我需要学习手动创建ELF可执行文件。到目前为止,我一直在使用在线指南,如:
在几次失败之后,我将我的程序简化为以下内容(它应该以返回代码0退出):
0000000: 7f45 4c46 0101 0100 0000 0000 0000 0010 .ELF............
0000010: 0200 0300 0100 0000 8080 0408 3400 0000 ............4...
0000020: 0000 0000 0000 0000 3400 2000 0100 2800 ........4. ...(.
0000030: 0000 0000 0100 0000 5400 0000 8080 0408 ........T.......
0000040: 0000 0000 0c00 0000 0c00 0000 0500 0000 ................
0000050: 0010 0000 b801 0000 00bb 0000 0000 cd80 ................
当我尝试执行它时,它会与SIGSEGV崩溃。 GDB打印:
During startup program terminated with signal SIGSEGV, Segmentation fault.
我做错了什么?
答案 0 :(得分:2)
使用二进制文件,我从GDB得到不同的输出:
(gdb) r
Starting program: /tmp/sample.elf.bad
During startup program terminated with signal SIGKILL, Killed.
看二进制文件:
readelf -l sample.elf
Elf file type is EXEC (Executable file)
Entry point 0x8048080
There are 1 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000054 0x08048080 0x00000000 0x0000c 0x0000c R E 0x1000
在这里,您要求内核mmap在虚拟地址0x54处具有文件偏移0x08048080的段。
由于这两个数字彼此模数不相等,因此内核拒绝:
strace ./sample.elf
execve("./sample.elf", ["./sample.elf"], [/* 42 vars */] <unfinished ...>
+++ killed by SIGKILL +++
Killed
上面的strace意味着内核试图创建进程,不喜欢它看到的内容,并以偏见终止它。没有执行二进制文件的指令。
将LOAD虚拟地址和入口点修复为0x08048054会产生所需的可执行文件:
strace ./sample.elf
execve("./sample.elf", ["./sample.elf"], [/* 42 vars */]) = 0
[ Process PID=23172 runs in 32 bit mode. ]
_exit(0) = ?
+++ exited with 0 +++
这是它的hexdump:
hd ./sample.elf
00000000 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 10 |.ELF............|
00000010 02 00 03 00 01 00 00 00 54 80 04 08 34 00 00 00 |........T...4...|
00000020 00 00 00 00 00 00 00 00 34 00 20 00 01 00 28 00 |........4. ...(.|
00000030 00 00 00 00 01 00 00 00 54 00 00 00 54 80 04 08 |........T...T...|
00000040 00 00 00 00 0c 00 00 00 0c 00 00 00 05 00 00 00 |................|
00000050 00 10 00 00 b8 01 00 00 00 bb 00 00 00 00 cd 80 |................|
00000060