flat assembler
Message board for the users of flat assembler.

Index > Linux > Execute code in data segment

Author
Thread Post new topic Reply to topic
FlierMate



Joined: 21 Jan 2021
Posts: 157
FlierMate
This program prints "Hello world!" twice.

Is this the intended behavior? Because I set the second segment as "executable" also.
(Or else I will likely get "Segmentation fault")

So I think it is quite dangerous to set data segment as "executable" accidentally?

Code:
format ELF executable 3
entry start

segment readable executable

start:

        mov     eax,4
        mov     ebx,1
        mov     ecx,msg
        mov     edx,msg_size
        int     0x80

segment readable writeable executable

        mov     eax,4
        mov     ebx,1
        mov     ecx,msg
        mov     edx,msg_size
        int     0x80

        mov     eax,1
        xor     ebx,ebx
        int     0x80

msg db 'Hello world!',0xA
msg_size = $-msg
    
Post 30 Dec 2021, 09:51
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 18256
Location: In your JS exploiting you and your system
revolution
There isn't really any precise definition of data segment. You can just set the access permissions as required.

For the code example above there is no need for the writeable attribute since you aren't writing anything.

But do note that where there are changes in the segment you should probably put a jmp instruction and not rely upon there being implied nops, or no gap, in the memory layout.
Post 30 Dec 2021, 13:08
View user's profile Send private message Visit poster's website Reply with quote
FlierMate



Joined: 21 Jan 2021
Posts: 157
FlierMate
Thank you for the nice explanation @revolution.

ELF 64-bit version also the same, the code execution can cross multiple segments (if all set to "readable" and "executable").

I think this is quite a loose standard, if compared to PE binary file format. I was not able to reproduce this behavior with code section and data section of a PE file.

Currently I believe there is no gap in between segments, in the memory layout. But it generates multiple program headers for each segment.
Post 30 Dec 2021, 13:24
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 18256
Location: In your JS exploiting you and your system
revolution
The memory layout depends upon the loader your OS uses. For my system the loader always puts each segment in a new 4kB memory page. It has to do this to allow for the new access permissions to be set correctly on each page.

If it was me I wouldn't like to rely upon undocumented behaviour of a random loader.
Post 30 Dec 2021, 13:37
View user's profile Send private message Visit poster's website Reply with quote
FlierMate



Joined: 21 Jan 2021
Posts: 157
FlierMate
Alright it was my mistake, I mean no gap in file offset. I notice the 0x1000 (4096) alignment when running "readelf -a hello64"

Code:
Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  LOAD           0x0000000000000000 0x0000000000400000 0x0000000000400000
                 0x00000000000000c8 0x00000000000000c8  R E    0x1000
  LOAD           0x00000000000000c8 0x00000000004010c8 0x00000000004010c8
                 0x0000000000000035 0x0000000000000035  R E    0x1000
    


Learned something new from you.
Post 30 Dec 2021, 13:43
View user's profile Send private message Visit poster's website Reply with quote
sylware



Joined: 23 Oct 2020
Posts: 91
Location: Marseille/France
sylware
https://repo.or.cz/fmap.git/blob/HEAD:/x86_64_sse2_x87/ld.simple

I did write that linker script to remove the "force down your throat" choices of the GNU binutils ld.
Post 07 Jan 2022, 16:36
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.