开始和结尾
前言
已经存在类似的问题,但是到目前为止,我发现的问题是特定于给定工具链的(此解决方案与GCC一起使用,但与给定格式无关) ( a>是特定于MACH-O)。我仅出于熟悉度而在这个问题中标记了小精灵,但是我试图将其视为“便携式”解决方案,以合理地解决其他平台。与GCC和兼容GCC兼容的工具链(例如Mingw和Clang)可以做的任何事情都足够了。
问题
我有一个精灵部分,其中包含一个可重新定位的“小工具”集合,该集合将被复制/注入可以执行它们的东西。它们完全可以重新定位,因为本节的原始字节可以逐字复制(例如memcpy)到任何[正确对齐]内存位置,几乎没有重置处理(由注射器完成)。问题在于我没有一种可移植方式来确定此部分的大小。我可以通过使用- section-start“作弊”,并直接确定一个开始地址,但这感觉有些骇人听闻,我仍然没有办法获得该部分的结尾/尺寸。
概述
本节中的大多数小工具都是在组装中书写的,因此该部分本身在此宣布。没有语言被标记,因为我试图使用此语言,并使其适用于各种体系结构/平台。我为每个组件提供了单独的程序集来源(例如ARM,AARCH64,X86_64等)。
; The injector won't be running this code, so no need to be executable.
; Relocations (if any) will be done by the injector.
.section gadgets, "a", @progbits
...
用C编写的“重型”代码越多,并通过部分属性编译。
__attribute__((section("gadgets")))
void do_totally_innocent_things();
替代方案
从技术上讲,我根本不需要使用这样的部分。相反,我可以找出小工具中每个函数的末端,然后复制这些功能。我认为使用部分将是一种更简单的方法,可以将所有内容保持在一个模块化重新定位的捆绑包中。
Foreword
There already exist questions like this one, but the ones I have found so far were either specific to a given toolchain (this solution works with GCC, but not with Clang), or specific to a given format (this one is specific to Mach-O). I tagged ELF in this question merely out of familiarity, but I'm trying to figure out as "portable" a solution as reasonably possible, for other platforms. Anything that can be done with GCC and GCC-compatible toolchains (like MinGW and Clang) would suffice for me.
Problem
I have an ELF section containing a collection of relocatable "gadgets" that are to be copied/injected into something that can execute them. They are completely relocatable in that the raw bytes of the section can be copied verbatim (e.g. by memcpy) to any [correctly aligned] memory location, with little to no relocation processing (done by the injector). The problem is that I don't have a portable way of determining the size of such a section. I could "cheat" a little by using --section-start, and outright determine a start address, but that feels a little hacky, and I still wouldn't have a way to get the section's end/size.
Overview
Most of the gadgets in the section are written in assembly, so the section itself is declared there. No languages were tagged because I'm trying to be portable with this and get it working for various architectures/platforms. I have separate assembly sources for each (e.g. ARM, AArch64, x86_64, etc).
; The injector won't be running this code, so no need to be executable.
; Relocations (if any) will be done by the injector.
.section gadgets, "a", @progbits
...
The more "heavy duty" code is written in C and compiled in via a section attribute.
__attribute__((section("gadgets")))
void do_totally_innocent_things();
Alternatives
I technically don't need to make use of sections like this at all. I could instead figure out the ends of each function in the gadget, and then copy those however I like. I figured using a section would be a more straightforward way to go about it, to keep everything in one modular relocatable bundle.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我不确定您是否考虑过这一点,或者这是不可能的,但是您可以阅读精灵标题。
这将是一种“通用”,因为您可以使用Mach-O二进制文件做同样的事情,
因此:
创建'custom_sect'''''''''''''
这些会累加到12或0xc字节如果我们阅读标题,我们可以确认:
带有readelf 的大小
,这是ELF可录取中的部分表示: ELF部分表示
因此,每个部分都会具有自己的大小属性
I'm not sure if you considered this or this is out of picture but you could read the elf headers.
This would be sort of 'universal' as you can do the same thing with Mach-O binaries
So for example:
Creating 3 integer variables inside the 'custom_sect' section
These would add up to 12 or 0xC bytes which if we read the headers we can confirm:
Size with readelf
and here is how a section is represented in the ELF executables: ELF section representation
So each section will have its own size property which you can just read out