12

Suppose the binary is PIC, how can I load it into memory and execute the entry point? I'm doing this to get familiar with ELF so execve is not allowed.

Improve this question
3
  • This is a very important task that requires knowledge about much more than just ELF. You might want to make an ELF file parser rather than a full-blown loader to get familiar with the format. You'll need a parser anyways to get the address of the main function. Commented Jul 2, 2011 at 2:57
  • Interesting question but I hesitate to give +1 because it's very terse and doesn't provide much information on your background, what you've already read or tried, etc... Commented Jul 2, 2011 at 4:44
  • Read the kernel source, it's pretty clear: stackoverflow.com/questions/8352535/… Commented Jul 13, 2015 at 22:12

1 Answer 1

Reset to default
11

These are the basic steps:

  1. Read the program headers to find the LOAD directives and determine the total length of mappings you'll need, in pages.
  2. Map the lowest-address LOAD directive with the total length (which may be greater than the file length), letting mmap assign you an address. This will reserve contiguous virtual address space.
  3. Map the remining LOAD directives over top of parts of this mapping using MAP_FIXED.
  4. Use the program headers to find the DYNAMIC vector, which will in turn give you the address of the relocation vector(s).
  5. Apply the relocations. Assuming your binary was a static-linked PIE binary, they should consist entirely of RELATIVE relocations (just adding the base load address), meaning you don't have to perform any symbol lookups or anything fancy.

  6. Construct an ELF program entry stack consisting of the following sequence of system-word-sized values in an array on the stack:

    ARGC ARGV[0] ARGV[1] ... ARGV[ARGC-1] 0 ENVIRON[0] ENVIRON[1] ... ENVIRON[N] 0 0

  7. (This step requires ASM!) Point the stack pointer at the beginning of this array and jump to the loaded program's entry point address (which can be found in the program headers).

Improve this answer
Sign up to request clarification or add additional context in comments.

12 Comments

Er, I thought the point of it being position independent code is it doesn't have relocations - it has global offset table or whatever.
@Random832 ,will I still be able to implement a loader and execute the binary if it's not PIC in the first place?
@Random832: You always have the potential for data relocations. How else could static int x, *y=&x; work? And of course the GOT is full of relocations. The only way to avoid having any relocations is to avoid having any global data.
@R..: I don't think a statically-linked non-PIE executable needs any relocation.
@R..: you should also pass the auxv array to the program.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.