All geek questions in one place

ELF Program Header Offset

I write the ELF executable header + the program header manually as follows:

elf_head: e_ident db 7Fh, 'ELF', 1, 1, 1 times 9 db 0 e_type dw 2 ; ET_EXEC e_mach dw 3 ; EM_386 e_ver dd 1 ; EV_CURRENT e_entry dd 0x08048000+elf_head_len ; entry point e_phoff dd 34h ; program header table offset e_shoff dd 00h ; section header table offset e_flags dd 0 ; flags e_elfhs dw 34h ; ELF header size e_phes dw 20h ; program header entry size e_phec dw 01h ; program header entries count e_shes dw 00h e_shec dw 00h e_shsn dw 00h elf_ph: p_type dd 01h ; PT_LOAD p_off dd elf_head_len p_vaddr dd 0x08048000+elf_head_len p_paddr dd 0x08048000+elf_head_len p_filsz dd elf_head_len+file_len p_memsz dd elf_head_len+file_len p_flags dd 7 ; segment flags (RWX) p_align dd 0x1000 ; page_size==4096bytes elf_head_len equ $ - elf_head

I set the e_entry field field right after the p_align field, where I put my code in the generated file. But that will not work! I am a little confused by the p_offset field. I put there the offset from the beginning of the file (0x00) to the first byte of the segment code. Since the segment code begins immediately after the p_align field, do you enter the value elf_head_len correctly? When I try to run a newly created executable, bash replies: Segmentation error!

Well, I realized that I had an error in the program that caused the segmentation error. (Sorry for that). But the question remains about the p_off field, and I will also find out that if I set p_off dd 0 and p_vaddr dd 0x08048000 and p_paddr dd 0x08048000 executable. It also works if I enter p_off dd elf_head_len and p_vaddr dd 0x08048000 + elf_head_len and p_paddr dd 0x08048000 + elf_head_len. This reminds me of something that I read in the ELF Format specification about the values โ€‹โ€‹of p_off and p_vaddr, which should be congruent (that is, I think that they should give the same result when each of them is modulated with page size). This is why the program works with these values. So, now the question is: if there is an error in the above logic, please correct.

+4
source share
1 answer

The ELF specification requires that for executable files with a request, the file offset and virtual address for the segment must really match in the low order bits.

These restrictions are the same as the mmap() system call placed during mappings - it only accepts mappings with an offset in the file that is a multiple of the page size. When matching an ELF file, the segments are expanded to the nearest page border, so lower order bits are effectively ignored, except for calculating the segment size.

One possible justification for this is that the base device can already be displayed in memory - for example, a frame buffer or flash memory - in which case it will impose significant overhead to create a mapping with an offset that does not align across the page.

+2
source

Source: https://habr.com/ru/post/1341126/

More articles:


All Articles