位置独立的可执行文件和Android [英] Position Independent Executables and Android

问题描述

我已经编写了一个.c源代码(在Eclipse中)，该源代码使用libcap库来获取与网络流量有关的信息.现在，我已经在Eclipse中使用ndk-build创建了一个可执行二进制文件.我已将在libs/armeabi文件夹中创建的二进制文件推送到我的android的/data/local/文件夹中(根目录为nexus 5，Lollipop)，并尝试执行该二进制文件.但是android抛出此错误

I have written a .c source code (in Eclipse) which is using libcap library to get information related to network traffic. Now i have created an executable binary by using ndk-build in Eclipse. I have pushed the created binary in libs/armeabi folder to /data/local/ folder of my android (rooted nexus 5, Lollipop) and tried to execute the binary. but android is throwing this error

错误:仅支持与位置无关的可执行文件(PIE)

Error: only position independent executables (PIE) are supported

我对PIE一无所知，请告诉我如何创建与位置无关的可执行文件.

I don't know anything about PIE, Please tell me how to create a position independent executable.

推荐答案

我对PIE一无所知，请告诉我如何创建与位置无关的可执行文件.

I don't know anything about PIE, Please tell me how to create a position independent executable.

位置独立的可执行文件(PIE)允许程序重定位，就像共享对象一样.每次运行该程序时，都可以将其加载到不同的地址，从而使攻击者更难猜测特定的程序状态.

Position Independent Executable or PIE allows a program to be relocated, just like a shared object. At each run of the program, the program can be loaded at different addresses to make it harder for an attacker to guess certain program state.

您可以使用以下两种方法之一来编译和链接PIE可执行文件.首先，使用-fPIE编译所有内容，并使用-pie进行链接.第二个是使用-fPIC编译所有内容，并使用-pie链接.

You can compile and link a PIE executable in one of two ways. First, compile everything with -fPIE and link with -pie. The second is to compile everything with -fPIC and link with -pie.

如果要同时构建共享库和程序，请使用-fPIC编译所有内容.用-shared链接共享对象，并用-pie链接程序.

If you are building both a shared object and a program, then compile everything with -fPIC. Link the shared object with -shared, and link the program with -pie.

您无法以其他方式做到这一点.也就是说，您不能使用-fPIE编译所有内容，也不能构建共享对象和程序.有关详细信息，请参阅GCC手册中的代码生成选项.

You cannot do it the other way. That is, you cannot compile everything with -fPIE and build both a shared object and a program. For the details, see Code Generation Options in the GCC manual.

在Android上需要注意的一件事:在4.1之前的版本中使用PIE进行构建会导致/system/bin/linker中的分段错误. PIE是在Android 4.1上添加的，它会使次要版本崩溃.

One thing to watch out for on Android: building with PIE prior to 4.1 will cause a segmentation fault in /system/bin/linker. PIE was added at Android 4.1, and it crashes lesser versions.

有人告诉我提供一个自定义链接/加载程序以避免此问题，但目前无法找到引用.

Someone told me to supply a custom link/loader to avoid the problem, but I can't find the reference at the moment.

另请参见 Android 1.5至4.1中的安全性增强功能.

错误:仅支持与位置无关的可执行文件(PIE)

Error: only position independent executables (PIE) are supported

是的，这是棒棒糖功能.请参见 Android 5.0中的安全性增强功能.

Yes, that's a Lollipop feature. See Security Enhancements in Android 5.0.

您可以使用readelf来检查程序是否使用PIE构建:

You can check if a program is built with PIE using readelf:

$ readelf -l my-prog | grep -i "file type"
Elf filetype is DYN (shared object file)

重要的部分是readelf正在报告 DYN ，而不是报告 EXE . EXE表示它缺少PIE，应该触发与安全相关的缺陷.

The important part is readelf is reporting DYN, and not reporting EXE. EXE means it lacks PIE, and that should trigger a security related defect.

相关信息，请参阅 PIE(与位置无关的可执行文件)以获取Android 4.0(ICS)支持的主要可执行文件吗?

这篇关于位置独立的可执行文件和Android的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！