嘿,我手工创建了一个ELF文件,它有两个部分(.text和.shstrtab)和一个加载.text部分的程序头..text部分非常小,它只包含以下三条指令......
# and exit
movl $0,%ebx # first argument: exit code
movl $1,%eax # system call number (sys_exit)
int $0x80 # call kernel
当我在这个elf文件上运行时,readelf不会抱怨.如果我执行此文件,那么一旦执行它,它就会被杀死并且屏幕上会出现"Killed"消息.我在stackoverflow上看到了以下帖子,我仍然会经历它.
现在我担心的是这个程序不会要求任何(额外的)内存,而且是否真的可以手动执行ELF并期望系统可以容忍它?
谢谢,
Mat*_*ery 11
该ELF加载器可以发送SIGKILL到您的过程有多种原因; 你可能在标题中的某个地方有一个糟糕的地址和/或长度.
例如,一个PT_LOAD段必须将可执行文件的相应部分映射到一个合理的地址(x86 Linux的通常地址是0x08048000,尽管这可能并不重要,只要它是页面对齐,而不是0,而不是太高)和两者中的地址该.text节头和ELF头的入口点需要与匹配.
没有理由你不能手工完成这个(如果链接器可以创建它,你也可以!) - 如果你真的想要.但请注意,如果您只是组装然后链接与剥离的符号(下面的-s标志ld):
$ cat exit.s
.globl _start
_start:
movl $0,%ebx
movl $1,%eax
int $0x80
$ as -o exit.o exit.s
$ ld -s -o exit exit.o
$ ./exit
$ hexdump -Cv exit
00000000 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 03 00 01 00 00 00 54 80 04 08 34 00 00 00 |........T...4...|
00000020 74 00 00 00 00 00 00 00 34 00 20 00 01 00 28 00 |t.......4. ...(.|
00000030 03 00 02 00 01 00 00 00 00 00 00 00 00 80 04 08 |................|
00000040 00 80 04 08 60 00 00 00 60 00 00 00 05 00 00 00 |....`...`.......|
00000050 00 10 00 00 bb 00 00 00 00 b8 01 00 00 00 cd 80 |................|
00000060 00 2e 73 68 73 74 72 74 61 62 00 2e 74 65 78 74 |..shstrtab..text|
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000090 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 |................|
000000a0 01 00 00 00 06 00 00 00 54 80 04 08 54 00 00 00 |........T...T...|
000000b0 0c 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 |................|
000000c0 00 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 |................|
000000d0 00 00 00 00 60 00 00 00 11 00 00 00 00 00 00 00 |....`...........|
000000e0 00 00 00 00 01 00 00 00 00 00 00 00 |............|
000000ec
$
...然后结果是相当小的(可能足够小,以与你失败的手工文件比较,看看你哪里出错了).
| 归档时间: |
|
| 查看次数: |
1842 次 |
| 最近记录: |