ELF Hacks

我喜欢基于代码片段的学习,之前学习过一些binutils和其他处理ELF的工具的奇技淫巧,了解到很多概念,比如weak symbol、common section、RPATH、把资源文件嵌入ELF等,昨天创建了一个项目https://github.com/MaskRay/ElfHacks整理了很多自包含的例子。

# Program Description
backtrace gcc backtrace(3)
bss-section-in-c-and-c++ gcc/g++ .bss
gcc-attribute-alias gcc alias attribute emits an alias for another symbol
gcc-nostdlib gcc do not use standard system startup files or libraries
gcc-pie gcc produce a position independent executable (IMHO, like PIC+Bsymbolic)
gcc-static gcc statically linked executable
g++-inline-means-weak-symbol g++ inline functions translated to weak symbols
implicit-inline-member-function g++ member functions defined in classes are implicitly inline
ld-Bsymbolic ld -Bsymbolic binds references to local symbols
ld-dy-dn ld -dn makes ld link against static libraries
ld-execstack ld -z execstack and NX bit
ld-export-dynamic ld --export-dynamic makes executables export dynamic symbols
ld-now ld -z now tells ld.so to resolve symbols immediately
ld-rpath ld -rpath sets DT_RUNPATH which adds a directory to runtime library search path
ld-whole-archive ld --whole-archive includes every object files (not only those which are required)
ld-wrap ld --wrap makes undefined references to SYMBOL be resolved to __wrap_SYMBOL
LD_BIND_NOW ld.so resolve all symbols at startup instead of deferring resolution to the first call
LD_PROFILE ld.so profile a shared library
LD_TRACE_LOADED_OBJECTS ld.so list dynamic library dependencies rather than running
as-syscall as make syscalls in x86-64 assembly
as-syscall-i386 as make syscalls in i386 assembly
shellcode-in-c gcc,objcopy write shellcode in c using gcc & objcopy
objcopy-link-blob objcopy link blob into executable
libSegFault glibc

每个例子都存放在单独的目录,里面有Makefile。在单独的目录里,执行make show可以看到说明,和所描述特性相关的输出用终端的红色字标出了。有些例子提供了make gdb,是用Expect脚本写的gdb的交互式会话,用来观察所描述的特性如何影响程序的运行时状态。

项目根目录也提供了Makefile,执行make showmake gdb会递归地在各例子目录里执行make