Embed Size (px)
Citation preview
ELF 101cmj
1
‧ If you know how to
‧ create a minimal ELF file by hand
‧ self-modified code (SMC)
2
You can pass this slides !
3
ELF
‧ Executable and Linkable Format
‧ Means it can
‧ Execute as a binary
‧ Linked by another binary
4
‧ Build a minimal ELF by hand
‧ General header
‧ Program header
‧ Machine code
5
‧ General Header - Basic ELF information
‧ System - 32 / 64 bits
‧ Architecture - AMD / ARM / PPC / ⋯
‧ Class - Big / Little Endian
‧ ⋯ etc
6
‧ Program Header - Running and Code Location
‧ Memory type - RWX
‧ Memory address location from
7
‧ Machine Code - Translate Instruction to Code
‧ Register - RAX / ESP / RIP
‧ Memory - 0x1000178
‧ syscall table - syscall / int
8
See Hex
9
General Headerx86_64 / executable
10
Program Headeronly one program segment
11
Give an Example
12
‧ How to say hello world
‧ Need write something to stdout
‧ Write string into men
‧ Setup register
‧ Call syscall
‧ Need to exit normally
‧ Setup register
‧ Call syscall
13
‧ How to say hello world
‧ Need write something to stdout
‧ Write string into mem
‧ Setup register
‧ Call syscall
‧ Need to exit normally
‧ Setup register
‧ Call syscall
14
‧ How to say hello world
‧ Need write something to stdout
‧ Write string into mem
‧ Setup register
‧ Call syscall
‧ Need to exit normally
‧ Setup register
‧ Call syscall
15
Hello WorldX86_64 instruction set
16
This is TRIVIAL part
17
Next Part
~ Self-Modify ~
18
How and Why
19
‧ How
‧ The normal way - Write something into men
‧ The abnormal way - Write something into mem
20
‧ Code are store in memory
‧ mov data from register into mem
‧ mov 0x1000689(rax) rax
21
@bnormal Way
22
‧ Buffer Overflow
‧ Stack Variable/Function are store as stack.
‧ Write something to variable === Write to mem
23
Conclusion
‧ SMC in ASM is the supported method, if
‧ Find out where can write to
‧ How many you can write to
‧ Then, just write the code into memory
24
Thanks for your attention ~
25
