Return to the
comp.compilers page.
Search the
comp.compilers archives again.
| Related articles |
|---|
| Code modification issue. zuyihe@163.net (2001-10-14) |
| From: | zuyihe@163.net (zyy) |
| Newsgroups: | comp.compilers |
| Date: | 14 Oct 2001 22:21:41 -0400 |
| Organization: | http://groups.google.com/ |
| Keywords: | linker, question |
| Posted-Date: | 14 Oct 2001 22:21:41 EDT |
Is it possible to attach a new text segment at the end of the data
segment? I made some attemps but failed. Below is the original process
image (in /proc/xxxx/maps). The platform is Linux 2.2.x on PowerPC.
0fee8000-0ffc9000 r-xp 00000000 16:02 30727 /lib/libc-2.1.3.so
0ffc9000-0ffd8000 ---p 000e1000 16:02 30727 /lib/libc-2.1.3.so
0ffd8000-0ffeb000 rwxp 000e0000 16:02 30727 /lib/libc-2.1.3.so
0ffeb000-0fff0000 rwxp 00000000 00:00 0
10000000-10001000 r-xp 00000000 16:02 1126448 /home/elf/hello
10010000-10011000 rwxp 00000000 16:02 1126448 /home/elf/hello
30000000-30014000 r-xp 00000000 16:02 30722 /lib/ld-2.1.3.so
30014000-30015000 rw-p 00000000 00:00 0
30023000-30027000 rwxp 00013000 16:02 30722 /lib/ld-2.1.3.so
7fffe000-80000000 rwxp fffff000 00:00 0
It has a text segment from 10000000 to 10001000.
I modify "hello" to "Temp". Below is its process image.
0fee8000-0ffc9000 r-xp 00000000 16:02 30727 /lib/libc-2.1.3.so
0ffc9000-0ffd8000 ---p 000e1000 16:02 30727 /lib/libc-2.1.3.so
0ffd8000-0ffeb000 rwxp 000e0000 16:02 30727 /lib/libc-2.1.3.so
0ffeb000-0fff0000 rwxp 00000000 00:00 0
10000000-10001000 r-xp 00000000 16:02 1126475 /home/elf/Temp
10010000-10011000 rwxp 00000000 16:02 1126475 /home/elf/Temp
10020000-10021000 r-xp 00000000 16:02 1126475 /home/elf/Temp
30000000-30014000 r-xp 00000000 16:02 30722 /lib/ld-2.1.3.so
30014000-30015000 rw-p 00000000 00:00 0
30023000-30027000 rwxp 00013000 16:02 30722 /lib/ld-2.1.3.so
7fffe000-80000000 rwxp fffff000 00:00 0
A new segment is added from 10020000 to 10021000. In the main(), I
add a branch to jump to 10020000.
I set a breakpoint and check the instruction at 10020000. It is good.
But when it runs, the instruction is corrupted and gives SIGILL.
Anyone has a hint of whether it is possible or not? If possible, how
to fool the loader to let it believe it is a valid text segment?
Thanks.
[It might help if you explained the overall goal of what you're trying
to do here. Faking out the kernel program loader is fraught with danger.
-John]
Return to the
comp.compilers page.
Search the
comp.compilers archives again.