Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Zissectedyfile: A Linux Executable Walkthrough

    Încărcat de

    Tamil Selvan
    134 vizualizări1 pagină
    elf

    Titlu original

    elf101

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    elf

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    134 vizualizări1 pagină

    Zissectedyfile: A Linux Executable Walkthrough

    Încărcat de

    Tamil Selvan
    elf

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 1

    RLY

    wTw

    xecutable inkable
    yyyyyyyyyyyyyyyyv

    ormat

    a Linux executable walkthrough

    7ngey7lbertini
    corkamiIcom

    static

    Hexadecimalydump

    7S&IIydump

    zissectedyfile
    m\xvixvRxvzx/px/px/px//x//x//x//x//x//x//x//x//xxfu'\ffffffffffff
    /_x//x/yx//x/px//x//x//xz/x//x//x/gxv/x//x//x//xxffffffff`fffSfff
    R/x//x//x//x//x//x//x//xyvx//x_/x//x/px//x_gx//xxfffffffvffffff
    /vx//x/yx//xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxffff
    m\xvixvRxvzx/px/px/px//x//x//x//x//x//x//x//x//xx u'\ffffffffffff
    /_x//x/yx//x/px//x//x//xz/x//x//x/gxv/x//x//x//xxffffffff`fffSfff
    R/x//x//x//x//x//x//x//xyvx//x_/x//x/px//x_gx//xxfffffffvffffff
    identifyyasyanyRLYytype
    specifyytheyarchitecture
    /vx//x/yx//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff

    RLYyheader

    ~$uname -p
    i686
    ~$./simple.elf
    Hello World!
    ///,
    m\xvixvRxvzx/px/px/px//x//x//x//x//x//x//x//x//xx u'\ffffffffffff
    /_x//x/yx//x/px//x//x//xz/x//x//x/gxv/x//x//x//xxffffffff`fffSfff
    R/x//x//x//x//x//x//x//xyvx//x_/x//x/px//x_gx//xxfffffffvffffff
    /vx//x/yx//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff

    ProgramyHeaderytable

    /px//x//x//x//x//x//x//x//x//x//x/gx//x//x//x/gxxffffffffffffffff
    T/x//x//x//xT/x//x//x//x/ix//x//x//x//x//x//x//xxffffffffffffffff
    Rxecutionyinformation

    Header

    Offset,/xv/:Tddress,/xg////v/

    /px//x//x//x//x//x//x//x//x//x//x/gx//x//x//x/gxxxffffffffffffffff
    T/x//x//x//xT/x//x//x//x/ix//x//x//ffffxxxxxxxxxxxxxxffffffff

    wVU

    m\xvixvRxvzx/px/px/px//x//x//x//x//x//x//x//x//xx u'\ffffffffffff
    /_x//x/yx//x/px//x//x//xz/x//x//x/gxv/x//x//x//xxffffffff`fffSfff
    R/x//x//x//x//x//x//x//xyvx//x_/x//x/px//x_gx//xxfffffffvffffff
    /vx//x/yx//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff

    technicalydetailsyfory
    identificationyandyexecution

    /px//x//x//x//x//x//x//x//x//x//x/gx//x//x//x/gxxffffffffffffffff
    T/x//x//x//xT/x//x//x//x/ix//x//x//x//x//x//x//xxffffffffffffffff

    /v/,
    /px//x//x//x//x//x//x//x//x//x//x/gx//x//x//x/gxxffffffffffffffff
    i/x//x//x//xi/x//x//x//x/ix//x//x//x//x//x//x//xxffffffffffffffff
    /z/,
    Vcxc/x//x//x/gxVTx/Nx//x//x//xVVx/px//x//x//xVgxxfxfffffffffff
    /vx//x//x//xRNxg/xVVx/px//x//x//xVgx/px//x//x//xxffffffffffff
    RNxg/x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffff

    simpleIelf

    /c/,
    vgxzixzRxzRxz\x_/ximxz\xm_xzRxzvx_px/Tx//x//x//xxXellofWorldoffff
    /a/,
    //x_uxmyxzgxmyxmvxm_xmvxzpxz_x//x_uxmvxzixmgxmvxxffshstrtabfftext
    //x_uxm_xz\xzvxzpxmvxzpx//x//x//x//x//x//x//x//xxffrodataffffffff
    SH7AwBy9:U,*9-:b-:b:X*bwNfd,*bTNXXa,-*TebcadcNb

    downloady@yelfwTwIcorkamiIcom
    /T/,
    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//x/Vx//x//x//x/px//x//x//xxffffffffffffffff
    /zx//x//x//xz/x//x//x/gxz/x//x//x//x__x//x//x//xxffff`fff`fffdfff
    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    ppx//x//x//x/px//x//x//x/_x//x//x//xc/x//x//x/gxxffffffffffffxfff
    c/x//x//x//x/Nx//x//x//x//x//x//x//x//x//x//x//xxxfffffffffffffff
    //x//x//x//x//x//x//x//x/px//x//x//x/yx//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//xT/x//x//x//xpcx//x//x//xxffffffffxfffffff
    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff

    sections

    Vcxc/x//x//x/gxVTx/Nx//x//x//xVVx/px//x//x//xVgxxfxfffffffffff
    /vx//x//x//xRNxg/xVVx/px//x//x//xVgx/px//x//x//xxffffffffffff
    RNxg/x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffff

    Vcxc/x//x//x/gxVTx/Nx//x//x//xVVx/px//x//x//xVgxxfxfffffffffff
    /vx//x//x//xRNxg/xVVx/px//x//x//xVgx/px//x//x//xxffffffffffff
    executableyinformation
    RNxg/x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffff

    &ode

    vgxzixzRxzRxz\x_/ximxz\xm_xzRxzvx_px/Tx//x//x//xxXellofWorldoffff

    contentsyofytheyexecutable
    //x_uxmyxzgxmyxmvxm_xmvxzpxz_x//x_uxmvxzixmgxmvxxffshstrtabfftext
    //x_uxm_xz\xzvxzpxmvxzpx//x//x//x//x//x//x//x//xxffrodataffffffff

    N
    Offset,/xz/:Tddress,/xg////z/
    p

    zata

    vgxzixzRxzRxz\x_/ximxz\xm_xzRxzvx_px/Tx//x//x//xxXellofWorldoffff
    informationyusedybyytheycode

    Values

    Rxplanation

    /xm\xdu'\d
    pxxxxp
    p
    _
    y
    p
    /xg////z/
    /xv/
    /xR/
    /xyv
    /x_/
    p
    /x_g
    v
    y

    constantysignature
    NUybits/yLittleARndian
    7lwaysyw
    Rxecutable
    IntelyN-9y0andylater.
    7lwaysyw
    7ddressywhereyexecutionystarts
    ProgramyHeaders1yoffset
    SectionyHeaders1yoffset
    Rlfyheader1sysize
    SizeyofyaysingleyProgramyHeader
    &ountyofyProgramyHeaders
    SizeyofyaysingleySectionyHeader
    &ountyofySectionyHeaders
    Indexyofytheynames1ysectionyinytheytable

    p_type
    p_offset
    p_vaddr
    p_paddr
    p_filesz
    p_memsz
    p_flags

    p
    /
    /xg//////
    /xg//////
    /xT/
    /xT/
    i

    u'\R'TSSy_

    u'\NTTT_'SV

    uV_RURRuNT
    uT_uXuR
    uM_ygz

    uV_RURRuNT

    Theysegmentyshouldybeyloadedyinymemory
    Offsetywhereyityshouldybeyread
    Virtualyaddressywhereyityshouldybeyloaded
    Physicalyaddressywhereyityshouldybeyloaded
    Sizeyonyfile
    Sizeyinymemory
    ReadableyandyeXecutable

    PT_'OTN

    P\_R|P\_X

    Rquivalenty&ycode

    x-9yassembly
    movxecxx/xg///c/
    movxedxx/xN
    movxebxxp
    movxeaxxv
    intx/xg/

    msg

    MSU_'uN

    STNOUT

    Vcxc/x//x//x/gxVTx/Nx//x//x//xVVx/px//x//x//xVgxxffffffffffffffff
    /vx//x//x//xRNxg/xVVx/px//x//x//xVgx/px//x//x//xxffffffffffffffff
    i

    Yields
    e_identx
    xxuP_MTU
    xxuP_R'TSSxuP_NTTT
    xxuP_VuRSPON
    e_type
    e_machine
    e_version
    e_entry
    e_phoff
    e_shoff
    e_ehsize
    e_phentsize
    e_phnum
    e_shentsize
    e_shnum
    e_shstrndx

    SR_WRPTu

    systemxcall

    writeb2Hello6World8\r2,6STDOUT,6lenb2Hello6World8\r2AA;

    RNxg/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxff

    movxebxxp
    movxeaxxp
    intx/xg/

    returnxcode
    SR_uXPT

    systemxcall

    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//x/Vx//x//x//x/px//x//x//xxffffffffffffffff
    /zx//x//x//xz/x//x//x/gxz/x//x//x//x__x//x//x//xxffff`fff`fffdfff
    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    ppx//x//x//x/px//x//x//x/_x//x//x//xc/x//x//x/gxxffffffffffffxfff
    c/x//x//x//x/Nx//x//x//x//x//x//x//x//x//x//x//xxxfffffffffffffff
    //x//x//x//x//x//x//x//x/px//x//x//x/yx//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//xT/x//x//x//xpcx//x//x//xxffffffffxfffffff
    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff

    //x_uxmyxzgxmyxmvxm_xmvxzpxz_x//x_uxmvxzixmgxmvxxffshstrtabfftext
    //x_uxm_xz\xzvxzpxmvxzpx//x//x//x//x//x//x//x//xxffrodataffffffff

    Sections1ynames

    Strings

    Offset,/xc/:Tddress,/xg////c/

    header

    UVU

    vgxzixzRxzRxz\x_/ximxz\xm_xzRxzvx_px/Tx//xxxxxxxxXellofWorldoff

    technicalydetailsyforylinking
    0ignoredyforyexecution.

    dXelloxWorldo\rdx/

    Sectionynames

    Offset,/xT/

    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//x/Vx//x//x//x/px//x//x//xxffffffffffffffff
    /zx//x//x//xz/x//x//x/gxz/x//x//x//x__x//x//x//xxffff`fff`fffdfff
    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    ppx//x//x//x/px//x//x//x/_x//x//x//xc/x//x//x/gxxffffffffffffffff
    Linkingy0connectingyprogramyobjects.yinformation
    c/x//x//x//x/Nx//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//x/px//x//x//x/yx//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//xT/x//x//x//xpcx//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff

    SectionyHeaderytable

    //x_uxmyxzgxmyxmvxm_xmvxzpxz_x//x_uxmvxzixmgxmvxxffshstrtabfftext
    //x_uxm_xz\xzvxzpxmvxzpx//xxxxxxxxxxxxxxxxxxxxxxxffrodataf

    exitb1A;

    ddxxfshrtrtabxxftextxxxxfrodata

    Offset,/xR/

    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//x/Vx//x//x//x/px//x//x//xxffffffffffffffff
    /zx//x//x//xz/x//x//x/gxz/x//x//x//x__x//x//x//xxffff`fff`fffdfff
    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    ppx//x//x//x/px//x//x//x/_x//x//x//xc/x//x//x/gxxffffffffffffffff
    c/x//x//x//x/Nx//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//x/px//x//x//x/yx//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//xT/x//x//x//xpcx//x//x//xxffffffffffffffff
    //x//x//x//x//x//x//x//x//x//x//x//x//x//x//x//xxffffffffffffffff

    SectionyHeaderytable
    sh_name

    sh_type

    theyRLYyheaderyisyparsed
    theyProgramyHeaderyisyparsed

    sh_addr

    sh_offset

    sh_size

    SXT_NU''xinactive

    SXT_PROUVPTSxprogram

    SX\_T''ORxallocated
    SX\_uXuRPNSTRxexecutable

    SXT_PROUVPTSxprogram

    SX\_T''ORxallocated

    SXT_STRTTVxstringxtable

    relativexoffsets
    inxnamesxsection

    Thisyisytheywholeyfile/yhowever/ymostyRLYyfilesycontainymanyymoreyelementsI
    Rxplanationsyareysimplified/yforyconcisenessI

    Loadingyprocess
    w header

    sh_flags

    IndexyyyyNameyyyyyyyyyyyyyyyTYPRyyyyyyyyyyyyyyyyyyyyyyYL7ZSyyyyyyyyyyyyyyyyyy7zzRRSSyyyyyyyyyyyyOYYSRTyyyyyyyySIZR
    6066<null>6666606
    6166.text666666166666666666666666666660x8000060660x606660x22
    6266.rodata6666166666666666266666666660x8000090660x906660x0D
    6366.shrtrtab6636666666666666666666666666666666660xA06660x19

    U Mapping

    N Rxecution

    theyfileyisymappedyinymemory
    accordingytoyitsysegment0s.

    Offset

    Virtual Address

    0Sectionsyareynotyused.

    0x8000000

    0xA0

    0x80000A0

    p_vaddr

    p_memsz

    LOAD Segment

    0x00
    p_filesz

    p_offset

    Rntryyisycalled
    SyscallsyyyareyaccessedyviaB
    yAySyscallynumberyinytheyR7Xyregister
    yAycallingyInterruptyTx-T
    kernel
    services

    Trivia
    TheyRLYywasyfirstyspecifiedybyyUISIyLI
    foryUNIXySystemyV/yinyw**T
    nix

    ystem

    aboratories

    TheyRLYyisyused/yamongyothers/yinBy
    yAyLinux/y7ndroid/y25Sz/ySolaris/y5eOS
    yAyPSP/yPlaystationyUAX/yzreamcast/yZame&ube/yWii
    AyvariousyOSesymadeybyySamsung/yRricsson/yNokia/
    AyMicrocontrollersyfromy7tmel/yTexasyInstruments
    versionywIT
    UTwNVwwVUT

    S-ar putea să vă placă și