Outline. Outline. Common Linux tools to explore object/executable files. Revealing Internals of Loader. Zhiqiang Lin

Similar documents
Fixing/Making Holes in Binaries

CS5460/6460: Operating Systems. Lecture 21: Shared libraries. Anton Burtsev March, 2014

Lecture 4 Processes. Dynamic Analysis. GDB

July 14, EPITA Systems/Security Laboratory (LSE) Code sandboxing. Alpha Abdoulaye - Pierre Marsais. Introduction. Solutions.

CS140 - Summer Handout #8

Assembly Language Programming Linkers

CS2141 Software Development using C/C++ Libraries

Executables and Linking. CS449 Spring 2016

Today s Big Adventure

A tale of ELFs and DWARFs

Outline. Unresolved references

Linkers and Loaders. CS 167 VI 1 Copyright 2008 Thomas W. Doeppner. All rights reserved.

Protecting Against Unexpected System Calls

Today s Big Adventure

Executables and Linking. CS449 Fall 2017

ECE 598 Advanced Operating Systems Lecture 10

Process Address Spaces and Binary Formats

CIT 595 Spring System Software: Programming Tools. Assembly Process Example: First Pass. Assembly Process Example: Second Pass.

Department of Computer Science and Engineering Yonghong Yan

Lecture 8: linking CS 140. Dawson Engler Stanford CS department

A recompilation and instrumentation-free monitoring architecture for detecting heap memory errors and exploits

Exercise Session 7 Computer Architecture and Systems Programming

Laboratorio di Programmazione. Prof. Marco Bertini

My ld.so. Version 1 5 December Epita systems/security laboratory 2018

Midterm. Median: 56, Mean: "midterm.data" using 1:2 1 / 37

Laboratorio di Tecnologie dell'informazione

Incremental Linking with Gold

System V Application Binary Interface Linux Extensions Version 0.1

(Extract from the slides by Terrance E. Boult

Relocating Symbols and Resolving External References. CS429: Computer Organization and Architecture. m.o Relocation Info

Link 8.A Dynamic Linking

CS429: Computer Organization and Architecture

CPEG421/621 Tutorial

Process Environment. Pradipta De

12: Memory Management

[07] SEGMENTATION 1. 1

Automatic Porting of Binary File Descriptor Library

Operating Systems CMPSC 473. Process Management January 29, Lecture 4 Instructor: Trent Jaeger

A Simplistic Program Translation Scheme

Generic Programming in C

Automatic Porting of Binary File Descriptor Library

Process Address Spaces and Binary Formats

Making Address Spaces Smaller

Shared Libraries: The Dynamic Linker

CS 33. Libraries. CS33 Intro to Computer Systems XXIX 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.

CS 33. Libraries. CS33 Intro to Computer Systems XXVIII 1 Copyright 2018 Thomas W. Doeppner. All rights reserved.

Machine Language, Assemblers and Linkers"

Link 8. Dynamic Linking

Obtained the source code to gcc, one can just follow the instructions given in the INSTALL file for GCC.

Separate compilation. Topic 6: Runtime Environments p.1/21. CS 526 Topic 6: Runtime Environments The linkage convention

Laboratorio di Programmazione. Prof. Marco Bertini

Systems Programming. Fatih Kesgin &Yusuf Yaslan Istanbul Technical University Computer Engineering Department 18/10/2005

Embedded Systems Programming

3.3 Machine-Independent Loader Features

Miscellaneous C-programming Issues

CS 201 Linking Gerson Robboy Portland State University

CS631 - Advanced Programming in the UNIX Environment

Dynamic libraries explained

Machine Instructions - II. Hwansoo Han

CS140 Final Review. March 16, 2018

Building a Runnable Program and Code Improvement. Dario Marasco, Greg Klepic, Tess DiStefano

COMPUTER ORGANIZATION AND DESIGN

Compilation, Disassembly, and Profiling (in Linux)

Main Memory. CISC3595, Spring 2015 X. Zhang Fordham University

COS 318: Operating Systems. Overview. Andy Bavier Computer Science Department Princeton University

Linking Oct. 15, 2002

Systems I. Linking II

CS3214 Spring 2017 Exercise 2

Laboratorio di Programmazione. Prof. Marco Bertini

P.G.TRB - COMPUTER SCIENCE. c) data processing language d) none of the above

Generating Programs and Linking. Professor Rick Han Department of Computer Science University of Colorado at Boulder

Compila(on, Disassembly, and Profiling

toorcon 2004 Hooking the Linux ELF Loader Richard Johnson

ECE 471 Embedded Systems Lecture 4

Architecture II. Computer Systems Laboratory Sungkyunkwan University

Language Translation. Compilation vs. interpretation. Compilation diagram. Step 1: compile. Step 2: run. compiler. Compiled program. program.

CSE 2421: Systems I Low-Level Programming and Computer Organization. Linking. Presentation N. Introduction to Linkers

Prelinker Usage for MIPS Cores CELF Jamboree #11 Tokyo, Japan, Oct 27, 2006

1. Static Linking. CS3214 Spring 2012 Exercise 5

Process Address Spaces and Binary Formats

Communicating with People (2.8)

143A: Principles of Operating Systems. Lecture 4: Linking and Loading (Basic architecture of a program) Anton Burtsev October, 2018

COS 318: Operating Systems

Errors During Compilation and Execution Background Information

Today s Big Adventure

MIPS Instruction Set Architecture (2)

238P: Operating Systems. Lecture 4: Linking and Loading (Basic architecture of a program) Anton Burtsev October, 2018

Linking Oct. 26, 2009"

9/19/18. COS 318: Operating Systems. Overview. Important Times. Hardware of A Typical Computer. Today CPU. I/O bus. Network

LINKING. Jo, Heeseung

Compiler Drivers = GCC

Midterm results Mean: 43, median: 40

Main Memory. ICS332 Operating Systems

COSC Software Engineering. Lecture 19: Linkers, Loaders, & Libraries

Computer Organization: A Programmer's Perspective

ECE 598 Advanced Operating Systems Lecture 11

Android Dynamic Linker - Marshmallow

Lec 13: Linking and Memory. Kavita Bala CS 3410, Fall 2008 Computer Science Cornell University. Announcements

Linking and Loading. ICS312 - Spring 2010 Machine-Level and Systems Programming. Henri Casanova

Introduction Mapping the ELF Pinpointing Fragmentation Evaluation Conclusion. Bin-Carver. Automatic Recovery of Binary Executable Files

Transcription:

CS 6V81-05: System Security and Malicious Code Analysis Revealing Internals of Loader Zhiqiang Lin Department of Computer Science University of Texas at Dallas March 28 th, 2012 Common Linux tools to explore object/executable files ar: creates static libraries. objdump: this is the most important binary tool; it can be used to display all the information in an object binary file. strings: list all the printable strings in a binary file. nm: lists the symbols defined in the symbol table of an object file. ldd: lists the shared libraries on which the object binary is dependent. strip: deletes the symbol table information.

ELF Views Split ELF Views - Split ELF Linking View - Important Sections Program Headers ELF Header File Contents Section Headers.interp.dynamic.symtab,.dynsym.strtab,.dynstr.plt.rel.<x>.text.data Requested Dynamic linker Dynamic linking information Symbols (static/dynamic) String tables Procedure linkage table Relocations for section x Code Initialized data 2012/3/24 Zhiqiang Lin, Nanjing University 1 ELF Loading View ELF Loading View - Segment Types Much simpler view, divides executable into Segments INTERP LOAD LOAD DYNAMIC Describes Parts of file to be loaded into memory at run time Locations of important data at run time Segments have: LOAD INTERP DYNAMIC Portion of file to be loaded into memory Pointer to dynamic linker for this executable (.interp section) Pointer to dynamic linking information (.dynamic section) A simple type Requested memory location Permissions (R/W/X) Size (in file and in memory)

ELF Loading View Loading and Executing an ELF Executable Semantics of section table (Linking View) are irrelevant in Loading View Section information can be removed from executable Operating system routines to load executable and begin execution 82 /* 83 * This structure defines the functions that are used to load the binary 84 * formats that linux accepts. 85 */ 86 struct linux_binfmt { 87 struct list_head lh; 88 struct module *module; 89 int (*load_binary)(struct linux_binprm *, struct pt_regs * regs); 90 int (*load_shlib)(struct file *); 91 int (*core_dump)(struct coredump_params *cprm); 92 unsigned long min_coredump; /* minimal dump size */ 93 }; File opened Map LOAD segments into to memory Calls the dynamic linker specified in the INTERP segment, passing information about the executable Dynamic Linker/Loader Handles all of the dynamic/shared library needs of executable Retrieves information from the DYNAMIC segment Loads all required shared libraries into memory Modifies executable such that it can access needed resources in the libraries

The Procedure Linkage Table (PLT) The Procedure Linkage Table The Procedure Linkage Table Stored in the.plt section Allows executables to call functions that aren t present at compile time Shared library functions (e.g printf()) Set of function stubs Relocations point them to real location of the functions Normally relocated lazily Program... printf("hello!\n");... PLT printf() stub libc.so.6 printf() 2012/3/24 Zhiqiang Lin, Nanjing University 14 GOT and PLT PLT and Lazy Binding Global offset table and procedure linkage table are used for shared libraries. All calls within the program to a particular routine are adjusted to be calls to the routine s entry in the PLT. The first time the program calls a routine, the PLT entry calls the run-time linker to resolve the actually address of the routine. After that, the PLT entry jumps directly to the actual address. So, after the first call, the cost of using the PLT is a single indirect jump at a procedure call and nothing at return.

PLT Details Fig. PLT Structure Code The first entry in the PLT, which is called PLT0, is special code to call the dynamic linker. At load time, the dynamically linker automatically places two values in the GOT. At GOT+4, it puts a code that identifies the particular library. At GOT+8, it puts the address of the dynamic linker s symbol resolution routine. The rest of PLT entries, which we call PLTn, each starts with an indirect jump through a GOT entry that is initially set to point to the push instructions in the PLT entry that follows the jmp. Summary NAME ld.so/ld-linux.so - dynamic linker/loader DESCRIPTION ld.so loads the shared libraries needed by a program, prepares the program to run, and then runs it. Unless explicitly specified via the -static option to ld during compilation, all Linux programs are incomplete and require further linking at run time. The necessary shared libraries needed by the program are searched for in the following order: Using the environment variable LD_LIBRARY_PATH Except if the executable is a setuid/setgid binary, in which case it is ignored. From the cache file /etc/ld.so.cache which contains a compiled list of candidate libraries previously found in the augmented library path. In the default path /lib, and then /usr/lib.

References http://www.linuxjournal.com/article/6463 http://netwinder.osuosl.org/users/p/patb/ public_html/elf_relocs.html http://en.wikipedia.org/wiki/linker_(computing) Linker and Loader http://v2.cache7.c.bigcache.googleapis.com/ books.lihui.org/cs2/linkers_and_loaders.pdf

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback