Downloaded 11 times
Uploaded byChia-Hao Tsai
ELF 101
The document discusses creating a minimal ELF (Executable and Linkable Format) file by hand. It explains that an ELF file contains a general header with metadata like the system architecture and endianness. It also contains a program header specifying the memory layout and permissions. The document gives an example of writing a "Hello World" program manually by writing the string to memory, setting registers, and calling syscalls to write to stdout and exit. It then introduces the concept of self-modifying code where the program writes instructions directly to memory at runtime.
More Related Content
![[2017.03.18] hst binary training part 1](https://cdn.slidesharecdn.com/ss_thumbnails/2017-170324055826-thumbnail.jpg?width=640&height=640&fit=bounds)
![[2019.05] HST - RegEx 101 ~ 1001](https://cdn.slidesharecdn.com/ss_thumbnails/2019-190511134247-thumbnail.jpg?width=640&height=640&fit=bounds)
![[2019.02.16] hst - orm](https://cdn.slidesharecdn.com/ss_thumbnails/2019-190216160351-thumbnail.jpg?width=640&height=640&fit=bounds)
![[2019.01.12] hst iptables 101 to 301](https://cdn.slidesharecdn.com/ss_thumbnails/2019-190115125254-thumbnail.jpg?width=640&height=640&fit=bounds)
![[2018.12.15] hst python object 102](https://cdn.slidesharecdn.com/ss_thumbnails/2018-181226015614-thumbnail.jpg?width=640&height=640&fit=bounds)
![[2018.11.16] Python Object 101](https://cdn.slidesharecdn.com/ss_thumbnails/2018-181119022658-thumbnail.jpg?width=640&height=640&fit=bounds)
ELF 101
- 1.
- 2. • If youknow how to • create a minimal ELF file by hand • self-modified code (SMC) 2
- 3. You can passthis slides ! 3
- 4. ELF • Executable andLinkable Format • Means it can • Execute as a binary • Linked by another binary 4
- 5. • Build aminimal ELF by hand • General header • Program header • Machine code 5
- 6. • General Header- Basic ELF information • System - 32 / 64 bits • Architecture - AMD / ARM / PPC / … • Class - Big / Little Endian • … etc 6
- 7. • Program Header- Running and Code Location • Memory type - RWX • Memory address location from 7
- 8. • Machine Code- Translate Instruction to Code • Register - RAX / ESP / RIP • Memory - 0x1000178 • syscall table - syscall / int 8
- 9.
- 10. General Header x86_64 /executable 10
- 11. Program Header only oneprogram segment 11
- 12.
- 13. • How tosay hello world • Need write something to stdout • Write string into men • Setup register • Call syscall • Need to exit normally • Setup register • Call syscall 13
- 14. • How tosay hello world • Need write something to stdout • Write string into mem • Setup register • Call syscall • Need to exit normally • Setup register • Call syscall 14
- 15. • How tosay hello world • Need write something to stdout • Write string into mem • Setup register • Call syscall • Need to exit normally • Setup register • Call syscall 15
- 16.
- 17. This is TRIVIALpart 17
- 18.
- 19.
- 20. • How • Thenormal way - Write something into men • The abnormal way - Write something into mem 20
- 21. • Code arestore in memory • mov data from register into mem • mov 0x1000689(rax) rax 21
- 22.
- 23. • Buffer Overflow •Stack Variable/Function are store as stack. • Write something to variable === Write to mem 23
- 24. Conclusion • SMC inASM is the supported method, if • Find out where can write to • How many you can write to • Then, just write the code into memory 24
- 25. Thanks for yourattention ~ 25