BrokenThorn Entertainment

Products, updates, and development
http://www.brokenthorn.com/forums/

Parsing ELF Executable

http://www.brokenthorn.com/forums/viewtopic.php?f=15&t=1514

Page 1 of 1

Parsing ELF Executable

Posted: Fri Oct 08, 2010 9:56 pm
by Believer424
So I'm using GCC and am having trouble parsing an ELF file (kernel) from stage2. Here is what I have so far for the parsing part:

Code: Select all

ParseELFImage:
                ; Check for signature -- SUCCEEDS
		mov ebx, dword [IMAGE_PMODE_BASE]
		mov eax, dword [ELFSignature]
		cmp eax, ebx
		jne FailureMagic
		
                ; Check for proper data encoding -- SUCCEEDS
		add ebx, 5
		cmp ebx, 0
		je FailureData
		
                ; Check for proper file size -- FAILS
		xor ebx, ebx
		mov bx, word [IMAGE_PMODE_BASE + 40]
		mov word [ImageSizeTest], bx
		mov bx, word [IMAGE_PMODE_BASE + 42]
		mov ax, word [IMAGE_PMODE_BASE + 44]
		mul bx
		mov bx, dx
		shl ebx, 16
		or bx, ax
		add dword [ImageSizeTest], ebx
		xor ebx, ebx
		mov bx, word [IMAGE_PMODE_BASE + 46]
		mov ax, word [IMAGE_PMODE_BASE + 48]
		mul bx
		mov bx, dx
		shl ebx, 16
		or bx, ax
		add dword [ImageSizeTest], ebx
		mov ebx, dword [ImageSizeTest]
		mov eax, dword [ImageSize]
		cmp ebx, eax
		jge FailureSizes
It's the third test I do that fails. Using the ELF specification: http://www.skyfree.org/linux/references/ELF_Format.pdf (Search for 1-3), I add up the ELF Header size + (Program Header Size * Number of Program Headers) + (Section Header Size * Number of Section Headers). Now I am aware that this isn't the full size of the file. But if all this combined is greater than ImageSize, then there is a major problem. Which is why I do jge, ebx being the combined size of all the headers. FailureSizes is just to print an error, so I know what failed.

I've relooked over my calculations plenty of times, and at first my offsets were way off, but I don't see it anymore.

Re: Parsing ELF Executable

Posted: Sat Oct 09, 2010 3:15 am
by pathos
I might be able to help, but you'll have to wait until Monday, sorry. I won't be able to access the computer my code is on until then, but I loaded an ELF kernel recently, and maybe my code can help.

[edit]
Well, I just looked over what I had, and I don't think it will help. Let me ask you this, though: if you skip over the file size test, does the kernel still load?

Re: Parsing ELF Executable

Posted: Mon Oct 11, 2010 8:14 pm
by Believer424
No, I move the virtual address of the entry value into ebp, then call ebp. But it reboots after that.

Re: Parsing ELF Executable

Posted: Sat Jan 29, 2011 9:48 am
by piyush.neo
@Believer424: Have you come up with solution yet? I have also completed tutorials upto 13 now in same position as yours...if you have figured it out then please post the procedure. Though i have not yet started with ELF yet just a word for your solution that keep in mind to compile with your program with static option

Code: Select all

gcc -static filename.c
to avoid using shared lib at runtime..
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/