From 6f77120968b59f1fe4d69abc3ab79e6abb9053fc Mon Sep 17 00:00:00 2001 From: FreeArtMan Date: Wed, 17 Aug 2022 18:25:16 +0100 Subject: Update no libc programming --- md/notes/undefined_c/titles.md | 147 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 134 insertions(+), 13 deletions(-) (limited to 'md') diff --git a/md/notes/undefined_c/titles.md b/md/notes/undefined_c/titles.md index 60e14a4..6053291 100644 --- a/md/notes/undefined_c/titles.md +++ b/md/notes/undefined_c/titles.md @@ -859,6 +859,7 @@ Return type, and function arguments arent exposed when object file is created. Functions can have aliases. __link_fun2.c__ + ```c static void fun2() { printf("hello 2\n"); @@ -925,29 +926,148 @@ hello 2 So all of this plays role in linking object files. There is more interesting utilit called ld its doing things on lower level then gcc. + +### Extern + +### Attributes +PASS +### Creating shared library +PASS +### Create static libraries +PASS +### Join all objects together +PASS +### Compile with musl + +The libc is not the only option as standard c library, there is few others one of them is musl + ``` -$ ldd ./link_elf - linux-vdso.so.1 (0x00007ffd8f5d0000) - libc.so.6 => /usr/lib/libc.so.6 (0x00007f96c0e00000) - /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007f96c10d2000) +$ musl-gcc hello_world.c -o hello_world +$ file ./hello_world +hello_world_musl: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-musl-x86_64.so.1, not stripped ``` -We havent specified those options when we compiled executable, lets use **ld** for that. + +### Inspect elf files + +There is few utilities that help to check if elf file is ok. + +ldd show what kind of shared libraries elf will try to load ``` -ld -dynamic-linker /lib/ld-linux.so.2 link_elf.o link_fun1.o link_fun2.o -o link_elf +$ ldd hello_world + linux-vdso.so.1 (0x00007fffcb2ae000) + libc.so.6 => /usr/lib/libc.so.6 (0x00007ffb80c00000) + /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007ffb80fb9000) + ``` +Readelf allows to inspect content of elf files, headers and interpret values in headers. +In few example above we allready used that feature to check content of compiled objectfiles. +``` +$ readelf -s ./hello_world +Symbol table '.symtab' contains 37 entries: + Num: Value Size Type Bind Vis Ndx Name + 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND + 1: 0000000000000000 0 FILE LOCAL DEFAULT ABS abi-note.c + 2: 000000000000039c 32 OBJECT LOCAL DEFAULT 4 __abi_tag + 3: 0000000000000000 0 FILE LOCAL DEFAULT ABS init.c + 4: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c + 5: 0000000000001070 0 FUNC LOCAL DEFAULT 14 deregister_tm_clones + 6: 00000000000010a0 0 FUNC LOCAL DEFAULT 14 register_tm_clones + 7: 00000000000010e0 0 FUNC LOCAL DEFAULT 14 __do_global_dtors_aux + 8: 0000000000004030 1 OBJECT LOCAL DEFAULT 25 completed.0 + 9: 0000000000003df0 0 OBJECT LOCAL DEFAULT 20 __do_global_dtor[...] + 10: 0000000000001130 0 FUNC LOCAL DEFAULT 14 frame_dummy + 11: 0000000000003de8 0 OBJECT LOCAL DEFAULT 19 __frame_dummy_in[...] + 12: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello_world.c + 13: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c + 14: 00000000000020b0 0 OBJECT LOCAL DEFAULT 18 __FRAME_END__ + 15: 0000000000000000 0 FILE LOCAL DEFAULT ABS + 16: 0000000000003df8 0 OBJECT LOCAL DEFAULT 21 _DYNAMIC + 17: 0000000000002010 0 NOTYPE LOCAL DEFAULT 17 __GNU_EH_FRAME_HDR + 18: 0000000000004000 0 OBJECT LOCAL DEFAULT 23 _GLOBAL_OFFSET_TABLE_ + 19: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_mai[...] + 20: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterT[...] + 21: 0000000000004020 0 NOTYPE WEAK DEFAULT 24 data_start + 22: 0000000000000000 0 FUNC GLOBAL DEFAULT UND puts@GLIBC_2.2.5 + 23: 0000000000004030 0 NOTYPE GLOBAL DEFAULT 24 _edata + 24: 0000000000001154 0 FUNC GLOBAL HIDDEN 15 _fini + 25: 0000000000004020 0 NOTYPE GLOBAL DEFAULT 24 __data_start + 26: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ + 27: 0000000000004028 0 OBJECT GLOBAL HIDDEN 24 __dso_handle + 28: 0000000000002000 4 OBJECT GLOBAL DEFAULT 16 _IO_stdin_used + 29: 0000000000004038 0 NOTYPE GLOBAL DEFAULT 25 _end + 30: 0000000000001040 38 FUNC GLOBAL DEFAULT 14 _start + 31: 0000000000004030 0 NOTYPE GLOBAL DEFAULT 25 __bss_start + 32: 0000000000001139 26 FUNC GLOBAL DEFAULT 14 main + 33: 0000000000004030 0 OBJECT GLOBAL HIDDEN 24 __TMC_END__ + 34: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMC[...] + 35: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@G[...] + 36: 0000000000001000 0 FUNC GLOBAL HIDDEN 12 _init +``` -### Extern -### Attributes -### Creating shared library -### Create static libraries -### Join all objects together -### Compile with musl -### Inspect elf files ### No standard library + +Lets write hello world without libc. + +__noc.c__ +```c +void _start() { + +} +``` + +``` +$ gcc -c noc.c +$ ld -dynamic-linker /lib/ld-linux.so.2 noc.o -o noc +$ file noc +noc: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped +``` + +Next step to make it more working then segfaulting. + +```c +void _start() { + asm ( \ + "movl $1,%eax\n" \ + "xor %ebx,%ebx\n" \ + "int $128\n" \ + ); +} +``` + +Now this is all about calling the syscalls + +Lets print the message +```c +signed int write(int fd, const void *buf, unsigned int size) +{ + signed int ret; + asm volatile + ( + "syscall" + : "=a" (ret) + // EDI RSI RDX + : "0"(1), "D"(fd), "S"(buf), "d"(size) + : "rcx", "r11", "memory" + ); + return ret; +} + +void _start() { + write(1,"no libc",8); + asm ( \ + "movl $1,%eax\n" \ + "xor %ebx,%ebx\n" \ + "int $128\n" \ + ); +} +``` + +http://main.lv/writeup/making_c_executables_smaller.md + ### Memory leaks ### Code coverage ### Profiling @@ -955,6 +1075,7 @@ ld -dynamic-linker /lib/ld-linux.so.2 link_elf.o link_fun1.o link_fun2.o -o link ### Atomic ### Multithreading ### Write plugins +### Preload library ## Embedding C -- cgit v1.2.3