The Design and Implementation of Userland Exec
by the grugq
2004 (https://news.ycombinator.com/item?id=37025843)
https://grugq.github.io/docs/ul_exec.txt
| Notes |
|---|
| syscall |
| execve |
| dynamic linker |
| stack |
| entry point |
| process image |
| address space |
| userland |
| shellcode |
| ELF |
| i386 |
| Linux |
| Unix-like |
| fork() |
| man page |
| text section |
| data section |
| bss section |
| heap |
| dynamically linked |
| main() |
| environment |
| environment variables |
| Elf_aux |
| scut |
| mmap |
| relocation |
| 0x08048000 – hard-coded start address |
| /proc/self/maps |
| first three lines of /proc/self/maps contain .text, .data, and the heap (at time of writing) |
| signal handler |
| interpreter PT_INTERP |
| shared objects |
| p_offset, p_filesz, p_flags, p_vaddr, p_memsz, p_align |
| PT_LOAD |
| ELF program header |
| stack base |
| argc, argv, envp |
| Elf_Aux |
| data structure |
| AT_BASE |
| AT_PHDR |
| AT_PHNUM |
| AT_PAGESZ |
| AT_FLAGS |
| AT_ENTRY |
| greetz: mammon_, gera, duke, Grendel, Halvar, SK, Dave Aitel |
| Resources |
|---|
| https://phrack.org/issues/58/5 Armouring the ELF: Binary encryption on the UNIX platform, grugq & scut, 2001 |
| https://grugq.github.io/docs/subversiveld.pdf Cheating the ELF: Subversive Dynamic Linking to Libraries, grugq, 2001 |
| http://www.iecc.com/linker/ – Linkers and Loaders, John Levine, 1999 |