ELF - Getting a SEGFAULT when changing the entry point
up vote
0
down vote
favorite
I'm trying to patch the entry point of an ELF file directly via the e_entry field:
ehdr->e_entry = test_addr;
For a start, I wanted this new address to simply execute an exit(1) syscall:
memmove(test_addr, exit_opcode, opcode_len);
I made sure to adjust the segments and sections that come after this new code, but the problem is that as soon as I patch the entry point the program crashes, why is that?
elf
edited Nov 17 at 8:52
yugr
6,73221339
asked Nov 17 at 0:09
Trey
179214
add a comment |
up vote
0
down vote
favorite
I'm trying to patch the entry point of an ELF file directly via the e_entry field:
ehdr->e_entry = test_addr;
For a start, I wanted this new address to simply execute an exit(1) syscall:
memmove(test_addr, exit_opcode, opcode_len);
I made sure to adjust the segments and sections that come after this new code, but the problem is that as soon as I patch the entry point the program crashes, why is that?
elf
edited Nov 17 at 8:52
yugr
6,73221339
asked Nov 17 at 0:09
Trey
179214
Can you post gdb stacktrace?
– yugr
Nov 17 at 2:05
@yugr#0 0x00007ffff7e7cb09 in __memmove_sse2_unaligned_erms()
– Trey
Nov 17 at 4:50
So it aborts when you are modifying the entry point or when you execute resulting ELF?
– yugr
Nov 17 at 6:20
@yugr As I said, it segfaults as soon asehdr->e_entry = test_addr;is executed.
– Trey
Nov 17 at 16:19
Please provide a stackoverflow.com/help/mcve. Without it, it's anyone's guess what you did wrong (and the outputs you provided so far appear inconsistent with one another).
– Employed Russian
yesterday
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm trying to patch the entry point of an ELF file directly via the e_entry field:
ehdr->e_entry = test_addr;
For a start, I wanted this new address to simply execute an exit(1) syscall:
memmove(test_addr, exit_opcode, opcode_len);
I made sure to adjust the segments and sections that come after this new code, but the problem is that as soon as I patch the entry point the program crashes, why is that?
elf
edited Nov 17 at 8:52
yugr
6,73221339
asked Nov 17 at 0:09
Trey
179214
I'm trying to patch the entry point of an ELF file directly via the e_entry field:
ehdr->e_entry = test_addr;
For a start, I wanted this new address to simply execute an exit(1) syscall:
memmove(test_addr, exit_opcode, opcode_len);
I made sure to adjust the segments and sections that come after this new code, but the problem is that as soon as I patch the entry point the program crashes, why is that?
elf
elf
edited Nov 17 at 8:52
yugr
6,73221339
asked Nov 17 at 0:09
Trey
179214
edited Nov 17 at 8:52
yugr
6,73221339
asked Nov 17 at 0:09
Trey
179214
edited Nov 17 at 8:52
yugr
6,73221339
edited Nov 17 at 8:52
yugr
6,73221339
edited Nov 17 at 8:52
yugr
6,73221339
6,73221339
asked Nov 17 at 0:09
Trey
179214
asked Nov 17 at 0:09
Trey
179214
asked Nov 17 at 0:09
Trey
179214
179214
Can you post gdb stacktrace?
– yugr
Nov 17 at 2:05
@yugr#0 0x00007ffff7e7cb09 in __memmove_sse2_unaligned_erms()
– Trey
Nov 17 at 4:50
So it aborts when you are modifying the entry point or when you execute resulting ELF?
– yugr
Nov 17 at 6:20
@yugr As I said, it segfaults as soon asehdr->e_entry = test_addr;is executed.
– Trey
Nov 17 at 16:19
Please provide a stackoverflow.com/help/mcve. Without it, it's anyone's guess what you did wrong (and the outputs you provided so far appear inconsistent with one another).
– Employed Russian
yesterday
add a comment |
Can you post gdb stacktrace?
– yugr
Nov 17 at 2:05
@yugr#0 0x00007ffff7e7cb09 in __memmove_sse2_unaligned_erms()
– Trey
Nov 17 at 4:50
So it aborts when you are modifying the entry point or when you execute resulting ELF?
– yugr
Nov 17 at 6:20
@yugr As I said, it segfaults as soon asehdr->e_entry = test_addr;is executed.
– Trey
Nov 17 at 16:19
Please provide a stackoverflow.com/help/mcve. Without it, it's anyone's guess what you did wrong (and the outputs you provided so far appear inconsistent with one another).
– Employed Russian
yesterday
Can you post gdb stacktrace?
– yugr
Nov 17 at 2:05
Can you post gdb stacktrace?
– yugr
Nov 17 at 2:05
@yugr
#0 0x00007ffff7e7cb09 in __memmove_sse2_unaligned_erms() – Trey
Nov 17 at 4:50
@yugr
#0 0x00007ffff7e7cb09 in __memmove_sse2_unaligned_erms() – Trey
Nov 17 at 4:50
So it aborts when you are modifying the entry point or when you execute resulting ELF?
– yugr
Nov 17 at 6:20
So it aborts when you are modifying the entry point or when you execute resulting ELF?
– yugr
Nov 17 at 6:20
@yugr As I said, it segfaults as soon as
ehdr->e_entry = test_addr; is executed.– Trey
Nov 17 at 16:19
@yugr As I said, it segfaults as soon as
ehdr->e_entry = test_addr; is executed.– Trey
Nov 17 at 16:19
Please provide a stackoverflow.com/help/mcve. Without it, it's anyone's guess what you did wrong (and the outputs you provided so far appear inconsistent with one another).
– Employed Russian
yesterday
Please provide a stackoverflow.com/help/mcve. Without it, it's anyone's guess what you did wrong (and the outputs you provided so far appear inconsistent with one another).
– Employed Russian
yesterday
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
I suspect that you haven't enable write-access to program's header. You can do this via something like
const uintptr_t page_size = 4096;
mprotect((void *)((uintptr_t)&ehdr->e_entry & ~(uintptr_t)4095), 4096, PROT_READ | PROT_WRITE);
ehdr->e_entry = test_addr;
answered Nov 17 at 17:40
yugr
6,73221339
I'm afraid that might not be the case, since I mapped the file with the following:mmap(NULL, st.st_size, PROT |READ | PROT_WRITE | MAP_SHARED, fd, 0);which I reckon, has the same effect as mprotect right?
– Trey
Nov 17 at 23:56
Also, I just tried to use mprotect but it still faults
– Trey
Nov 18 at 0:01
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
I suspect that you haven't enable write-access to program's header. You can do this via something like
const uintptr_t page_size = 4096;
mprotect((void *)((uintptr_t)&ehdr->e_entry & ~(uintptr_t)4095), 4096, PROT_READ | PROT_WRITE);
ehdr->e_entry = test_addr;
answered Nov 17 at 17:40
yugr
6,73221339
I'm afraid that might not be the case, since I mapped the file with the following:mmap(NULL, st.st_size, PROT |READ | PROT_WRITE | MAP_SHARED, fd, 0);which I reckon, has the same effect as mprotect right?
– Trey
Nov 17 at 23:56
Also, I just tried to use mprotect but it still faults
– Trey
Nov 18 at 0:01
add a comment |
up vote
0
down vote
I suspect that you haven't enable write-access to program's header. You can do this via something like
const uintptr_t page_size = 4096;
mprotect((void *)((uintptr_t)&ehdr->e_entry & ~(uintptr_t)4095), 4096, PROT_READ | PROT_WRITE);
ehdr->e_entry = test_addr;
answered Nov 17 at 17:40
yugr
6,73221339
I'm afraid that might not be the case, since I mapped the file with the following:mmap(NULL, st.st_size, PROT |READ | PROT_WRITE | MAP_SHARED, fd, 0);which I reckon, has the same effect as mprotect right?
– Trey
Nov 17 at 23:56
Also, I just tried to use mprotect but it still faults
– Trey
Nov 18 at 0:01
add a comment |
up vote
0
down vote
up vote
0
down vote
I suspect that you haven't enable write-access to program's header. You can do this via something like
const uintptr_t page_size = 4096;
mprotect((void *)((uintptr_t)&ehdr->e_entry & ~(uintptr_t)4095), 4096, PROT_READ | PROT_WRITE);
ehdr->e_entry = test_addr;
answered Nov 17 at 17:40
yugr
6,73221339
I suspect that you haven't enable write-access to program's header. You can do this via something like
const uintptr_t page_size = 4096;
mprotect((void *)((uintptr_t)&ehdr->e_entry & ~(uintptr_t)4095), 4096, PROT_READ | PROT_WRITE);
ehdr->e_entry = test_addr;
answered Nov 17 at 17:40
yugr
6,73221339
answered Nov 17 at 17:40
yugr
6,73221339
answered Nov 17 at 17:40
yugr
6,73221339
answered Nov 17 at 17:40
yugr
6,73221339
6,73221339
I'm afraid that might not be the case, since I mapped the file with the following:mmap(NULL, st.st_size, PROT |READ | PROT_WRITE | MAP_SHARED, fd, 0);which I reckon, has the same effect as mprotect right?
– Trey
Nov 17 at 23:56
Also, I just tried to use mprotect but it still faults
– Trey
Nov 18 at 0:01
add a comment |
I'm afraid that might not be the case, since I mapped the file with the following:mmap(NULL, st.st_size, PROT |READ | PROT_WRITE | MAP_SHARED, fd, 0);which I reckon, has the same effect as mprotect right?
– Trey
Nov 17 at 23:56
Also, I just tried to use mprotect but it still faults
– Trey
Nov 18 at 0:01
I'm afraid that might not be the case, since I mapped the file with the following:
mmap(NULL, st.st_size, PROT |READ | PROT_WRITE | MAP_SHARED, fd, 0); which I reckon, has the same effect as mprotect right?– Trey
Nov 17 at 23:56
I'm afraid that might not be the case, since I mapped the file with the following:
mmap(NULL, st.st_size, PROT |READ | PROT_WRITE | MAP_SHARED, fd, 0); which I reckon, has the same effect as mprotect right?– Trey
Nov 17 at 23:56
Also, I just tried to use mprotect but it still faults
– Trey
Nov 18 at 0:01
Also, I just tried to use mprotect but it still faults
– Trey
Nov 18 at 0:01
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53346965%2felf-getting-a-segfault-when-changing-the-entry-point%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Can you post gdb stacktrace?
– yugr
Nov 17 at 2:05
@yugr
#0 0x00007ffff7e7cb09 in __memmove_sse2_unaligned_erms()– Trey
Nov 17 at 4:50
So it aborts when you are modifying the entry point or when you execute resulting ELF?
– yugr
Nov 17 at 6:20
@yugr As I said, it segfaults as soon as
ehdr->e_entry = test_addr;is executed.– Trey
Nov 17 at 16:19
Please provide a stackoverflow.com/help/mcve. Without it, it's anyone's guess what you did wrong (and the outputs you provided so far appear inconsistent with one another).
– Employed Russian
yesterday