Related questions

Why does `-fno-plt` not work when compiling/linking assembly?

2022-01-25 01:27 Noah imported from Stackoverflow

I am interested in compiling / linking an assembly project whose shared library function calls bypass the PLT (use the GOT directly). I Tried using -fno-plt but the resulting library calls still go through the PLT.

Questions

I am wondering:

  1. Why does the -fno-plt argument not work when compiling assembly?
  2. Is there a way to compile assembly so that shared library function calls bypass the PLT?

Assembly PLT Bypass with -fno-plt NOT Working.

Using the simplest example:

    .global main
    .text
main:
    callq   exit

When compiled with:

gcc -fno-plt test0.S -o test0

Produces the following for main:

0000000000001139 <main>:
    1139:   e8 f2 fe ff ff          callq  1030 <exit@plt>
    113e:   66 90                   xchg   %ax,%ax

Which is calling exit through the PLT.

C PLT Bypass with -fno-plt Working

Alternatively the same code in C:

extern void exit(int);
int main() {
    exit(0);
}

Compiled with:

gcc -O2 -fno-plt  test1.c -o test1

Gets the following for main:

0000000000001040 <main>:
    1040:   f3 0f 1e fa             endbr64 
    1044:   50                      push   %rax
    1045:   58                      pop    %rax
    1046:   31 ff                   xor    %edi,%edi
    1048:   48 83 ec 08             sub    $0x8,%rsp
    104c:   ff 15 96 2f 00 00       callq  *0x2f96(%rip)        # 3fe8 <exit@GLIBC_2.2.5>
    1052:   66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
    1059:   00 00 00 
    105c:   0f 1f 40 00             nopl   0x0(%rax)

Which correctly bypasses the PLT for the call to exit.

How many English words
do you know?
Test your English vocabulary size, and measure
how many words do you know
Online Test
Powered by Examplum

See also questions close to this topic

  • MIPS Assembly - how to calculate squre of n recursively

    I want to write a program that calculates the square of n using recursively based on the equation n^2 = (n - 1)^2 + 2(n - 1) + 1 But I don't know how to write the nonbasecase part. Can anyone help?

    A python program would be

    def square(n) {
    if (n==0):
        return 0
    else:
        return square(n-1) + 2*(n-1) + 1 
}

    Here is what I got so far.

    start:      
        li  $a0, 0x0003     #$a0 contains the number to be squared              
        jal square          # recursive call
        
square:     
        subi $sp, $sp, 8    # decrement the stack pointer $sp
        sw  $ra, 4($sp)     # push the return address register $ra
        sw  $a0, 0($sp)     # push argument register $a0
        li  $t0, 0x0001     # load $t0 with 1 as part of test for base case
        bne $a0, $t0, nonbasecase   # branch if not the base case
        li $v0, 0x0001      # return base result in $v0
        addi $sp, $sp 8     # recover stack space 
        jr $ra          # jump to return address in $ra

nonbasecase:    
       #not sure how to write when it is not the base case


        jr $ra          # jump to contents of return address register $ra
  • Arduino Inline ASM

    Hello i am trying to preapre some inline asm codes for my experiment, here is my .ino, how can i start to change this code to inline asm any help or suggestion?

        const int buttonpin = 2;
const int ledpin = 13;
int tracker = 0;
int buttonstate = 0;

void setup() {
  pinMode(ledpin, OUTPUT);
  pinMode(buttonpin, INPUT_PULLUP);
  Serial.begin(9600);
}

void loop() {

  buttonstate = digitalRead(buttonpin);


  if (buttonstate == LOW) {
    tracker++;
   
    if ( (tracker % 3) == 0) 
    { 
      digitalWrite(ledpin, HIGH);

     }
     else
     {
    digitalWrite(ledpin, LOW);
  }
  }
 Serial.println(tracker);
delay(100);
}
  • Purpose of bitwise operation in this example

    In the following function, I am having trouble understanding the purpose to the bitwise operation:
    outb(0x3D5, (uint8_t) (pos & 0xFF));
    pos is a uint16_t variable. Whats the purpose of the bitwise & with simply 8 bits of 1. The & operation would just compare this value with 8 bits of 1s, which to my knowledge, would just result in the same value. How does this operation change the value of pos?

    For background if it is important, the function outb is intended to move the value of the right argument into the register indexed by the port (left argument). In this case, pos is a position in VGA video memory. The function outb uses inline assembly and the assembly function out

  • Compile all C files in all of the children directories

    So, I'm making a game with raylib and I need to compile all the .c files at once.

    The files are in separate folder inside the 1st one(Like "MainFolder/PlayerFiles").

    I know how that gcc -o game *.c -L/usr/local/lib -lraylib compiles all the files inside the directory and creates a exec.

    How can I compile all the .c files in all of the children folders.

    Thanks in advance!!!

  • how to get the bare bone compiled binary code of a C function?

    I'm trying to implement an embedded firmware on an stm32 F4 micro that takes an binary code from the serial and execute it on the micro.

    The idea is pretty simple of course the only tricky part is that since on the serial is complicate to send raw binary data I'm going to send everything through base64 encoding.

    Here's the code:

    #include <Arduino.h>
#include <base64.hpp>

size_t read_serial_line(char *msg, size_t len, size_t timeout = 0) {
  const auto start = millis(); 
  size_t sz = 0;               

  do {
    while (not Serial.available()) {
      if (timeout > 0 and millis() > start + timeout) {
        return -1;
      }
    }

    msg[sz] = Serial.read();

    if (msg[sz] == '\r') {
      msg[sz] = '\0'; // replacing the end line with the end string

      // the next char must be a \n char since the Serial.println of arduino
      // works like that
      while (Serial.read() != '\n')
        ; // I discard it

      // now sz contains the length of the string as returned by strlen
      break; // end of line
    }

    if (timeout > 0 and millis() > start + timeout) {
      return -1;
    }
  } while (++sz < len);

  return sz; 
}

void setup() {
  Serial.begin(9600);

  Serial.println("begin!");
}

void loop() {
  char *msg = new char[2048](); // big line

  auto sz = read_serial_line(msg, 2048);

  Serial.print("\tlooping...");
  Serial.println(sz);
  Serial.print("received: ");
  Serial.println(msg);

  uint8_t *code = new uint8_t[2048]();

  sz = decode_base64(msg, code);

  Serial.println(sz);

  delay(1000);

  int (*code_fn)() = (int (*)())code;

  int c = code_fn();

  Serial.println(c);

  delete code;
  delete msg;
  delay(1000);
}

    The next problem is to be able to compile and get the compiled binary code from this simple C function:

    int fn() {
   return 3;
}

    Here you can see the assembly of this stupid function.

    I tried, of course using the same tool chain used for the main code of the micro, to compile it with gcc using the option for the position independent code and then I tried to copy the .text secion with objcopy, to finish I took the text returned from the xxd command, I encoded it in base64 and I sent it to the micro.

    here are the commands that I used:

    $ arm-none-eabi-gcc -fPIC -c test.c
$ arm-none-eabi-objcopy -j .text test.o test.bin 
$ xxd -p test.bin

    As I expected this idea is not working, my hypothesis is that I'm getting more then just the binary codes of the function from this process. I have this idea because the output file test.bin is pretty big 440 bytes that seems to me a little bit too much for literally 7 assembly instructions.

    So that's the reason of my question: How do I get the binary code and only that code?

  • terminate called after throwing an instance 'std::__ios_failure'

    In Ubuntu20.04 gcc9.4.0

    `void read_txt_config(const std::string &path) { std::cout << std::endl << "Reading configuration file: ";

        std::ostringstream batch_out;
    batch_out
        << path
        << "config.txt";

    std::string str_temp = batch_out.str().data();
    std::ifstream fin;
    fin.exceptions(std::ios::failbit | std::ios::badbit);
    fin.open(str_temp.c_str());

    if (!fin.good())
    {
        std::cout << " reading failed, there is no config.txt, the program will use the default param_nameeters. " << std::endl;
    }
    else
    {
        ...
        ...
     }       
 fin.close();}

    when the code run to fin.close();

    I got

    terminate called after throwing an instance 'std::__ios_failure' what(): basic_ios::clear: iostream error Aborted(core dumped)

  • How to compile a py file from another py file by using a module ? (Therefore not Cmd)

    I want to make a code (that I'll call compiler.py), that'll compile any py file I need without using cmd commands, only modules(Things that are compilable So I can still Use my compiler on other devices).

    Here are some examples of code to illustrate what I am asking for: Here is how compiler.py would look like : compiler.py

    And this is randomprogramm.py : randomprogramm.py

    Any Idea on how to proceed ?

  • Package JRE and Jar in to a Windows Executable (exe)

    I wish to package both my current system's JRE with a Java (JAR) application that I have created. On Mac I can simply create an app bundle and write a simple script to wire the two together. On Windows I am having trouble finding such a simple solution.

    I tried launch4j, but to the best of my knowledge this does not let me package the JRE inside the executable; it must remain as a relative file.

    I tried exe4j, but this also does not let me package the JRE within the exe.

    My project does not use modules, so unclear how I can incorporate jpackage.

    I want to distribute the file (as a portable non-installed app) to people working within my company. They are mostly somewhat computer illiterate, and will be scared off by seeing TWO files (one exe, one JRE).

    I also do not want to deal with the headache of asking them to install a java runtime themselves, and end up with everyone having some different runtime. Simply, it is much easier for me to package the JRE with the Jar together as a single file and deliver to the end-user. We are doing this with our mac distributions, and everyone is happy.

  • I used pyinstaller to turn my .py file to a executable file, but it doesn't work

    Good morning, I'm creating a hangman game that runs all in the terminal, doesn't open any graphical window, I used pyinstaller to turn my .py file into an executable. When I run it through the command ./My_file it works normally, but if I try to run it by double clicking it doesn't open anything! Does anyone know how to solve?

  • Get start and end of a section

    Foreword

    There already exist questions like this one, but the ones I have found so far were either specific to a given toolchain (this solution works with GCC, but not with Clang), or specific to a given format (this one is specific to Mach-O). I tagged ELF in this question merely out of familiarity, but I'm trying to figure out as "portable" a solution as reasonably possible, for other platforms. Anything that can be done with GCC and GCC-compatible toolchains (like MinGW and Clang) would suffice for me.

    Problem

    I have an ELF section containing a collection of relocatable "gadgets" that are to be copied/injected into something that can execute them. They are completely relocatable in that the raw bytes of the section can be copied verbatim (e.g. by memcpy) to any [correctly aligned] memory location, with little to no relocation processing (done by the injector). The problem is that I don't have a portable way of determining the size of such a section. I could "cheat" a little by using --section-start, and outright determine a start address, but that feels a little hacky, and I still wouldn't have a way to get the section's end/size.

    Overview

    Most of the gadgets in the section are written in assembly, so the section itself is declared there. No languages were tagged because I'm trying to be portable with this and get it working for various architectures/platforms. I have separate assembly sources for each (e.g. ARM, AArch64, x86_64, etc).

       ; The injector won't be running this code, so no need to be executable.
   ; Relocations (if any) will be done by the injector.
   .section gadgets, "a", @progbits
   ...

    The more "heavy duty" code is written in C and compiled in via a section attribute.

    __attribute__((section("gadgets")))
void do_totally_innocent_things();

    Alternatives

    I technically don't need to make use of sections like this at all. I could instead figure out the ends of each function in the gadget, and then copy those however I like. I figured using a section would be a more straightforward way to go about it, to keep everything in one modular relocatable bundle.

  • Why aren't external variables added to .dynsym table?

    From my understanding of .dynsym, it should contain the symbols that should be visible from an external program. I tried a simple program that contain this line:

    extern int global = 1000;

    I thought the executable would contain the global symbol in its .dynsym, but it is not the case. Is my understanding of this section wrong?

  • Make form for this config

    I have these Config for system

    This System was stopped in 2015 But I need it working now for see something so i need it

    this config : {https://pastebin.com/eYWRPTYL}

    config extension : ELF64

    Web Name that auth with it : auth.bmsoftwere.com/7.2/login.php

    i need to make form in php page that working with this config

    so the system when i put the username and the password and auth with php page it's login and working normally with all information it's need,

    anyone can help me please

  • How does os figure if a dll is already loaded in memory or how does os figure two dll are the same?

    In my comprehension, "dll/so" can be shared between programs(processes). for example when "libprint.so" is loaded in "main"(called main1) at first time, "libprint.so" is loaded from disk into memory, if we start another "main"(called main2), "libprint.so" will not loaded from disk but mapped from memory because "libprint.so" has been already loaded in memory once.

    So i design an experiment:

    main.cc --> main

    #include <iostream>
#include <chrono>
#include <thread>
void printinfo();

int main() {
printinfo();
while(true) {
  std::this_thread::sleep_for(std::chrono::milliseconds(1000));
}
return 0;
}

    print1.cc --> libprint1.so

    #include <iostream>
void printinfo() {
std::cout << "Print One" << std::endl;
}

    print2.cc --> libprint2.so

    #include <iostream>

void printinfo() {
std::cout << "Print Two" << std::endl;
}

    mv libprint1.so libprint.so
./main
// output is: Print One

    keep the main.exe running, and replace the libprint.dll with libprint2.dll, like

    mv libprint2.so libprint.so
./main
// output is: Print Two

    why the output is "Print Two"? I expect it to be "Print One" the "libprint.so" is already loaded in memory, although i changed the content of "libprint.so", but the so's absolute path is the same as before, how does the operating system know the "new libprint.so" is different with before?

    Thanks for @Michael Chourdakis, in windows environment, the libprint.dll could not be replaced when main.exe is running.

    But the problem is still there in linux(libprint.so could be replaced in linux), @user253751 says there must be some tricks that linux figure different "so", i want to know exactly what the tricks are, do i have to read the linux os source code ?

  • dynamic library linking in dockerfile

    my_library was installed with a debian package, which is installed in /opt/ directory. environment path was set, using ENV in Dockerfile.

    ENV PATH="/opt/my_library/target/linux/x64/lib/:${PATH}"

    Environment was set, but when checked with $ldd react, it is not able to find few libraries, while it can still see other libraries in the same path.

    When logged into the docker container and used $ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/my_library/target/linux/x64/lib/ it was able to find library.

        Step 23/26 : RUN printenv
    ---> Running in a1d165f3bab4
    HOSTNAME=abc
    HOME=/root
    PATH=/opt/my_library/target/linux/x64/lib/:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    PWD=/app

    Step 25/26 : RUN ldd /app/react
    ---> Running in 93117e66ed4e
    libgacommon.so.7 => /opt/my_library/target/linux/x64/lib/libcommon.so.X
    libCUtil.so.X => not found
    libCRpc.so.X => not found
  • What happens to a dlopen-ed library if my process crashes?

    According to the documentation, dlclose decrements a reference counter. But what happens if my process crashes, or if I don't call dlclose it before it finishes? Will the reference counter still get decremented, and if so, how?