| blob | 507b35e101d0353e3c574620438beda577c1e4ae |
1 /*
2 * Copyright (C) 1997-2001, The University of Queensland
3 *
4 * See the file "LICENSE.TERMS" for information on usage and
5 * redistribution of this file, and for a DISCLAIMER OF ALL
6 * WARRANTIES.
7 *
8 */
10 /*******************************************************************************
11 * File: ElfBinaryFile.cc
12 * Desc: This file contains the implementation of the class ElfBinaryFile.
13 ******************************************************************************/
15 /*
16 * $Revision$
17 *
18 * ELF binary file format.
19 * This file implements the class ElfBinaryFile, derived from class BinaryFile.
20 * See ElfBinaryFile.h and BinaryFile.h for details
21 * MVE 30/9/97
22 * 10 Mar 02 - Mike: Mods for stand alone operation; constuct function
23 * 21 May 02 - Mike: Slight mod for gcc 3.1
24 * 01 Oct 02 - Mike: Removed elf library (and include file) dependencies
25 * 02 Oct 02 - Mike: Fixed some more endianness issues
26 * 24 Mar 03 - Mike: GetAddressByName returns NO_ADDRESS on failure now
27 * 12 Jul 05 - Mike: fixed an endless loop in findRelPltOffset for pre-3.3.3 gcc compiled input files
28 */
30 /*==============================================================================
31 * Dependencies.
32 *============================================================================*/
36 #include <sys/stat.h>
37 #include <fcntl.h>
38 #include <iostream>
39 #include <cassert>
40 #include <cstring>
41 #if defined(_MSC_VER) && _MSC_VER >= 1400
43 #endif
50 {
54 }
57 {
59 // Delete the array of import stubs
61 }
63 // Reset internal state, except for those that keep track of which member
64 // we're up to
67 {
78 }
80 // Hand decompiled from sparc library function
84 {
89 {
92 g1++;
95 {
98 }
101 }
103 }
106 // Return true for a good load
109 {
113 {
114 // This is a member of an archive. Should not be using this function at all
116 }
122 // Determine file size
124 {
127 }
130 // Allocate memory to hold the file
133 {
136 }
139 // Read the whole file in
145 // Basic checks
147 {
152 }
154 {
157 }
158 // Needed for elfRead4 to work:
161 // Set up program header pointer (in case needed)
165 // Set up section header pointer
169 // Set up section header string table pointer
170 // NOTE: it does not appear that endianness affects shorts.. they are always in little endian format
171 // Gerard: I disagree. I need the elfRead on linux/i386
178 // Number of sections
181 // Allocate room for all the Elf sections (including the silly first one)
185 // Set up the m_sh_link and m_sh_info arrays
189 // Number of elf sections
193 {
194 // Get section information.
197 {
200 }
203 {
206 }
213 {
216 {
219 }
222 }
231 // Can't use the SHF_ALLOC bit to determine bss section; the bss section has SHF_ALLOC but also SHT_NOBITS.
232 // (But many other sections, such as .comment, also have SHT_NOBITS). So for now, just use the name
233 // if ((elfRead4(&pShdr->sh_flags) & SHF_ALLOC) == 0)
237 {
240 }
241 // Deciding what is data and what is not is actually quite tricky but important.
242 // For example, it's crucial to flag the .exception_ranges section as data, otherwise there is a "hole" in the
243 // allocation map, that means that there is more than one "delta" from a read-only section to a page, and in the
244 // end using -C results in a file that looks OK but when run just says "Killed".
245 // So we use the Elf designations; it seems that ALLOC.!EXEC -> data
246 // But we don't want sections before the .text section, like .interp, .hash, etc etc. Hence bGotCode.
247 // NOTE: this ASSUMES that sections appear in a sensible order in the input binary file:
248 // junk, code, rodata, data, bss
254 // assign arbitary addresses to .rel.* sections too
257 {
260 }
262 // Add symbol info. Note that some symbols will be in the main table only, and others in the dynamic table only.
263 // So the best idea is to add symbols for all sections of the appropriate type
265 {
272 #endif
273 }
275 // Save the relocation to symbol table info
278 {
281 //SetRelocInfo(pRel);
282 }
283 else
284 {
288 {
289 //SetRelocInfo(pRel);
291 }
292 }
294 // Find the PLT limits. Required for IsDynamicLinkedProc(), e.g.
297 {
300 }
302 // Apply relocations; important when the input program is not compiled with -fPIC
306 }
308 // Clean up and unload the binary image
311 {
315 }
317 // Like a replacement for elf_strptr()
320 {
322 {
323 // Most commonly, this will be an index of -1, because a call to GetSectionIndexByName() failed
326 }
327 // Get a pointer to the start of the string table
329 // Just add the offset
331 }
333 // Search the .rel[a].plt section for an entry with symbol table index i.
334 // If found, return the native address of the associated PLT entry.
335 // A linear search will be needed. However, starting at offset i and searching backwards with wraparound should
336 // typically minimise the number of entries to search
338 ADDRESS ElfBinaryFile::findRelPltOffset(int i, unsigned char *addrRelPlt, int sizeRelPlt, int numRelPlt, ADDRESS addrPlt)
339 {
344 do
345 {
346 // Each entry is sizeRelPlt bytes, and will contain the offset, then the info (addend optionally follows)
351 {
352 // Found! Now we want the native address of the associated PLT entry.
353 // For now, assume a size of 0x10 for each PLT entry, and assume that each entry in the .rel.plt section
354 // corresponds exactly to an entry in the .plt (except there is one dummy .plt entry)
356 }
359 }
362 }
364 // Add appropriate symbols to the symbol table. secIndex is the section index of the symbol table.
367 {
370 // Calc number of symbols
380 {
383 }
387 {
390 }
391 // Number of entries in the PLT:
392 // int max_i_for_hack = siPlt ? (int)siPlt->uSectionSize / 0x10 : 0;
393 // Index 0 is a dummy entry
395 {
400 // Hack off the "@@GLIBC_2.0" of Linux, if present
405 // Ensure no overwriting (except functions)
407 {
409 {
410 // Special hack for gcc circa 3.3.3: (e.g. test/pentium/settest). The value in the dynamic symbol table
411 // is zero! I was assuming that index i in the dynamic symbol table would always correspond to index i
412 // in the .plt section, but for fedora2_true, this doesn't work. So we have to look in the .rel[a].plt
413 // section. Thanks, gcc! Note that this hack can cause strange symbol names to appear
415 }
417 {
421 }
423 #define ECHO_SYMS 0
424 #if ECHO_SYMS
425 std::cerr << "Elf AddSym: about to add " << str << " to address " << std::hex << val << std::dec << "\n";
426 #endif
428 }
429 }
432 {
433 // Ugh - main mustn't have the STT_FUNC attribute. Add it
436 }
438 }
441 {
447 {
450 {
453 }
454 }
460 // Calc number of symbols
465 // Index 0 is a dummy entry
467 {
472 // Hack off the "@@GLIBC_2.0" of Linux, if present
476 if (ELF32_ST_BIND(m_pSym[i].st_info) == STB_GLOBAL || ELF32_ST_BIND(m_pSym[i].st_info) == STB_WEAK)
477 {
479 {
481 {
485 }
487 }
488 }
489 }
492 }
495 // FIXME: this function is way off the rails. It seems to always overwrite the relocation entry with the 32 bit value
496 // from the symbol table. Totally invalid for SPARC, and most X86 relocations!
497 // So currently not called
500 {
503 // Calc number of relocations
509 // Index 0 is a dummy entry
511 {
516 {
517 // Lookup the value of the symbol table entry
521 // Overwrite the relocation value... ?
524 }
529 // Hack off the "@@GLIBC_2.0" of Linux, if present
534 // Linear search!
538 // Add new extern
540 {
544 }
546 }
548 }
550 // Note: this function overrides a simple "return 0" function in the base class (i.e. BinaryFile::SymbolByAddress())
553 {
558 }
560 bool ElfBinaryFile::ValueByName(const char* pName, SymValue* pVal, bool bNoTypeOK /* = false */)
561 {
568 PSectionInfo pSect;
572 {
573 // We have a file with no .dynsym section, and hence no .hash section (from my understanding - MVE).
574 // It seems that the only alternative is to linearly search the symbol tables.
575 // This must be one of the big reasons that linking is so slow! (at least, for statically linked files)
576 // Note MVE: We can't use m_SymTab because we may need the size
578 }
586 // First organise the hash table
592 // Hash the symbol
595 // Beware of symbol tables with 0 in the buckets, e.g. libstdc++.
596 // In that case, set found to false.
599 {
601 {
604 {
607 }
608 }
609 }
610 // Beware of symbols with STT_NOTYPE, e.g. "open" in libstdc++ !
611 // But sometimes "main" has the STT_NOTYPE attribute, so if bNoTypeOK is passed as true, return true
613 {
617 {
621 }
624 }
625 else
626 {
627 // We may as well do a linear search of the main symbol table. Some symbols (e.g. init_dummy) are
628 // in the main symbol table, but not in the hash table
630 }
631 }
633 // Lookup the symbol table using linear searching. See comments above for why this appears to be needed.
635 bool ElfBinaryFile::SearchValueByName(const char* pName, SymValue* pVal, const char* pSectName, const char* pStrName)
636 {
637 // Note: this assumes .symtab. Many files don't have this section!!!
645 // Find number of symbols
648 // Search all the symbols. It may be possible to start later than index 0
650 {
653 {
654 // We have found the symbol
658 {
662 }
665 }
666 }
668 }
670 // Search for the given symbol. First search .symtab (if present); if not found or the table has been stripped,
671 // search .dynstr
674 {
678 }
682 {
683 SymValue Val;
686 {
690 }
692 }
695 {
696 SymValue Val;
699 {
703 }
705 }
707 // Guess the size of a function by finding the next symbol after it, and subtracting the distance.
708 // This function is NOT efficient; it has to compare the closeness of ALL symbols in the symbol table
711 {
714 // No need to guess, but if there are fillers, then subtracting labels will give a better answer for coverage
715 // purposes. For example, switch_cc. But some programs (e.g. switch_ps) have the switch tables between the
716 // end of _start and main! So we are better off overall not trying to guess the size of _start
720 PSectionInfo pSect;
723 // Find number of symbols
726 // Search all the symbols. It may be possible to start later than index 0
730 {
732 {
735 }
736 }
738 // Do some checks on the symbol's value; it might be at the end of the .text section
743 {
744 // Our symbol is in the .text section. Put a ceiling of the end of the section on closest.
746 }
748 }
751 {
755 }
758 {
764 return (uNative >= m_uPltMin) && (uNative < m_uPltMax); // Yes if a call to the PLT (false otherwise)
765 }
768 //
769 // GetEntryPoints()
770 // Returns a list of pointers to SectionInfo structs representing entry points to the program
771 // Item 0 is the main() function; items 1 and 2 are .init and .fini
772 //
776 {
782 // Adjust uSectionSize so uNativeAddr + uSectionSize still is end of sect
785 // .init and .fini sections
791 }
794 //
795 // GetMainEntryPoint()
796 // Returns the entry point to main (this should be a label in elf binaries generated by compilers).
797 //
800 {
802 }
805 {
807 }
809 // FIXME: the below assumes a fixed delta
812 {
815 }
818 {
819 // Not implemented yet. But we need the function to make it all link
821 }
824 {
825 // This function is called after an archive member has been loaded by ElfArchiveFile
827 // Save the elf pointer
828 //m_elf = (Elf*) handle;
830 //return ProcessElfFile();
832 }
835 // Open this binaryfile for reading AND writing
838 {
840 }
843 {
845 }
848 {
850 }
853 {
863 {
864 std::cerr << "Error: ElfBinaryFile::GetMachine: The AMD x86-64 architecture is not supported yet\n";
866 }
867 // An unknown machine type
872 }
875 {
878 }
881 {
890 {
892 {
895 }
896 }
903 {
905 {
909 }
910 }
912 }
915 {
917 }
920 {
922 }
924 /*==============================================================================
925 * FUNCTION: ElfBinaryFile::GetImportStubs
926 * OVERVIEW: Get an array of addresses of imported function stubs
927 * This function relies on the fact that the symbols are sorted by address, and that Elf PLT
928 * entries have successive addresses beginning soon after m_PltMin
929 * PARAMETERS: numImports - reference to integer set to the number of these
930 * RETURNS: An array of native ADDRESSes
931 *============================================================================*/
933 {
940 {
941 // Need to insert a dummy entry at m_uPltMin
946 aa++;
947 }
949 {
950 n++;
952 aa++;
953 }
954 // Allocate an array of ADDRESSESes
960 {
963 aa++;
964 }
969 }
971 /*==============================================================================
972 * FUNCTION: ElfBinaryFile::GetDynamicGlobalMap
973 * OVERVIEW: Get a map from ADDRESS to const char*. This map contains the native addresses
974 * and symbolic names of global data items (if any) which are shared with dynamically
975 * linked libraries.
976 * Example: __iob (basis for stdout). The ADDRESS is the native address of a pointer
977 * to the real dynamic data object.
978 * NOTE: The caller should delete the returned map.
979 * PARAMETERS: None
980 * RETURNS: Pointer to a new map with the info, or 0 if none
981 *============================================================================*/
983 {
989 {
990 // This could easily mean that this file has no dynamic globals, and
991 // that is fine.
993 }
997 {
1000 }
1004 {
1007 }
1011 {
1012 // The ugly p[1] below is because it p might point to an Elf32_Rela struct, or an Elf32_Rel struct
1019 }
1022 }
1024 /*==============================================================================
1025 * FUNCTION: ElfBinaryFile::elfRead2 and elfRead4
1026 * OVERVIEW: Read a 2 or 4 byte quantity from host address (C pointer) p
1027 * NOTE: Takes care of reading the correct endianness, set early on into m_elfEndianness
1028 * PARAMETERS: ps or pi: host pointer to the data
1029 * RETURNS: An integer representing the data
1030 *============================================================================*/
1032 {
1035 {
1036 // Big endian
1038 }
1039 else
1040 {
1041 // Little endian
1043 }
1044 }
1047 {
1050 {
1052 }
1053 else
1055 }
1058 {
1061 {
1062 // Big endian
1067 }
1068 else
1069 {
1074 }
1075 }
1078 {
1081 {
1083 }
1086 }
1088 // Read 2 bytes from given native address
1091 {
1096 }
1098 // Read 4 bytes from given native address
1101 {
1106 }
1109 {
1114 {
1119 }
1120 else
1121 {
1126 }
1127 }
1129 // Read 8 bytes from given native address
1132 {
1136 {
1137 #else
1139 {
1141 // Source and host are same endianness
1144 }
1145 else
1146 {
1147 // Source and host are different endianness
1150 }
1151 //return reinterpret_cast<long long>(*raw); // Note: cast, not convert!!
1153 }
1155 // Read 4 bytes as a float
1158 {
1160 // Ugh! gcc says that reinterpreting from int to float is invalid!!
1161 //return reinterpret_cast<float>(raw); // Note: cast, not convert!!
1163 }
1165 // Read 8 bytes as a float
1168 {
1172 {
1173 #else
1175 {
1177 // Source and host are same endianness
1180 }
1181 else
1182 {
1183 // Source and host are different endianness
1186 }
1187 //return reinterpret_cast<double>(*raw); // Note: cast, not convert!!
1189 }
1191 // This function is called via dlopen/dlsym; it returns a new BinaryFile derived concrete object.
1192 // After this object is returned, the virtual function call mechanism will call the rest of the code
1193 // in this library. It needs to be C linkage so that it its name is not mangled
1195 #ifdef _WIN32
1198 #endif
1200 {
1202 }
1203 }
1206 {
1212 {
1216 {
1218 {
1221 {
1222 // A section such as .rel.dyn or .rel.plt (without an addend field).
1223 // Each entry has 2 words: r_offet and r_info. The r_offset is just the offset from the beginning
1224 // of the section (section given by the section header's sh_info) to the word to be modified.
1225 // r_info has the type in the bottom byte, and a symbol table index in the top 3 bytes.
1226 // A symbol table offset of 0 (STN_UNDEF) means use value 0. The symbol table involved comes from
1227 // the section header's sh_link field.
1230 // NOTE: the r_offset is different for .o files (E_REL in the e_type header field) than for exe's
1231 // and shared objects!
1235 {
1239 }
1241 int strSection = m_sh_link[symSection]; // Section index for the string section assoc with this
1245 {
1253 else
1254 {
1259 }
1263 {
1269 {
1273 }
1279 {
1283 }
1284 else
1285 {
1288 {
1289 // This means that the symbol doesn't exist in this module, and is not accessed
1290 // through the PLT, i.e. it will be statically linked, e.g. strcmp. We have the
1291 // name of the symbol right here in the symbol table entry, but the only way
1292 // to communicate with the loader is through the target address of the call.
1293 // So we use some very improbable addresses (e.g. -1, -2, etc) and give them entries
1294 // in the symbol table
1297 // this is too slow, I'm just going to assume it is 0
1298 //S = GetAddressByName(pName);
1299 //if (S == (e_type == E_REL ? 0x8000000 : 0)) {
1302 //}
1303 }
1305 {
1309 }
1310 }
1319 // std::cout << "Relocation type " << (int)relType << " not handled yet\n";
1320 ;
1321 }
1322 }
1323 }
1324 }
1325 }
1328 }
1329 }
1332 {
1333 //int nextFakeLibAddr = -2; // See R_386_PC32 below; -1 sometimes used for main
1338 {
1342 {
1344 {
1347 {
1348 // A section such as .rel.dyn or .rel.plt (without an addend field).
1349 // Each entry has 2 words: r_offet and r_info. The r_offset is just the offset from the beginning
1350 // of the section (section given by the section header's sh_info) to the word to be modified.
1351 // r_info has the type in the bottom byte, and a symbol table index in the top 3 bytes.
1352 // A symbol table offset of 0 (STN_UNDEF) means use value 0. The symbol table involved comes from
1353 // the section header's sh_link field.
1356 // NOTE: the r_offset is different for .o files (E_REL in the e_type header field) than for exe's
1357 // and shared objects!
1361 {
1365 }
1366 //int symSection = m_sh_link[i]; // Section index for the associated symbol table
1367 //int strSection = m_sh_link[symSection]; // Section index for the string section assoc with this
1368 //char* pStrSection = (char*)m_pSections[strSection].uHostAddr;
1369 //Elf32_Sym* symOrigin = (Elf32_Sym*) m_pSections[symSection].uHostAddr;
1371 {
1373 //unsigned info = elfRead4(pReloc);
1374 pReloc++;
1375 //unsigned char relType = (unsigned char) info;
1376 //unsigned symTabIndex = info >> 8;
1380 else
1381 {
1386 }
1389 }
1390 }
1391 }
1392 }
1395 }
1397 }
1400 {
1404 {
1407 {
1410 }
1411 }
1415 //int e_type = elfRead2(&((Elf32_Ehdr*)m_pImage)->e_type);
1417 // Calc number of symbols
1424 // Index 0 is a dummy entry
1426 {
1427 //ADDRESS val = (ADDRESS) elfRead4((int*)&m_pSym[i].st_value);
1431 // Hack off the "@@GLIBC_2.0" of Linux, if present
1436 {
1439 }
1441 {
1445 }
1446 }
1448 }
1450 void ElfBinaryFile::getFunctionSymbols(std::map<std::string, std::map<ADDRESS, std::string> > &syms_in_file)
1451 {
1455 {
1458 {
1461 }
1462 }
1464 {
1468 {
1471 {
1474 }
1475 }
1478 {
1481 }
1482 }
1486 // Calc number of symbols
1493 // Index 0 is a dummy entry
1495 {
1499 // Hack off the "@@GLIBC_2.0" of Linux, if present
1504 {
1507 }
1509 {
1512 {
1516 }
1518 {
1519 // ignore plt for now
1520 }
1521 else
1522 {
1524 }
1525 }
1526 }
1527 }
1529 // A map for extra symbols, those not in the usual Elf symbol tables
1532 {
1534 }
1537 {
1543 }