Skip to content

Tag: elf

Understanding ELF64 text/data segment layout/padding

I’m trying to brush up on UNIX viruses and one text I’m reading mentions that parasitic code can be inserted in the padding between the text and the data segment, supposedly up to 2MB in size on x86-64 systems. But when I compile a simple hello world program with gcc -no-pie… …and inspect its segment headers with readelf -W -l

Overlapping mappings for loaded ELF segments

I’d like to understand a detail of how the dynamic loader creates mappings for ELF segments. Consider a tiny shared library linked with GNU ld. The program headers are: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align LOAD 0x000000 0x0000000000000000 0x0000000000000000 0x00095c 0x00095c R E 0x200000 LOAD 0x000df8 0x0000000000200df8 0x0000000000200df8 0x000250 0x000258 RW 0x200000 DYNAMIC 0x000e08 0x0000000000200e08 0x0000000000200e08 0x0001d0 0x0001d0

How does the ELF64 loader know to update the initial addresses in .got.plt?

Consider the following program hello.c: The file is compiled with gcc -o hello -Og -g hello.c and then loaded with gdb hello. Inspecting the GOT for the call to printf with p ‘printf@got.plt’ gives which is the offset of the second instruction in the corresponding PLT entry relative to the start of the section. After starting and linking the program

Relocation addend in ELF files – Elf64_Rel vs Elf64_Rela?

ELF files contain two structures to handle relocations: Elf64_Rel: and Elf64_Rela: I want to take peek at the relocation entries but I’m not sure which one to use, the manual pages are quite crypt about this. Is there a specific usage for each? Answer This depends on the target. Most targets use only one of the two forms. The Relocation

Segmentation fault when using memory with custom ELF file

I am trying to program a small ELF program with a custom ELF header but have a segmentation fault whenever i am writing to memory. Why would that code trigger a segmentation fault ? %assign LOAD_ADDRESS 0x08048000 BITS 32 org LOAD_ADDRESS ; load address ehdr: ; Elf32_Ehdr db 0x7F, “ELF”, 1, 1, 1 ; e_ident times 9 db 0 ;