Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Correct e_phoff #6

Open
joehendrix opened this issue Jun 21, 2018 · 0 comments
Open

Correct e_phoff #6

joehendrix opened this issue Jun 21, 2018 · 0 comments

Comments

@joehendrix
Copy link
Contributor

The Linux function for loading binaries [load_elf_binary] treats the e_phoff field in two ways:

  1. It is an offset from the beginning of the file used to locate the phdr table.
  2. It is used to calculate the virtual address of the program header table that is passed into the binary in the AT_PHDR field of the auxillary structure used to initialize the binary.

Existing libc implementations will parse the program header table in (2) to initialize TLS and other state. If this address is incorrect, then the program may crash.

Relevant to this is that the Linux kernel makes certain assumptions about the layout of the Elf file. In particular, it computes the "load address" load_addr of the program. In the common case, this is the virtual address of the first program segment. It then adds the value of e_phoff to this see.

To check binaries will run, the simplest check would be to verify that the program header table in executables appears within the first segment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant