x86_64 / executable 10
  11. 11. Program Header only one program segment 11
  12. 12. Give an Example 12
  13. 13. • How to say hello world • Need write something to stdout • Write string into men • Setup register • Call syscall • Need to exit normally • Setup register • Call syscall 13
  14. 14. • How to say hello world • Need write something to stdout • Write string into mem • Setup register • Call syscall • Need to exit normally • Setup register • Call syscall 14
  15. 15. • How to say hello world • Need write something to stdout • Write string into mem • Setup register • Call syscall • Need to exit normally • Setup register • Call syscall 15
  16. 16. Hello World X86_64 instruction set 16
  17. 17. This is TRIVIAL part 17
  18. 18. Next Part ~ Self-Modify ~ 18
  19. 19. How and Why 19
  20. 20. • How • The normal way - Write something into men • The abnormal way - Write something into mem 20
  21. 21. • Code are store in memory • mov data from register into mem • mov 0x1000689(rax) rax 21
  22. 22. @bnormal Way 22
  23. 23. • Buffer Overflow • Stack Variable/Function are store as stack. • Write something to variable === Write to mem 23
  24. 24. Conclusion • SMC in ASM is the supported method, if • Find out where can write to • How many you can write to • Then, just write the code into memory 24
  25. 25. Thanks for your attention ~ 25

×