如何手动加载和执行ELF二进制可执行文件? [英] How do I load and execute an ELF binary executable manually?

问题描述

假设二进制文件是PIC，如何将其加载到内存中并执行入口点?我这样做是为了熟悉ELF，因此不允许 execve .

Suppose the binary is PIC, how can I load it into memory and execute the entry point? I'm doing this to get familiar with ELF so execve is not allowed.

推荐答案

以下是基本步骤:

1. 阅读程序标题以找到LOAD指令，并确定所需的映射总长度(以页为单位).
2. 将最低地址的LOAD指令与总长度(可能大于文件长度)映射，让 mmap 为您分配一个地址.这将保留连续的虚拟地址空间.
3. 使用 MAP_FIXED 将刷新的LOAD指令映射到此映射的顶部.
4. 使用程序头找到 DYNAMIC 向量，这将为您提供重定位向量的地址.
5. 应用重定位.假设您的二进制文件是静态链接的PIE二进制文件，则它们应完全由 RELATIVE 重定位(只需添加基本加载地址)组成，这意味着您不必执行任何符号查找或任何花哨的操作./li>

6. 在堆栈上的数组中构造一个ELF程序条目堆栈，该堆栈由以下系统字大小的值序列组成:

1. Read the program headers to find the LOAD directives and determine the total length of mappings you'll need, in pages.
2. Map the lowest-address LOAD directive with the total length (which may be greater than the file length), letting mmap assign you an address. This will reserve contiguous virtual address space.
3. Map the remining LOAD directives over top of parts of this mapping using MAP_FIXED.
4. Use the program headers to find the DYNAMIC vector, which will in turn give you the address of the relocation vector(s).
5. Apply the relocations. Assuming your binary was a static-linked PIE binary, they should consist entirely of RELATIVE relocations (just adding the base load address), meaning you don't have to perform any symbol lookups or anything fancy.

6. Construct an ELF program entry stack consisting of the following sequence of system-word-sized values in an array on the stack:

ARGC ARGV[0] ARGV[1] ... ARGV[ARGC-1] 0 ENVIRON[0] ENVIRON[1] ... ENVIRON[N] 0 0

(此步骤需要ASM！)将堆栈指针指向此数组的开头，并跳转到已加载程序的入口点地址(可以在程序头中找到).

(This step requires ASM!) Point the stack pointer at the beginning of this array and jump to the loaded program's entry point address (which can be found in the program headers).

这篇关于如何手动加载和执行ELF二进制可执行文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！