Code modification issue.

zuyihe@163.net (zyy)
14 Oct 2001 22:21:41 -0400

          From comp.compilers

Related articles
Code modification issue. zuyihe@163.net (2001-10-14)
| List of all articles for this month |

From: zuyihe@163.net (zyy)
Newsgroups: comp.compilers
Date: 14 Oct 2001 22:21:41 -0400
Organization: http://groups.google.com/
Keywords: linker, question
Posted-Date: 14 Oct 2001 22:21:41 EDT

Is it possible to attach a new text segment at the end of the data
segment? I made some attemps but failed. Below is the original process
image (in /proc/xxxx/maps). The platform is Linux 2.2.x on PowerPC.


0fee8000-0ffc9000 r-xp 00000000 16:02 30727 /lib/libc-2.1.3.so
0ffc9000-0ffd8000 ---p 000e1000 16:02 30727 /lib/libc-2.1.3.so
0ffd8000-0ffeb000 rwxp 000e0000 16:02 30727 /lib/libc-2.1.3.so
0ffeb000-0fff0000 rwxp 00000000 00:00 0
10000000-10001000 r-xp 00000000 16:02 1126448 /home/elf/hello
10010000-10011000 rwxp 00000000 16:02 1126448 /home/elf/hello
30000000-30014000 r-xp 00000000 16:02 30722 /lib/ld-2.1.3.so
30014000-30015000 rw-p 00000000 00:00 0
30023000-30027000 rwxp 00013000 16:02 30722 /lib/ld-2.1.3.so
7fffe000-80000000 rwxp fffff000 00:00 0


    It has a text segment from 10000000 to 10001000.


    I modify "hello" to "Temp". Below is its process image.


0fee8000-0ffc9000 r-xp 00000000 16:02 30727 /lib/libc-2.1.3.so
0ffc9000-0ffd8000 ---p 000e1000 16:02 30727 /lib/libc-2.1.3.so
0ffd8000-0ffeb000 rwxp 000e0000 16:02 30727 /lib/libc-2.1.3.so
0ffeb000-0fff0000 rwxp 00000000 00:00 0
10000000-10001000 r-xp 00000000 16:02 1126475 /home/elf/Temp
10010000-10011000 rwxp 00000000 16:02 1126475 /home/elf/Temp
10020000-10021000 r-xp 00000000 16:02 1126475 /home/elf/Temp
30000000-30014000 r-xp 00000000 16:02 30722 /lib/ld-2.1.3.so
30014000-30015000 rw-p 00000000 00:00 0
30023000-30027000 rwxp 00013000 16:02 30722 /lib/ld-2.1.3.so
7fffe000-80000000 rwxp fffff000 00:00 0


    A new segment is added from 10020000 to 10021000. In the main(), I
add a branch to jump to 10020000.


    I set a breakpoint and check the instruction at 10020000. It is good.
But when it runs, the instruction is corrupted and gives SIGILL.


    Anyone has a hint of whether it is possible or not? If possible, how
to fool the loader to let it believe it is a valid text segment?


    Thanks.
[It might help if you explained the overall goal of what you're trying
to do here. Faking out the kernel program loader is fraught with danger.
-John]



Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.