How do I use invoke in ELF64 format?

Index > Linux > How do I use invoke in ELF64 format?

Author

Thread

Hitakiry

Joined: 16 Jul 2020
Posts: 3

Hitakiry 16 Jul 2020, 10:35

Good afternoon. How do I use cinvoke in ELF64 format?
I can't find the file proc64.inc for ELF64, to use cinvoke.[/i]

16 Jul 2020, 10:35

ProMiNick

Joined: 24 Mar 2012
Posts: 821
Location: Russian Federation, Sochi

ProMiNick 16 Jul 2020, 14:56

read Linux32(not only 32 anymore) Xlib GUI program template
but there described x64 linux ABI calling convention, other than cinvoke.
In Linux 64 looks like interpreter '/lib64/ld-linux-x86-64.so.2' is shrinked in functionality (in comparisson to it 32 bit analog) and requires to use sections (in addition to use segments) in 'format ELF64 executable 3' (
So future of fasm in linux 64 - don`t use imports at all or rewrite interpreter.
segments & sections same time - not a problem for fasmg.

16 Jul 2020, 14:56

Hitakiry

Joined: 16 Jul 2020
Posts: 3

Hitakiry 16 Jul 2020, 18:49

Mmm... So on FAMS in 64 mod i can't use C lib and one codebase for projects on Win and Linux? How to create cross-platform "code section" in that case?

16 Jul 2020, 18:49

ProMiNick

Joined: 24 Mar 2012
Posts: 821
Location: Russian Federation, Sochi

ProMiNick 16 Jul 2020, 19:42

Hitakiry, as I wrote above there are 2 solutions:
1. migrate to fasmg
2. rewrite linux elf64 interpreter for support sectionless imports
(And a third variant - explore logic of imports and inline their code).

so, simplest - use fasmg and same codebase for win & linux. And enjoy.(Oh yes, some macros will be needed to be ported to fasmg)
If thou looking for hard ways be ready to do part of work by thouself. Wish thou entusiasts with same targets. partialy I one of them.

16 Jul 2020, 19:42

Hitakiry

Joined: 16 Jul 2020
Posts: 3

Hitakiry 16 Jul 2020, 20:29

Clearly. Now it's clear enough. Thank you very much.

16 Jul 2020, 20:29

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20759
Location: In your JS exploiting you and your system

revolution 16 Jul 2020, 22:43

You don't need to use fasmg.

Here is an example of linking to libc and calling open:

Code:

format ELF64 executable 3

entry start

segment gnustack
segment executable

start:
        mov     rdi,maps
        mov     esi,O_RDONLY
        xor     edx,edx
        call    [open]
        mov     edx,0x1000
        sub     rsp,rdx
        mov     rdi,rax
        mov     eax,SYS_READ
        mov     rsi,rsp
        syscall
        mov     edx,eax
        mov     eax,SYS_WRITE
        mov     edi,STD_OUTPUT
        mov     rsi,rsp
        syscall
        mov     eax,SYS_EXIT
        xor     edi,edi
        syscall

SYS_READ        = 0
SYS_WRITE       = 1
SYS_OPEN        = 2
SYS_MPROTECT    = 10
SYS_EXIT        = 60
STD_INPUT       = 0
STD_OUTPUT      = 1
O_RDONLY        = 0
PROT_READ       = 0x1

DT_NULL         = 0
DT_NEEDED       = 1
DT_STRTAB       = 5
DT_SYMTAB       = 6
DT_RELA         = 7
DT_RELASZ       = 8
DT_RELAENT      = 9
DT_STRSZ        = 10
DT_SYMENT       = 11
DT_BIND_NOW     = 24
DT_FLAGS        = 30
DT_FLAGS_1      = 0x6ffffffb
STB_GLOBAL      = 1
STT_FUNC        = 2
R_X86_64_64     = 1
DF_BIND_NOW     = 0x00000008
DF_1_NOW        = 0x00000001
DF_1_PIE        = 0x08000000

macro Elf64_Sym name,value,size,bind,type,other,shndx {
        dd name+0
        db (bind+0) shl 4 + (type+0)
        db other+0
        dw shndx+0
        dq value+0
        dq size+0
}
macro Elf64_Rela offset,symbol,type,addend {
        dq rva offset+0
        dq (symbol+0) shl 32 + (type+0)
        dq addend+0
}
virtual at 0
        Elf64_Sym
        sizeof.Elf64_Sym = $
        Elf64_Rela
        sizeof.Elf64_Rela = $ - sizeof.Elf64_Sym
end virtual

segment interpreter readable
                db '/lib64/ld-linux-x86-64.so.2'
        strtab:
                db 0
        _libc   db 'libc.so.6',0
        _open   db 'open',0
        strsz   = $ - strtab

maps:   db      '/proc/self/maps',0

segment dynamic readable
        dq DT_NEEDED,_libc - strtab
        dq DT_STRTAB,rva strtab
        dq DT_STRSZ,strsz
        dq DT_SYMTAB,rva symtab
        dq DT_SYMENT,sizeof.Elf64_Sym
        dq DT_RELA,rva rela
        dq DT_RELASZ,relasz
        dq DT_RELAENT,sizeof.Elf64_Rela
        dq DT_BIND_NOW,1
        dq DT_FLAGS,DF_BIND_NOW
        dq DT_FLAGS_1,DF_1_NOW or DF_1_PIE
        dq DT_NULL,0
        symtab:
                Elf64_Sym
                Elf64_Sym _open - strtab,0,0,STB_GLOBAL,STT_FUNC,0,0
        rela:
                Elf64_Rela open,1,R_X86_64_64
        relasz  = $ - rela
        external_links:
                open dq 0
        external_links_length = $ - external_links

segment readable writeable

segment fixups

16 Jul 2020, 22:43

ProMiNick

Joined: 24 Mar 2012
Posts: 821
Location: Russian Federation, Sochi

ProMiNick 29 Jul 2020, 06:23

revolution, as I understand it is needed to use patched version?

Code:

segment fixups.
Error: extra characters on line

external_links & external_links_length are not used anywhere, so I can suppose they needed for fixups?

29 Jul 2020, 06:23

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20759
Location: In your JS exploiting you and your system

revolution 29 Jul 2020, 06:54

You have an extra dot.

Code:

segment fixups ; <--- don't put a dot here

29 Jul 2020, 06:54

ProMiNick

Joined: 24 Mar 2012
Posts: 821
Location: Russian Federation, Sochi

ProMiNick 29 Jul 2020, 06:57

I tryed to compile thour above sample exactly (without dot)
dot is only separation of error line & error message

29 Jul 2020, 06:57

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20759
Location: In your JS exploiting you and your system

revolution 29 Jul 2020, 07:01

It works for me with v1.73.08, no modifications.

29 Jul 2020, 07:01

ProMiNick

Joined: 24 Mar 2012
Posts: 821
Location: Russian Federation, Sochi

ProMiNick 29 Jul 2020, 07:01

with 1.73.24 not. why not?

Last edited by ProMiNick on 29 Jul 2020, 07:15; edited 1 time in total

29 Jul 2020, 07:01

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20759
Location: In your JS exploiting you and your system

revolution 29 Jul 2020, 07:11

I don't have that version. It hasn't been approved for running here. Sad

29 Jul 2020, 07:11

ProMiNick

Joined: 24 Mar 2012
Posts: 821
Location: Russian Federation, Sochi

ProMiNick 29 Jul 2020, 07:21

Thou can`t download last version?
how 1.73.08 approved. But 1.73.24 not?
It hasn't been approved. by who?
Thou can`t download binaryes? needed sources in textual form posted?

29 Jul 2020, 07:21

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20759
Location: In your JS exploiting you and your system

revolution 29 Jul 2020, 07:32

ProMiNick wrote:

Thou can`t download last version?
how 1.73.08 approved. But 1.73.24 not?
It hasn't been approved. by who?
Thou can`t download binaryes? needed sources in textual form posted?

I can download from flatassembler.net, but I can't run anything not in the whitelist. It's not my machine, I don't have administrative control.

29 Jul 2020, 07:32

ProMiNick

Joined: 24 Mar 2012
Posts: 821
Location: Russian Federation, Sochi

ProMiNick 29 Jul 2020, 07:54

I think thou version patched according to contents of topic ELF executable + relocations/fixups for ASLR?
there are exacly time when 1.73.08 was actual.

post starts from
segment fixups ; this doesn't work
section fixups ; this doesn't work either

29 Jul 2020, 07:54

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20759
Location: In your JS exploiting you and your system

revolution 29 Jul 2020, 08:24

ProMiNick wrote:

I think thou version patched according to contents of topic ELF executable + relocations/fixups for ASLR?
there are exacly time when 1.73.08 was actual.

post starts from
segment fixups ; this doesn't work
section fixups ; this doesn't work either

You are absolutely correct. I forget about that. Embarassed

The fasm executables I have here have been modified. I can't change them now, the hashes will change and the whitelist will refuse to recognise them.

29 Jul 2020, 08:24

ProMiNick

Joined: 24 Mar 2012
Posts: 821
Location: Russian Federation, Sochi

ProMiNick 29 Jul 2020, 08:30

Could I provide these patches to newest version? or they could conflict? looks like not. but why Tomasz didn`t applied them? only elf dynamic type applied from times of this post.

Last edited by ProMiNick on 29 Jul 2020, 08:36; edited 1 time in total

29 Jul 2020, 08:30

revolution
When all else fails, read the source

Joined: 24 Aug 2004
Posts: 20759
Location: In your JS exploiting you and your system

revolution 29 Jul 2020, 08:35

ProMiNick wrote:

Could I provide these patches to newest version? or they could conflict?

No harm in trying.

29 Jul 2020, 08:35

ProMiNick

Joined: 24 Mar 2012
Posts: 821
Location: Russian Federation, Sochi

ProMiNick 29 Jul 2020, 08:59

Thanks. successfuly compiled.
Contrary to thou I compile everything in windows environment (my fasmpack is still support only windows as host, I mix charcase) and only after test in linux. At work I restricted to run linux( ...so have to wait to test output.

29 Jul 2020, 08:59

Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8466
Location: Kraków, Poland

Tomasz Grysztar 29 Jul 2020, 09:23

I believe there is some level of confusion here. You can have working imports with fasm as old as 1.69.05, no fasmg nor patches are necessary. The Linux packages contain a 64-bit example elfexe/dynamic/hello64.asm.

29 Jul 2020, 09:23

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum