Meaning, when I load an executable from the file system into a memory buffer, how do I obtain the main entry point, reinterpret_cast my way to that function pointer type, and run it?
Do I need to dig into the ELF file format docs/Os Dev wiki or something? How insanely hard is this?
#How do I implement exec manually, but without overriding the entire current process?
velvet knoll
mortal juniperBOT
glass sphinx
how were you planning to load an executable without knowing about the format?
theoretically I think its possible
although you would need to basically parse the entire elf file and load each segment into memory in the right places and do all the address fixes yourself
a lot of messing with mmap
idk if there are any libraries to help
there probably are
velvet knoll
idk if there are any libraries to help
not looking for libraries, I want to learn
velvet knoll
how were you planning to load an executable without knowing about the format?
that's what I asked, how do I locate the main entry point
tulip tinsel
At the bare minimum:
- verify some fields to make sure the file is a correct elf executable
- check if it's a ELFCLASS32 or ELFCLASS64 file, which determines the size of some of the basic types used in the headers
- read the program headers at e_phoff (e_phnum entries of e_phentsize) and check the p_type field
- for each PT_LOAD entry:
- read p_filesz bytes from p_offset and load them into memory at p_vaddr using p_flags and p_align to determine memory access and required alignment
- if p_memsz is larger than p_filesz, pad the segments memory with 0s
- start code execution at e_entry
Probably need to do some dynamic linking stuff as well since most binaries don't run in a vacuum
glass sphinx
that's what I asked, how do I locate the main entry point
you can't just find the entry point and start executing it. You need to load the entire executable. Because the code will assume certain things about the layout of its memory. It may also have relocations, although im not 100% on the ELF file format. You also need to make sure dynamic dependencies are loaded too.
Its not a simple tast
carmine dew
An executable file isn't just a process dumped to memory. It's a file containing instructions on how to create a process. Similarly you can't just load a jpg into memory and point at the first pixel, because that's not how jpgs work. You'd have to pick a format, read about how they represented what and implement the instructions, including linking and such.
You could look at how others did it for inspiration.
mortal juniperBOT
velvet knoll
At the bare minimum:
- verify some fields to make sure the file is a correct elf...
read the program headers at e_phoff (e_phnum entries of e_phentsize) and check the p_type field
uhhhhhh, these aren't unsigned char, these are larger, what is the endianness ?
is that EI_DATA ?
nimble sorrel
I'm not sure you have the privilege to load a new program in your user space and run it correctly... ðŸ’
Why do you need it?
velvet knoll
I'm not sure you have the privilege to load a new program in your user space and...
bruh if I really wanted to, I would have used system, or fork and execvp, that's too ez
I want to learn how to run ELFs manually
velvet knoll
@tulip tinsel
is that the way to decrypt the endianness?
cyan creek
but it's not encrypted
velvet knoll
but it's not encrypted
to read*
velvet knoll
An executable file isn't just a process dumped to memory. It's a file containing...
So, I have been digging in the man page of elf
I am trying to parse /usr/lib/ls
and I programatically find that its e_type is ET_DYN
what does that mean???
ls is not a shared library, ls is an 64-bit ELF executable on my system
carmine dew
From what I understand the OS still has to link things to it, for example allocation functions.
Most programs will need some OS function.
velvet knoll
From what I understand the OS still has to link things to it, for example alloca...
so, when exactly is it ET_EXEC and when exactly is it ET_DYN
carmine dew
🤷
velvet knoll
k, so I will assume ET_DYN is acceptable, and move on
carmine dew
Maybe it'll be an executable file if it doesn't require further linking.
And it does its OS things via interrupts.
velvet knoll
And it does its OS things via interrupts.
maybe I will ask you how to create an executable with literally 0 dependencies on shared libraries later
carmine dew
I'm not the right person to ask to that 😅
I know the theory from operating systems class, but if you're looking to actually implement things there will be important things missing.
velvet knoll
I'm not the right person to ask to that 😅
I know the theory from operating sys...
HoW ArE YoU An ExPeRt ThEn?
jk
nimble sorrel
Why not impl your own os to know more about the new process exec? 💠I bet that it must be related and helpful.
velvet knoll
Why not impl your own os to know more about the new process exec? 💠I bet that ...
implementing an entire OS requires implementing a process scheduler, virtual addressing for each process, hardware drivers, GUI, and many other things I don't know and I don't care about right now
I only care about running ELF manually
note, this is not an emulation of an entire CPU architecture, this is running a native binary on a native machine, no crossplatform bullshit
velvet knoll
okayyyyyyyyyyyyyy I have parsed the elf header
of /usr/bin/ls at least
now, to iterate over those, uhhh, what were they called
program headers
yes
velvet knoll
@carmine dew
Yo, so I tried to obtain the program headers, but obtaining the count of the program headers requires reading the section headers, which are described later in the man page of elf, why is this man page's parts so wrongly ordered?
carmine dew
They are man pages and mandated to be useless. May as well ask why Linux is hostile to users 🤡