ELF搬迁逆向工程 [英] ELF Relocation reverse engineering

问题描述

我希望你们能帮助我理解重定位条目和ELF部分数据之间的关系，以及所有这些如何处理和生成.

I am hoping you guys could help me understand how relocation entries and ELF section data are related, and how it is all processed and generated.

我有一个古老的不受支持的工具，该工具需要一个ELF文件和一个相关的PLF文件(部分链接文件，在构建过程的早期生成)，并根据该文件构建一个可自定义的可重定位文件，该文件可以在平台(PPC)上使用紧密内存限制.除包含大约一小段我们要在启动后卸载的初始化代码外，此方法工作正常.因此，我们将所有init代码放入自定义节中以进行卸载，但不幸的是，该工具无法正确处理自定义节，并且rel文件无效.因此，我的任务是制作一个新工具，以正确生成其中包含自定义部分的此可重定位文件.

I have an ancient unsupported tool that takes an ELF file and a related PLF file (partially linked file, generated earlier in the build process) and builds a custom relocatable file from it that is used on a platform (PPC) with tight memory constraints. This works fine except that it contains about a meg of initialization code that we want to unload after start up. So we put all that init code in a custom section in order to unload it, but unfortunately, the tool fails to properly handle custom sections and the rel file is invalid. So my task is to make a new tool that correctly generates this relocatable file with the custom section in it.

我使用这个工具并生成rel文件已经走得很远了，但是目前在试图弄清楚如何处理节数据和建立重定位条目等方面陷入了困境.我是高级程序员超出了我的工作范围，所以所有这些逆向工程业务对我来说都是新的(感谢互联网！).

I've gotten relatively far with this tool and generating the rel file, but am currently bogged down in trying to figure out how to process the section data and build the relocation entries, etc. I am a high-level programmer way out of my element with this task, so all this reverse engineering business is new to me (thank goodness for the internet!).

我找到了 Elf Sharp ，并以此为起点.它允许我同时加载ELF和PLF文件并与其内容进行交互.从那里开始，我大部分时候对重新定位文件的标头和内容进行了反向工程，但这远非准确.当我比较旧工具文件的版本时，我发现某些部分数据已得到修复，而我的文件使用的是直接来自PLF文件的部分数据，并且很普通.我的意思是我复制的截面数据包含大量的"48 00 00 01"，但是这些都已通过旧工具以某种方式进行了修复.这些字节的意义是什么?对它们做了什么?我还必须生成重定位条目，但是不确定如何继续.

I found Elf Sharp and used that as a starting point. It allows me to load both ELF and PLF files and interact with their contents. From there, I've reverse engineered the relocation file's header and contents for the most part, but it's far from accurate. When I compare the old tool's version of the file to mine, I find that some of the section data has been fixed up while my file uses the section data straight out of the PLF file and is plain. What I mean by this is the section data I copied over contains a ton of "48 00 00 01", but these are all fixed up in some way by the old tool. What is the significance of those bytes, and what is being done to them? I also have to generate the relocation entries but am unsure how to proceed.

我找到了一些在线处理小精灵重定位的示例，并且在我的工具中也有类似的东西正在运行，但是我仍然不清楚我到底应该做什么.对于所有重定位类型及其公式，我都有很好的资源(第4.12.5章

I found a few examples of processing elf relocations online, and I have something similar up and running in my tool, but I'm still pretty unclear just what exactly I am supposed to be doing. I have a good resource for all the relocation types and their formulas (chapter 4.12.5 here), but I'm still not quite sure what offsets, sections info, etc I should be using.

TL; DR

• 您能帮助我直观地了解这些重定位条目的实际情况，如何生成和处理这些重定位条目以及在执行程序时如何使用它们吗?

• Can you help me visualize what exactly is happening with these relocation entries, how it is all generated and processed, and how it is used when the program is executed?

对节数据中的所有"48 00 00 01"字都做了什么?我假设已经使用适当的符号解决了这些问题，但是这是怎么做的呢?使用.rela信息?

What has been done to all the "48 00 00 01" words in the section data? I'm assuming they've been resolved with the appropriate symbols, but how was this done? Using the .rela information?

此外，我不确定何时应该使用PLF内容以及何时应该使用ELF内容.我想我只需要ELF即可获取加载地址和分段信息.

Also, I'm not sure when I should use the PLF contents and when I should use the ELF contents. I think I only need the ELF to get the load address and segment information.

当我生成重定位修正程序(在PPC上)时，如何准确评估重定位类型方程式?在这一点上，我在网上提到的示例并不直观.我对偏移量感到困惑-您从Elf32_Rela获得了一个偏移量，但是您修改了那个偏移量吗?用来记录修正结果的偏移量是多少?加数到底是什么?我还没有在网上找到任何能启发人的东西.

When I generate the relocation fixups (on PPC), how exactly do I evaluate the relocation type equations? The examples I referred to online are not intuitive on that point. I'm confused with the offsets - you get one from Elf32_Rela, but is that the one you modify? And what is the offset that is used to record the result of the fixup? What exactly is the addend? I haven't found anything online that is all that enlightening.

一些(实际上是大多数)重定位修正文件指向几个.debug_ * 部分或.bss中的一个.我应该跳过.debug修复程序还是重要的? .bss是一个NoBits部分，那么我该如何处理呢?当涉及到实际生成重定位条目时，我了解它们是如何构造的，但是创建条目的真正原因是谁?我的意思是，我已经准备好构建它，但是我不知道从哪里开始-我是否在某个地方或什么地方遍历一些数据?

Some (actually most) of the relocation fixups point to one of several .debug_* sections or .bss. Should I skip the .debug fixups or are those important? .bss is a NoBits section so how do I handle that? And when it comes to actually generating the relocation entries, I understand how they are constructed, but who/what is actually behind making the entries? I mean, I'm ready to build it, but I don't know where to start - do I iterate over some data somewhere or what??

我应该问但还没有意识到的其他问题吗? ;)

Any other questions I should be asking but haven't yet realized it? ;)

感谢您阅读我的冗长的问题！

Thanks for reading my long winded question!

推荐答案

也许objconv工具可以提供帮助.它可以将x86 ELF文件中的重定位类型显示为转储或反汇编. http://www.agner.org/optimize/#objconv

Maybe the objconv tool can help. It can show the relocation types in x86 ELF files as dump or disassembly. http://www.agner.org/optimize/#objconv

这篇关于ELF搬迁逆向工程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！