I need to compile a module that is statically linked to lua library (liblua.a) and dynamically linked to dl library (libdl.so).
I've compiled the C source file (generic_loader.c) linking it to dl library:
$ gcc -g generic_loader.c -shared -fpic -ldl -o _loader.o
No errors were shown as I can see the linked libraries and symbol resolution:
$ ldd _loader.o
_loader.o:
linux-vdso.so.1 => (0x00007fff231fe000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f7397949000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f7397582000)
/lib64/ld-linux-x86-64.so.2 (0x00007f7397d6e000)
$ nm _loader.o
_loader.o:
0000000000201078 B __bss_start
0000000000201078 b completed.6972
w __cxa_finalize##GLIBC_2.2.5
00000000000008d0 t deregister_tm_clones
U dlerror##GLIBC_2.2.5
U dlopen##GLIBC_2.2.5
U dlsym##GLIBC_2.2.5
0000000000000940 t __do_global_dtors_aux
0000000000200df0 t __do_global_dtors_aux_fini_array_entry
0000000000201070 d __dso_handle
0000000000200e00 d _DYNAMIC
0000000000201078 D _edata
0000000000201080 B _end
0000000000000aec T _fini
0000000000000980 t frame_dummy
0000000000200de8 t __frame_dummy_init_array_entry
0000000000000ba8 r __FRAME_END__
0000000000201000 d _GLOBAL_OFFSET_TABLE_
w __gmon_start__
00000000000007e8 T _init
w _ITM_deregisterTMCloneTable
w _ITM_registerTMCloneTable
0000000000200df8 d __JCR_END__
0000000000200df8 d __JCR_LIST__
w _Jv_RegisterClasses
00000000000009b5 T load_as_global
0000000000000aab T luaopen_genericloader
U lua_pushboolean
U lua_pushcclosure
U lua_pushnil
U lua_pushstring
U lua_setfield
U lua_tolstring
0000000000000900 t register_tm_clones
0000000000201078 d __TMC_END__
The unresolved symbols belongs to lua library and should be handled in the next step, so I guess there is no problem with that binary.
So I compiled the resulting binary _loader.so in order to statically link it to lib lua:
$ gcc -g -shared -fpic _loader.o /usr/local/lib/liblua.a -o genericloader.so
Again, no errors where shown. But when I list the symbols, all dl and lua symbols are missing, as well as load_as_global and luaopen_genericloader, both functions defined in generic_loader.c:
$ldd genericloader.so
genericloader.so:
linux-vdso.so.1 => (0x00007fff7cdfe000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f360ad0d000)
/lib64/ld-linux-x86-64.so.2 (0x00007f360b2f4000)
$ nm genericloader.so
genericloader.so:
0000000000201030 B __bss_start
0000000000201030 b completed.6972
w __cxa_finalize##GLIBC_2.2.5
0000000000000530 t deregister_tm_clones
00000000000005a0 t __do_global_dtors_aux
0000000000200e08 t __do_global_dtors_aux_fini_array_entry
0000000000201028 d __dso_handle
0000000000200e18 d _DYNAMIC
0000000000201030 D _edata
0000000000201038 B _end
0000000000000618 T _fini
00000000000005e0 t frame_dummy
0000000000200e00 t __frame_dummy_init_array_entry
0000000000000628 r __FRAME_END__
0000000000201000 d _GLOBAL_OFFSET_TABLE_
w __gmon_start__
00000000000004e0 T _init
w _ITM_deregisterTMCloneTable
w _ITM_registerTMCloneTable
0000000000200e10 d __JCR_END__
0000000000200e10 d __JCR_LIST__
w _Jv_RegisterClasses
0000000000000560 t register_tm_clones
0000000000201030 d __TMC_END__
Am I missing something, a step in compilation or perhaps an option to gcc?
Thanks in advance.
To mix dynamic and static linking you may need to use -Wl,-Bstatic and -Wl,-Bdynamic options as described in this SO answer.
Related
I'm trying to run a binary. But when I'm trying to run the file I'm facing the following error.
`pegasus#pegasus:~/Documents/Courses/heaplab-main/house_of_force$ ./house_of_force
bash: ./house_of_force: No such file or directory`
`pegasus#pegasus:~/Documents/Courses/heaplab-main/house_of_force$ ldd ./house_of_force
linux-vdso.so.1 (0x00007fff7c6da000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f3f879bd000)
../.glibc/glibc_2.28_no-tcache/ld.so.2 => /lib64/ld-linux-x86-64.so.2 (0x00007f3f87bf9000)
`
`
pegasus#pegasus:~/Documents/Courses/heaplab-main/house_of_force$ file ./house_of_force
./house_of_force: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter ../.glibc/glibc_2.28_no-tcache/ld.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=278a2aec8b352ea120c49321ed3254eb15ca8ef5, with debug_info, not stripped`
pegasus#pegasus:~/Documents/Courses/heaplab-main/house_of_force$ readelf -l house_of_force
Elf file type is EXEC (Executable file)
Entry point 0x400730
There are 9 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040
0x00000000000001f8 0x00000000000001f8 R 0x8
INTERP 0x0000000000000238 0x0000000000400238 0x0000000000400238
0x0000000000000027 0x0000000000000027 R 0x1
[Requesting program interpreter: ../.glibc/glibc_2.28_no-tcache/ld.so.2]
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
0x0000000000000d88 0x0000000000000d88 R E 0x200000
LOAD 0x0000000000001d70 0x0000000000601d70 0x0000000000601d70
0x00000000000002c0 0x00000000000002c8 RW 0x200000
DYNAMIC 0x0000000000001d80 0x0000000000601d80 0x0000000000601d80
0x0000000000000200 0x0000000000000200 RW 0x8
NOTE 0x0000000000000260 0x0000000000400260 0x0000000000400260
0x0000000000000044 0x0000000000000044 R 0x4
GNU_EH_FRAME 0x0000000000000c04 0x0000000000400c04 0x0000000000400c04
0x000000000000004c 0x000000000000004c R 0x4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x10
GNU_RELRO 0x0000000000001d70 0x0000000000601d70 0x0000000000601d70
0x0000000000000290 0x0000000000000290 R 0x1
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .plt.got .text .fini .rodata .eh_frame_hdr .eh_frame
03 .init_array .fini_array .dynamic .got .data .bss
04 .dynamic
05 .note.ABI-tag .note.gnu.build-id
06 .eh_frame_hdr
07
08 .init_array .fini_array .dynamic .got
My System Details:
pegasus#pegasus:~/Documents/Courses/heaplab-main/house_of_force$ uname -a
Linux pegasus 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 11:43:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
pegasus#pegasus:~/Documents/Courses/heaplab-main/house_of_force$ lsb_release -a
LSB Version: core-11.1.0ubuntu4-noarch:printing-11.1.0ubuntu4-noarch:security-11.1.0ubuntu4-noarch
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
I've already done chmod a+x house_of_force
What I'm suspecting some shared object or the interpreter is broken.
I'm unable to link them properly.
Help me running the file properly using ./house_of_force
I'm facing the following error
The problem is that your binary is linked in a very weird way.
In particular, its interpreter is set to ../.glibc/glibc_2.28_no-tcache/ld.so.2, and this binary will run only when invoked from a directory in which ../.glibc/glibc_2.28_no-tcache/ld.so.2 exists.
Invoking this binary from any other directory will fail with ENOENT.
It is unlikely that that's what you want this binary to do. You'll need to fix your link line -- usually the interpreter is set to the absolute path to ld.so.
P.S. You probably want to link with this custom GLIBC build in order to solve some problem. But it's unlikely that linking with custom GLIBC is the right solution to whatever that problem is. See http://xyproblem.info.
Update:
It was a file given in linux heap exploitation course.
You should have explained this in your question.
Like the answer says, this binary will only run in a directory in which ../.glibc exists. If you have .glibc/ directory (containing glibc_2.28_no-tcache/ld.so.2), then do this:
cd .glibc
mkdir foo
mv /path/to/house_of_force foo
cd foo
./house_of_force
I would like to see at one glance which variables are placed next to each other in memory.
If I generate a symbol table by using objdump -t I get the symbol table, however sorted seemingly randomly.
SYMBOL TABLE:
00100584 l F .text 00000000 deregister_tm_clones
001005a8 l F .text 00000000 register_tm_clones
001005d4 l F .text 00000000 __do_global_dtors_aux
0019c020 l .bss 00000001 completed.10177
0019c00c l O .fini_array 00000000 __do_global_dtors_aux_fini_array_entry
00100604 l F .text 00000000 frame_dummy
0019c024 l .bss 00000018 object.10182
0019c008 l O .init_array 00000000 __frame_dummy_init_array_entry
00000000 l df *ABS* 00000000 tcp_server_test.c
0019c03c l .bss 00000004 xServerWorkTaskHandle
001006a4 l F .text 00000098 prvServerWorkTask
0019c040 l .bss 00000008 xMyTelnet
...
Is there a way to get it sorted by address (first column) in upcounting manner?
It would be great if there was a switch that could be added to objdump -t to get the desired output. I looked through the documentation and did not find anything like that, but maybe I overlooked something?
Another approach could be to write a python script that resorts it, but I would like to avoid that if possible.
Thanks!
You can use the universal tool "sort" to sort the output of "objdump".
Please read its documentation for options. Without any option, it simply sorts on the first column.
For the no-yet-enlightened command line user...
You need to "pipe" the output of "objdump" as input into "sort" like this:
objdump -t my_module.o | sort
I am writing a linker script as:
SECTIONS
{
. = 0x100000;
.phys . :
{
*(.phys.text)
*(.phys.data)
. = ALIGN(4K);
}
.phys.bss . (NOLOAD) :
{
boot_stack_bottom = .;
. = . + 4K;
boot_stack_top = .;
*(.phys.bss)
}
. = . + KERNEL_OFFSET;
.boot . : AT(ADDR(.boot) - KERNEL_OFFSET)
{
*(.boot.text)
*(.boot.data)
}
}
When compiling my code, I expect to have .phys section at address 0x100000 which is true. I also expect .phy.bss to be at address 0x100000 + SIZEOF(.phys) but its not. The .phys.bss section has address 0x0. But, if i remove the . from the .phys.bss section and simply write .phys.bss (NOLOAD) : or explicitly specify the address using 0x100000 + SIZEOF(.phys) everything work OK. Why is . invalid for the .phys.bss section!?
This is output of the objdump for two cases:
.phys.bss (NOLOAD) :
architecture: i386:x86-64, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x00000000001012b3
Program Header:
LOAD off 0x0000000000001000 vaddr 0x0000000000100000 paddr 0x0000000000100000 align 2**12
filesz 0x0000000000003000 memsz 0x0000000000006000 flags rw-
LOAD off 0x0000000000004000 vaddr 0xffffffff80106000 paddr 0x0000000000106000 align 2**5
filesz 0x0000000000008918 memsz 0x000000000060a000 flags rwx
LOAD off 0x000000000000d000 vaddr 0xffffffff80710000 paddr 0x0000000000710000 align 2**12
filesz 0x0000000000013aa7 memsz 0x0000000000023000 flags rwx
STACK off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**4
filesz 0x0000000000000000 memsz 0x0000000000000000 flags rwx
Sections:
Idx Name Size VMA LMA File off Algn
0 .phys 00003000 0000000000100000 0000000000100000 00001000 2**12
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .phys.bss 00003000 0000000000103000 0000000000103000 00004000 2**12
ALLOC
2 .boot 00008918 ffffffff80106000 0000000000106000 00004000 2**5
CONTENTS, ALLOC, LOAD, CODE
3 .boot.bss 006016e8 ffffffff8010e918 000000000010e918 0000c918 2**5
ALLOC
4 .text 00011735 ffffffff80710000 0000000000710000 0000d000 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
5 .rodata 00002372 ffffffff80721735 0000000000721735 0001e735 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .bss 0000e571 ffffffff80723aa7 0000000000723aa7 00020aa7 2**12
ALLOC
7 .ehframe 00000fe8 ffffffff80732018 0000000000732018 00020aa7 2**0
ALLOC
SYMBOL TABLE:
0000000000100000 l d .phys 0000000000000000 .phys
0000000000103000 l d .phys.bss 0000000000000000 .phys.bss
ffffffff80106000 l d .boot 0000000000000000 .boot
ffffffff8010e918 l d .boot.bss 0000000000000000 .boot.bss
ffffffff80710000 l d .text 0000000000000000 .text
ffffffff80721735 l d .rodata 0000000000000000 .rodata
ffffffff80723aa7 l d .bss 0000000000000000 .bss
ffffffff80732018 l d .ehframe 0000000000000000 .ehframe
0000000000000000 l df *ABS* 0000000000000000 src/arch/x86/64/head.o
000000000010102e l .phys 0000000000000000 huge_page_error_string
0000000000000029 l *ABS* 0000000000000000 huge_page_error_size
00000000001010ff l .phys 0000000000000000 pcid_error_string
0000000000000025 l *ABS* 0000000000000000 pcid_error_size
0000000000101148 l .phys 0000000000000000 invpcid_error_string
0000000000000033 l *ABS* 0000000000000000 invpcid_error_size
000000000010119f l .phys 0000000000000000 syscall_error_string
000000000000003a l *ABS* 0000000000000000 syscall_error_size
0000000000101205 l .phys 0000000000000000 fsgsbase_error_string
0000000000000035 l *ABS* 0000000000000000 fsgsbase_error_size
0000000000102010 l .phys 0000000000000000 _gdt64_ptr
0000000000102020 l .phys 0000000000000000 _gdt64
0000000000000000 l df *ABS* 0000000000000000 kernel_final.c
ffffffff80106030 l F .boot 00000000000000a5 merge_regions
ffffffff8030f0c0 l O .boot.bss 0000000000400118 allocated_p_regions
ffffffff80713930 l F .text 00000000000000a4 lookupIOPTSlot_resolve_levels
ffffffff807139e0 l F .text 00000000000000b9 vtd_process_faults
ffffffff80713aa0 l F .text 000000000000005b single_ioapic_init
ffffffff80723ae0 l O .bss 0000000000000060 ioredtbl_state
ffffffff80713b00 l F .text 000000000000005e lookupPDPTSlot
ffffffff801060e0 l F .boot 0000000000000037 init_pat_msr.part.173
ffffffff80713b60 l F .text 0000000000000016 Arch_fpuThreadDelete.part.177
ffffffff80713b80 l F .text 0000000000000046 preemptionPoint.part.183
ffffffff80713bd0 l F .text 0000000000000094 tcbSchedEnqueue.part.186
ffffffff80713c70 l F .text 0000000000000094 tcbSchedAppend.part.189
ffffffff80713d10 l F .text 0000000000000026 invokeTCB_NotificationControl.part.193
ffffffff80713d40 l F .text 000000000000009a parse_bool.constprop.210
ffffffff80714120 l F .text 000000000000014e cap_get_capPtr
ffffffff80714270 l F .text 000000000000002c cap_get_capMappedASID
ffffffff80714540 l F .text 000000000000006d lookup_vtd_context_slot
ffffffff807146d0 l F .text 0000000000000071 makeUserPDPTEHugePage
ffffffff80106d30 l F .boot 000000000000005e add_mem_p_regs
ffffffff807150d0 l F .text 0000000000000076 unmapPDPT
ffffffff8010e920 l O .boot.bss 0000000000000018 cpu_identity
ffffffff80716640 l F .text 0000000000000088 possibleSwitchTo
ffffffff807166f0 l F .text 0000000000000021 scheduleTCB.part.187
ffffffff80716740 l F .text 0000000000000012 setThreadState.part.188
ffffffff80717390 l F .text 000000000000001a capSwapForDelete.part.184
ffffffff80723ad0 l O .bss 0000000000000004 num_ioapics
ffffffff80723ac8 l O .bss 0000000000000008 ioapic_target_cpu
ffffffff8071ce80 l F .text 0000000000000062 maskInterrupt.part.196
ffffffff8071d100 l F .text 0000000000000113 emptySlot.part.197
ffffffff8071d220 l F .text 000000000000004a cteDeleteOne.part.198
ffffffff8071d3b0 l F .text 000000000000004d handleReply
ffffffff8071e3a0 l F .text 00000000000001cc handleRecv
ffffffff80720b00 l F .text 00000000000001b4 handleInvocation
ffffffff80723b40 l O .bss 0000000000000008 control_reg_order
ffffffff80712e90 g F .text 0000000000000038 int_d3
000000000010117b g F .phys 000000000000005e syscall_check
ffffffff80733000 g .ehframe 0000000000000000 ki_end
ffffffff80714da0 g F .text 000000000000001f findMapForASID
ffffffff8071dc80 g F .text 00000000000000f0 decodeWriteRegisters
ffffffff807122c0 g F .text 0000000000000038 int_9d
ffffffff80712fe0 g F .text 0000000000000038 int_d9
ffffffff80713750 g F .text 0000000000000038 int_fb
ffffffff8010d620 g F .boot 000000000000012f apic_init
ffffffff80712b10 g F .text 0000000000000038 int_c3
ffffffff80715a10 g F .text 0000000000000011 decodeX86IOSpaceInvocation
ffffffff80712e20 g F .text 0000000000000038 int_d1
ffffffff80710f48 g F .text 0000000000000038 int_44
ffffffff807100ae g F .text 0000000000000038 int_01
ffffffff807120c8 g F .text 0000000000000038 int_94
ffffffff80721520 g F .text 0000000000000022 c_handle_syscall
ffffffff80711ca0 g F .text 0000000000000038 int_81
ffffffff807101fe g F .text 0000000000000038 int_07
ffffffff80712d08 g F .text 0000000000000038 int_cc
ffffffff8010cbf0 g F .boot 00000000000001ba acpi_dmar_scan
ffffffff807185c0 g F .text 00000000000007b2 decodeX86ModeMMUInvocation
ffffffff8010e120 g F .boot 00000000000001c5 x86_cpuid_initialize
ffffffff80717130 g F .text 0000000000000096 cteMove
ffffffff80724000 g O .bss 0000000000000010 current_fault
ffffffff80711f40 g F .text 0000000000000038 int_8d
ffffffff807103b2 g F .text 0000000000000038 int_0f
ffffffff80710ab0 g F .text 0000000000000038 int_2f
ffffffff80724010 g O .bss 0000000000000008 seL4_VMFault_Msg
ffffffff801061d0 g F .boot 0000000000000021 apic_send_init_ipi
ffffffff807184f0 g F .text 0000000000000082 isFinalCapability
ffffffff80717870 g F .text 0000000000000012 isIRQActive
ffffffff8071e370 g F .text 0000000000000025 deleteCallerCap
ffffffff807145b0 g F .text 0000000000000085 makeUserPDELargePage
ffffffff807118b0 g F .text 0000000000000038 int_6f
ffffffff80715be0 g F .text 0000000000000077 Arch_maskCapRights
ffffffff80719690 g F .text 00000000000000ae lookupExtraCaps
ffffffff8010d810 g F .boot 00000000000000fe tsc_init
ffffffff8071a030 g F .text 0000000000000021 performInvocation_Endpoint
ffffffff807168e0 g F .text 0000000000000210 decodeX86PortInvocation
ffffffff80107090 g F .boot 00000000000031c4 init_vm_state
ffffffff80710960 g F .text 0000000000000038 int_29
ffffffff80712aa0 g F .text 0000000000000038 int_c1
ffffffff80713478 g F .text 0000000000000038 int_ee
ffffffff807190b0 g F .text 000000000000011c createNewObjects
ffffffff80711b88 g F .text 0000000000000038 int_7c
ffffffff807155d0 g F .text 0000000000000042 switchLocalFpuOwner
ffffffff80714f20 g F .text 0000000000000005 Arch_switchToThread
ffffffff80715a30 g F .text 00000000000000c5 Arch_deriveCap
ffffffff80713050 g F .text 0000000000000038 int_db
ffffffff80713e90 g F .text 0000000000000030 makeUserPDEPageTable
ffffffff80711e60 g F .text 0000000000000038 int_89
ffffffff80710ed8 g F .text 0000000000000038 int_42
ffffffff8071382a g F .text 0000000000000035 int_ff
ffffffff807118e8 g F .text 0000000000000038 int_70
ffffffff80714d90 g F .text 0000000000000002 isValidNativeRoot
ffffffff80710e30 g F .text 0000000000000038 int_3f
ffffffff80724018 g O .bss 0000000000000008 seL4_UnknownSyscall_Msg
ffffffff80719320 g F .text 0000000000000092 chooseThread
ffffffff8071ef60 g F .text 00000000000002d0 invokeTCB_ThreadControl
ffffffff80725000 g O .bss 0000000000001000 x64KSGlobalPD
ffffffff8010b1e0 g F .boot 00000000000004b1 create_it_address_space
ffffffff80712b80 g F .text 0000000000000038 int_c5
ffffffff80711df0 g F .text 0000000000000038 int_87
0000000000100000 g *ABS* 0000000000000000 PADDR_LOAD
ffffffff80716e30 g F .text 000000000000005f timerTick
ffffffff80712d40 g F .text 0000000000000038 int_cd
ffffffff80715350 g F .text 00000000000000f7 unmapPage
ffffffff80711098 g F .text 0000000000000038 int_4a
ffffffff80723a14 g O .rodata 0000000000000004 gpRegisters
ffffffff8071d9c0 g F .text 0000000000000010 invokeTCB_Resume
ffffffff807132b8 g F .text 0000000000000038 int_e6
ffffffff80712560 g F .text 0000000000000038 int_a9
ffffffff80718580 g F .text 000000000000003d slotCapLongRunningDelete
ffffffff80726000 g O .bss 0000000000000008 seL4_CapFault_Msg
ffffffff80106000 g F .boot 0000000000000027 _entry_64
ffffffff80711258 g F .text 0000000000000038 int_52
ffffffff80711370 g F .text 0000000000000038 int_57
ffffffff80710458 g F .text 0000000000000038 int_12
ffffffff80726008 g O .bss 0000000000000008 x64KSCurrentCR3
.phys.bss . (NOLOAD) :
architecture: i386:x86-64, flags 0x00000012:
EXEC_P, HAS_SYMS
start address 0x00000000001012b3
Program Header:
LOAD off 0x0000000000001000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**12
filesz 0x0000000000000000 memsz 0x0000000000003000 flags rw-
LOAD off 0x0000000000000160 vaddr 0xffffffff80003000 paddr 0x0000000000003000 align 2**5
filesz 0x0000000000008918 memsz 0x000000000060a000 flags rwx
LOAD off 0x0000000000009000 vaddr 0x0000000000100000 paddr 0x0000000000100000 align 2**12
filesz 0x0000000000003000 memsz 0x0000000000003000 flags r--
LOAD off 0x000000000000c000 vaddr 0xffffffff8060d000 paddr 0x000000000060d000 align 2**12
filesz 0x0000000000013aa7 memsz 0x0000000000023000 flags rwx
STACK off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**4
filesz 0x0000000000000000 memsz 0x0000000000000000 flags rwx
Sections:
Idx Name Size VMA LMA File off Algn
0 .phys 00003000 0000000000100000 0000000000100000 00009000 2**12
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .phys.bss 00003000 0000000000000000 0000000000000000 00001000 2**12
ALLOC
2 .boot 00008918 ffffffff80003000 0000000000003000 00000160 2**5
CONTENTS, ALLOC, LOAD, CODE
3 .boot.bss 006016e8 ffffffff8000b918 000000000000b918 00008a78 2**5
ALLOC
4 .text 00011735 ffffffff8060d000 000000000060d000 0000c000 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
5 .rodata 00002372 ffffffff8061e735 000000000061e735 0001d735 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .bss 0000e571 ffffffff80620aa7 0000000000620aa7 0001faa7 2**12
ALLOC
7 .ehframe 00000fe8 ffffffff8062f018 000000000062f018 0001faa7 2**0
ALLOC
SYMBOL TABLE:
0000000000100000 l d .phys 0000000000000000 .phys
0000000000000000 l d .phys.bss 0000000000000000 .phys.bss
ffffffff80003000 l d .boot 0000000000000000 .boot
ffffffff8000b918 l d .boot.bss 0000000000000000 .boot.bss
ffffffff8060d000 l d .text 0000000000000000 .text
ffffffff8061e735 l d .rodata 0000000000000000 .rodata
ffffffff80620aa7 l d .bss 0000000000000000 .bss
ffffffff8062f018 l d .ehframe 0000000000000000 .ehframe
0000000000000000 l df *ABS* 0000000000000000 src/arch/x86/64/head.o
000000000010102e l .phys 0000000000000000 huge_page_error_string
0000000000000029 l *ABS* 0000000000000000 huge_page_error_size
00000000001010ff l .phys 0000000000000000 pcid_error_string
0000000000000025 l *ABS* 0000000000000000 pcid_error_size
0000000000101148 l .phys 0000000000000000 invpcid_error_string
0000000000000033 l *ABS* 0000000000000000 invpcid_error_size
000000000010119f l .phys 0000000000000000 syscall_error_string
000000000000003a l *ABS* 0000000000000000 syscall_error_size
0000000000101205 l .phys 0000000000000000 fsgsbase_error_string
0000000000000035 l *ABS* 0000000000000000 fsgsbase_error_size
0000000000102010 l .phys 0000000000000000 _gdt64_ptr
0000000000102020 l .phys 0000000000000000 _gdt64
0000000000000000 l df *ABS* 0000000000000000 kernel_final.c
ffffffff80003030 l F .boot 00000000000000a5 merge_regions
ffffffff8020c0c0 l O .boot.bss 0000000000400118 allocated_p_regions
ffffffff80610930 l F .text 00000000000000a4 lookupIOPTSlot_resolve_levels
ffffffff806109e0 l F .text 00000000000000b9 vtd_process_faults
ffffffff80610aa0 l F .text 000000000000005b single_ioapic_init
ffffffff80620ae0 l O .bss 0000000000000060 ioredtbl_state
ffffffff80610b00 l F .text 000000000000005e lookupPDPTSlot
ffffffff800030e0 l F .boot 0000000000000037 init_pat_msr.part.173
ffffffff80610b60 l F .text 0000000000000016 Arch_fpuThreadDelete.part.177
ffffffff80610b80 l F .text 0000000000000046 preemptionPoint.part.183
ffffffff80610bd0 l F .text 0000000000000094 tcbSchedEnqueue.part.186
ffffffff80610c70 l F .text 0000000000000094 tcbSchedAppend.part.189
ffffffff80610d10 l F .text 0000000000000026 invokeTCB_NotificationControl.part.193
ffffffff80610d40 l F .text 000000000000009a parse_bool.constprop.210
ffffffff80611120 l F .text 000000000000014e cap_get_capPtr
ffffffff80611270 l F .text 000000000000002c cap_get_capMappedASID
ffffffff80611540 l F .text 000000000000006d lookup_vtd_context_slot
ffffffff806116d0 l F .text 0000000000000071 makeUserPDPTEHugePage
ffffffff80003d30 l F .boot 000000000000005e add_mem_p_regs
ffffffff806120d0 l F .text 0000000000000076 unmapPDPT
ffffffff8000b920 l O .boot.bss 0000000000000018 cpu_identity
ffffffff80613640 l F .text 0000000000000088 possibleSwitchTo
ffffffff806136f0 l F .text 0000000000000021 scheduleTCB.part.187
ffffffff80613740 l F .text 0000000000000012 setThreadState.part.188
ffffffff80614390 l F .text 000000000000001a capSwapForDelete.part.184
ffffffff80620ad0 l O .bss 0000000000000004 num_ioapics
ffffffff80620ac8 l O .bss 0000000000000008 ioapic_target_cpu
ffffffff80619e80 l F .text 0000000000000062 maskInterrupt.part.196
ffffffff8061a100 l F .text 0000000000000113 emptySlot.part.197
ffffffff8061a220 l F .text 000000000000004a cteDeleteOne.part.198
ffffffff8061a3b0 l F .text 000000000000004d handleReply
ffffffff8061b3a0 l F .text 00000000000001cc handleRecv
ffffffff8061db00 l F .text 00000000000001b4 handleInvocation
ffffffff80620b40 l O .bss 0000000000000008 control_reg_order
ffffffff8060fe90 g F .text 0000000000000038 int_d3
000000000010117b g F .phys 000000000000005e syscall_check
ffffffff80630000 g .ehframe 0000000000000000 ki_end
ffffffff80611da0 g F .text 000000000000001f findMapForASID
ffffffff8061ac80 g F .text 00000000000000f0 decodeWriteRegisters
ffffffff8060f2c0 g F .text 0000000000000038 int_9d
ffffffff8060ffe0 g F .text 0000000000000038 int_d9
ffffffff80610750 g F .text 0000000000000038 int_fb
ffffffff8000a620 g F .boot 000000000000012f apic_init
ffffffff8060fb10 g F .text 0000000000000038 int_c3
ffffffff80612a10 g F .text 0000000000000011 decodeX86IOSpaceInvocation
ffffffff8060fe20 g F .text 0000000000000038 int_d1
ffffffff8060df48 g F .text 0000000000000038 int_44
ffffffff8060d0ae g F .text 0000000000000038 int_01
ffffffff8060f0c8 g F .text 0000000000000038 int_94
ffffffff8061e520 g F .text 0000000000000022 c_handle_syscall
ffffffff8060eca0 g F .text 0000000000000038 int_81
ffffffff8060d1fe g F .text 0000000000000038 int_07
ffffffff8060fd08 g F .text 0000000000000038 int_cc
ffffffff80009bf0 g F .boot 00000000000001ba acpi_dmar_scan
ffffffff806155c0 g F .text 00000000000007b2 decodeX86ModeMMUInvocation
ffffffff8000b120 g F .boot 00000000000001c5 x86_cpuid_initialize
ffffffff80614130 g F .text 0000000000000096 cteMove
ffffffff80621000 g O .bss 0000000000000010 current_fault
ffffffff8060ef40 g F .text 0000000000000038 int_8d
ffffffff8060d3b2 g F .text 0000000000000038 int_0f
ffffffff8060dab0 g F .text 0000000000000038 int_2f
ffffffff80621010 g O .bss 0000000000000008 seL4_VMFault_Msg
ffffffff800031d0 g F .boot 0000000000000021 apic_send_init_ipi
ffffffff806154f0 g F .text 0000000000000082 isFinalCapability
ffffffff80614870 g F .text 0000000000000012 isIRQActive
ffffffff8061b370 g F .text 0000000000000025 deleteCallerCap
ffffffff806115b0 g F .text 0000000000000085 makeUserPDELargePage
ffffffff8060e8b0 g F .text 0000000000000038 int_6f
ffffffff80612be0 g F .text 0000000000000077 Arch_maskCapRights
ffffffff80616690 g F .text 00000000000000ae lookupExtraCaps
ffffffff8000a810 g F .boot 00000000000000fe tsc_init
ffffffff80617030 g F .text 0000000000000021 performInvocation_Endpoint
ffffffff806138e0 g F .text 0000000000000210 decodeX86PortInvocation
ffffffff80004090 g F .boot 00000000000031c4 init_vm_state
ffffffff8060d960 g F .text 0000000000000038 int_29
ffffffff8060faa0 g F .text 0000000000000038 int_c1
ffffffff80610478 g F .text 0000000000000038 int_ee
ffffffff806160b0 g F .text 000000000000011c createNewObjects
ffffffff8060eb88 g F .text 0000000000000038 int_7c
ffffffff806125d0 g F .text 0000000000000042 switchLocalFpuOwner
ffffffff80611f20 g F .text 0000000000000005 Arch_switchToThread
ffffffff80612a30 g F .text 00000000000000c5 Arch_deriveCap
ffffffff80610050 g F .text 0000000000000038 int_db
ffffffff80610e90 g F .text 0000000000000030 makeUserPDEPageTable
ffffffff8060ee60 g F .text 0000000000000038 int_89
ffffffff8060ded8 g F .text 0000000000000038 int_42
ffffffff8061082a g F .text 0000000000000035 int_ff
ffffffff8060e8e8 g F .text 0000000000000038 int_70
ffffffff80611d90 g F .text 0000000000000002 isValidNativeRoot
ffffffff8060de30 g F .text 0000000000000038 int_3f
ffffffff80621018 g O .bss 0000000000000008 seL4_UnknownSyscall_Msg
ffffffff80616320 g F .text 0000000000000092 chooseThread
ffffffff8061bf60 g F .text 00000000000002d0 invokeTCB_ThreadControl
ffffffff80622000 g O .bss 0000000000001000 x64KSGlobalPD
ffffffff800081e0 g F .boot 00000000000004b1 create_it_address_space
ffffffff8060fb80 g F .text 0000000000000038 int_c5
ffffffff8060edf0 g F .text 0000000000000038 int_87
0000000000100000 g *ABS* 0000000000000000 PADDR_LOAD
ffffffff80613e30 g F .text 000000000000005f timerTick
ffffffff8060fd40 g F .text 0000000000000038 int_cd
ffffffff80612350 g F .text 00000000000000f7 unmapPage
ffffffff8060e098 g F .text 0000000000000038 int_4a
ffffffff80620a14 g O .rodata 0000000000000004 gpRegisters
ffffffff8061a9c0 g F .text 0000000000000010 invokeTCB_Resume
ffffffff806102b8 g F .text 0000000000000038 int_e6
ffffffff8060f560 g F .text 0000000000000038 int_a9
ffffffff80615580 g F .text 000000000000003d slotCapLongRunningDelete
ffffffff80623000 g O .bss 0000000000000008 seL4_CapFault_Msg
ffffffff80003000 g F .boot 0000000000000027 _entry_64
ffffffff8060e258 g F .text 0000000000000038 int_52
ffffffff8060e370 g F .text 0000000000000038 int_57
ffffffff8060d458 g F .text 0000000000000038 int_12
ffffffff80623008 g O .bss 0000000000000008 x64KSCurrentCR3
Trying to use objdump command in linux to display symbol table information in executable.
i have tried a simple program below.
#include<stdio.h>
int global = 0;
typedef struct global_struct{
int a;
int c;
}global_struct;
global_struct gs;
int main()
{
printf("%d\n",global);
printf("%d\n",gs.a);
return 0;
}
compiled with -g option in gcc compiler
The output of objdump looks like
00000000004005b0 l F .text 0000000000000000 __do_global_ctors_aux
0000000000000000 l df *ABS* 0000000000000000 symboltable.c
0000000000600870 l O .got.plt 0000000000000000 _GLOBAL_OFFSET_TABLE_
00000000006006ac l .ctors 0000000000000000 __init_array_end
00000000006006ac l .ctors 0000000000000000 __init_array_start
00000000006006d8 l O .dynamic 0000000000000000 _DYNAMIC
0000000000600898 w .data 0000000000000000 data_start
00000000006008b4 g O .bss 0000000000000008 gs
0000000000000000 F *UND* 0000000000000000 printf##GLIBC_2.2.5
0000000000400510 g F .text 0000000000000002 __libc_csu_fini
00000000004003e0 g F .text 0000000000000000 _start
0000000000000000 w *UND* 0000000000000000 __gmon_start__
0000000000000000 w *UND* 0000000000000000 _Jv_RegisterClasses
00000000004005e8 g F .fini 0000000000000000 _fini
0000000000000000 F *UND* 0000000000000000 __libc_start_main##GLIBC_2.2
00000000006008b0 g O .bss 0000000000000004 global
00000000004005f8 g O .rodata 0000000000000004 _IO_stdin_used
0000000000600898 g .data 0000000000000000 __data_start
0000000000400600 g O .rodata 0000000000000000 .hidden __dso_handle
00000000006006c8 g O .dtors 0000000000000000 .hidden __DTOR_END__
0000000000400520 g F .text 0000000000000089 __libc_csu_init
000000000060089c g *ABS* 0000000000000000 __bss_start
00000000006008c0 g *ABS* 0000000000000000 _end
My requirement is gs being C structure, I want to know the data members of gs{a,b}. How can i know structure member details from object files. Thanks for your support
Structure member details are not detailed in the object file. The object file will only have enough memory allocated to hold the struct and an offset telling the linker where to find it.
The compiler knows at compile time at which offsets from the base struct pointer to find the members and hard codes those into the program text on each use.
If you passed -g to gcc when building the program, it should have DWARF debug information compiled in:
$ objdump -t prog | grep debug
0000000000000000 l d .debug_aranges 0000000000000000 .debug_aranges
0000000000000000 l d .debug_info 0000000000000000 .debug_info
0000000000000000 l d .debug_abbrev 0000000000000000 .debug_abbrev
0000000000000000 l d .debug_line 0000000000000000 .debug_line
0000000000000000 l d .debug_str 0000000000000000 .debug_str
Then you can read it with objdump:
$ objdump --dwarf=info prog
[...]
<1><65>: Abbrev Number: 5 (DW_TAG_base_type)
<66> DW_AT_byte_size : 4
<67> DW_AT_encoding : 5 (signed)
<68> DW_AT_name : int
[...]
<1><2f8>: Abbrev Number: 8 (DW_TAG_structure_type)
<2f9> DW_AT_name : (indirect string, offset: 0x22f): global_struct
<2fd> DW_AT_byte_size : 8
<2fe> DW_AT_decl_file : 1
<2ff> DW_AT_decl_line : 3
<300> DW_AT_decl_column : 16
<301> DW_AT_sibling : <0x31c>
<2><305>: Abbrev Number: 17 (DW_TAG_member)
<306> DW_AT_name : a
<308> DW_AT_decl_file : 1
<309> DW_AT_decl_line : 4
<30a> DW_AT_decl_column : 9
<30b> DW_AT_type : <0x65>
<30f> DW_AT_data_member_location: 0
<2><310>: Abbrev Number: 17 (DW_TAG_member)
<311> DW_AT_name : c
<313> DW_AT_decl_file : 1
<314> DW_AT_decl_line : 5
<315> DW_AT_decl_column : 9
<316> DW_AT_type : <0x65>
<31a> DW_AT_data_member_location: 4
<2><31b>: Abbrev Number: 0
<1><31c>: Abbrev Number: 2 (DW_TAG_typedef)
<31d> DW_AT_name : (indirect string, offset: 0x22f): global_struct
<321> DW_AT_decl_file : 1
<322> DW_AT_decl_line : 6
<323> DW_AT_decl_column : 2
<324> DW_AT_type : <0x2f8>
[...]
Here we can see that global_struct's DIE (Debug Information Entry) has two leaves (two DW_TAG_members, look at <2> prefixes which I believe it level in the tree). The members are called a and c. Both of the members reference type 0x65, which is defined above as a signed int.
A good place to learn more about DWARF is this official tutorial: http://www.dwarfstd.org/doc/Debugging%20using%20DWARF-2012.pdf
I've written an interface to the code generator that lets me produce shared objects. Though I do not want o implement support for section header table because that's where the majority complexity of ELF file format remains in.
GNU ld uses section headers for linking against shared objects. This means that when I try to put gcc link against my shared object with no section headers, it will fail because the ld doesn't find the symbols even if they exists in the library.
Does there exist some trick I could use to fool the compiler to make the linking succeed even if it wouldn't find certain symbols?
Here's some clarification on the trouble:
cheery#ruttunen:~/Documents/g386$ gcc dev/shared_test.c -L. -lshared -m32
/tmp/cc6qBViY.o: In function `main':
shared_test.c:(.text+0xa): undefined reference to `example_function'
collect2: ld returned 1 exit status
cheery#ruttunen:~/Documents/g386$ cat dev/shared_test.c
// gcc shared_test.c -L. -lshared -m32
// LD_LIBRARY_PATH=. ./a.out
#include <stdio.h>
extern int example_function();
int main(){
printf("hello %d\n", example_function());
}
cheery#ruttunen:~/Documents/g386$ readelf -D -s libshared.so
Symbol table for image:
Num Buc: Value Size Type Bind Vis Ndx Name
2 0: 00800164 0 FUNC GLOBAL DEFAULT ABS example_function
1 0: 008000ac 0 OBJECT GLOBAL DEFAULT ABS _DYNAMIC
gcc (that is, ld behind gcc) has a command line option to ignore unresolved externals. That'll suppress the error message you get from gcc. I'm not sure that that is going to make you happy.
The best approach here is to add the section tables required by gcc. If you have a working dynamic linking mechanism in your generator, it requires all the same information as what you'd insert into the section tables.
For laziness I wrote a shared assembly file and used strip-command on it to get a reference point. ´readelf --sections´ shows couple of sections but you do not need them all. I worked through this and implemented sections in order until it started working correctly. Here's what I had to add:
cheery#ruttunen:~/Documents/g386$ readelf --sections dynamic_hello.app
There are 5 section headers, starting at offset 0x1b9:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .shstrndx STRTAB 00000000 000281 000024 00 0 0 1
[ 2] .dynamic DYNAMIC 00000000 0000b0 000050 08 WA 3 0 4
[ 3] .dynstr STRTAB 00000000 000158 000020 00 A 0 0 1
[ 4] .dynsym DYNSYM 00000000 000100 000040 10 A 3 0 4
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
It doesn't hurt if you put in more sections than these, but this is enough to get dynamic linking working.