位置无关的可执行文件和 Android [英] Position Independent Executables and Android
问题描述
我编写了一个 .c 源代码(在 Eclipse 中),它使用 libcap 库来获取与网络流量相关的信息.现在我在 Eclipse 中使用 ndk-build 创建了一个可执行二进制文件.我已将 libs/armeabi 文件夹中创建的二进制文件推送到我的 android 的/data/local/文件夹(root nexus 5,Lollipop)并尝试执行该二进制文件.但是android正在抛出这个错误
I have written a .c source code (in Eclipse) which is using libcap library to get information related to network traffic. Now i have created an executable binary by using ndk-build in Eclipse. I have pushed the created binary in libs/armeabi folder to /data/local/ folder of my android (rooted nexus 5, Lollipop) and tried to execute the binary. but android is throwing this error
错误:仅支持与位置无关的可执行文件 (PIE)
Error: only position independent executables (PIE) are supported
我对 PIE 一无所知,请告诉我如何创建与位置无关的可执行文件.
I don't know anything about PIE, Please tell me how to create a position independent executable.
推荐答案
我对 PIE 一无所知,请告诉我如何创建与位置无关的可执行文件.
I don't know anything about PIE, Please tell me how to create a position independent executable.
Position Independent Executable 或 PIE 允许重新定位程序,就像共享对象一样.在程序的每次运行中,可以将程序加载到不同的地址,从而使攻击者更难猜测某些程序状态.
Position Independent Executable or PIE allows a program to be relocated, just like a shared object. At each run of the program, the program can be loaded at different addresses to make it harder for an attacker to guess certain program state.
您可以通过以下两种方式之一编译和链接 PIE 可执行文件.首先,使用-fPIE 编译所有内容并使用-pie 链接.第二种是用-fPIC编译一切,用-pie链接.
You can compile and link a PIE executable in one of two ways. First, compile everything with -fPIE and link with -pie. The second is to compile everything with -fPIC and link with -pie.
如果您同时构建共享对象和程序,则使用 -fPIC 编译所有内容.用-shared链接共享对象,用-pie链接程序.
If you are building both a shared object and a program, then compile everything with -fPIC. Link the shared object with -shared, and link the program with -pie.
你不能这样做.也就是说,您无法使用 -fPIE 编译所有内容并构建共享对象和程序.有关详细信息,请参阅 GCC 手册中的 代码生成选项.
You cannot do it the other way. That is, you cannot compile everything with -fPIE and build both a shared object and a program. For the details, see Code Generation Options in the GCC manual.
在 Android 上需要注意的一点:使用 4.1 之前的 PIE 构建会导致 /system/bin/linker 中的分段错误.PIE 是在 Android 4.1 中添加的,它会导致较低版本崩溃.
One thing to watch out for on Android: building with PIE prior to 4.1 will cause a segmentation fault in /system/bin/linker. PIE was added at Android 4.1, and it crashes lesser versions.
有人告诉我提供自定义链接/加载器以避免该问题,但我目前找不到参考.
Someone told me to supply a custom link/loader to avoid the problem, but I can't find the reference at the moment.
另请参阅Android 1.5 到 4.1 中的安全增强功能.
错误:仅支持与位置无关的可执行文件 (PIE)
Error: only position independent executables (PIE) are supported
是的,这是棒棒糖的功能.请参阅 Android 5.0 中的安全增强功能.
Yes, that's a Lollipop feature. See Security Enhancements in Android 5.0.
您可以使用 readelf 检查程序是否使用 PIE 构建:
You can check if a program is built with PIE using readelf:
$ readelf -l my-prog | grep -i "file type"
Elf filetype is DYN (shared object file)
重要的部分是 readelf 正在报告 DYN,而不是报告 <代码>EXE.EXE 表示它缺少 PIE,应该会触发安全相关缺陷.
The important part is readelf is reporting DYN, and not reporting EXE. EXE means it lacks PIE, and that should trigger a security related defect.
相关,请参阅Android 4.0 (ICS) 支持的主要可执行文件的 PIE(位置无关可执行文件)吗?
这篇关于位置无关的可执行文件和 Android的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
