Articles tagged #linux
In our last article, we managed to load and execute a PIE (position-independent executable) compiled from the following code:
; in `samples/hello-pie.asm` global _start section .text _start: mov rdi, 1 ; stdout fd lea rsi, [rel msg] mov rdx, 9 ; 8 chars + newline mov rax, 1 ; write syscall , , : ,
The last article, Position-independent code, was a mess. But who could blame us? We looked at the world, and found it to be a chaotic and seemingly nonsensical place. So, in order to blend in, we had to let go of a little bit of sanity.
The time has come to reclaim it.
Short of faulty memory sticks, memory locations don't magically turn from
0x0
into valid addresses. Someone is doing the turning, and we're going to
find out who, if it takes the rest of the series.
In the last article, we found where code was hiding in our samples/hello
executable, by disassembling the whole file and then looking for syscalls.
Later on, we learned how to inspect which memory ranges are mapped for a given PID (process identifier). We saw that memory areas weren't all equal: they can be readable, writable, and/or executable.
In part 1, we've looked at three executables:
sample
, an assembly program that prints "hi there" using thewrite
system call.entry_point
, a C program that prints the address ofmain
usingprintf
- The
/bin/true
executable, probably also a C program (because it's part of GNU coreutils), and which just exits with code 0.
We noticed that when running through GDB, it always printed the same address. But when we ran it directly, it printed a different address on every run.
Executables have been fascinating to me ever since I discovered, as a kid,
that they were just files. If you renamed a .exe
to something else, you
could open it in notepad! And if you renamed something else to a .exe
,
you'd get a neat error dialog.
Clearly, something was different about these files. Seen from notepad, they were mostly gibberish, but there to be order in that chaos. 12-year-old me knew that, although he didn't quite know how or where to dig to make sense of it all.
Everybody knows how to use files. You just open up File Explorer, the Finder, or a File Manager, and bam - it's chock-full of files. There's folders and files as far as the eye can see. It's a genuine filapalooza. I have never once heard someone complain there were not enough files on their computer.
But what is a file, really? And what does reading a file entail, exactly?
I'll keep updating this article as I go, just to put stuff in all the same place.
Platforms
Cross-compiling for Linux
I'm pretty sure it's possible to cross-compile for Linux on other OSes, seeing as everything is open-source, but I have never done it - and why would I want to? Linux is the friendliest to build on, so it's better to use it as a build environment.
Go back to the homepage.