flat assembler
Message board for the users of flat assembler.

Index > Non-x86 architectures > FASMARM generates object file with invalid architecture

Author
Thread Post new topic Reply to topic
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen
I'm not sure what's wrong here. For the following source:
Code:
format ELF
section '.text' executable
nop    

FASM generates the right architecture i386 (objdump output):
Quote:
elf32_x86.o: file format elf32-i386
architecture: i386, flags 0x00000010:
HAS_SYMS
start address 0x00000000

FASMARM seems to set the architecture to an invalid value:
Quote:
elf32.o: file format elf32-little
architecture: UNKNOWN!, flags 0x00000010:
HAS_SYMS
start address 0x00000000
I tried to add PROCESSOR and COPROCESSOR directives but no luck.
Post 05 May 2020, 20:03
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 600
Location: Russian Federation, Sochi
ProMiNick
fasmarm is designed as set of patches and with replacing instruction handling to ARM arch.
I found bug in fasmarm for 2 years ago in if-blocks handling (absent in fasm & specific to fasmarm - it is still unresolved) (in opposition to thour case that not so trivial as thours).
If thou could find what value should be thou could do additional patch thourself.

maybe even I could provide patch for thou: what value? by which value to replace?
Post 05 May 2020, 21:47
View user's profile Send private message Send e-mail Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 600
Location: Russian Federation, Sochi
ProMiNick
for x86 these:
Code:
format_elf:
        test    [format_flags],8
        jnz     format_elf64
        mov     edx,edi
        mov     ecx,34h shr 2
        lea     eax,[edi+ecx*4]
        cmp     eax,[tagged_blocks]
        jae     out_of_memory
        xor     eax,eax
        rep     stos dword [edi]
        mov     dword [edx],7Fh + 'ELF' shl 8
        mov     al,1
        mov     [edx+4],al
        mov     [edx+5],al
        mov     [edx+6],al
        mov     [edx+14h],al
        mov     byte [edx+12h],3  ; patch here
        mov     byte [edx+28h],34h
        mov     byte [edx+2Eh],28h
        mov     [code_type],32   ; patch here
        mov     byte [edx+10h],2
        cmp     word [esi],1D19h
        je      format_elf_exe
        mov     byte [edx+10h],3
        cmp     word [esi],021Eh
        je      format_elf_exe
      elf_header_ok:    


and provided patches for ARM:
Code:
        patch format_elf,       <<mov byte[edx+12h],3>>,        <<mov byte[edx+12h],40>>,       62      ;ARM
        patch format_elf,       <<mov [code_type],32>>,         <<mov [code_type],ARM_code>>,   74      ;CODE32
        patch elf_exe_brand_ok, <<mov [image_base],8048000h>>,  <<mov [image_base],8000h>>,     0    


try
replace:
Code:
        patch format_elf,       <<mov byte[edx+12h],3>>,        <<mov byte[edx+12h],40>>,       62      ;ARM     


with this:
Code:
        patch format_elf,       <<mov     byte[edx+12h],3>>,        <<call ARM_elf_fix_machine_flags>>,       62      ;ARM    


and somewhere in the bottom of ARMv8.INC add this
Code:
ARM_elf_fix_machine_flags:
        mov byte[edx+12h],40 ; EM_ARM
        mov byte[edx+27h],5  ; ABI version 5
        ret
    


no guaranties (I am a last man on this forum for whom thou could address linux related questions)
Post 05 May 2020, 22:02
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17720
Location: In your JS exploiting you and your system
revolution
Okay, another bug I need to fix. Thanks for the report.

For various legal and virus related reasons I can't access any of the code right now. Sorry, It might be another two months before I can get back to my dev machine.
Post 06 May 2020, 04:14
View user's profile Send private message Visit poster's website Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen
All right, thanks for the info. I'd like to fix it myself.

Can you guys help me recompile FASMARM? It seems that FASM sources are not a part of FASMARM sources and I have no idea where should I place the FASM sources.
Post 06 May 2020, 07:37
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 600
Location: Russian Federation, Sochi
ProMiNick
use sources of fasmarm in https://yadi.sk/d/HTs1wxZvp6BmYw (only they comptibable with last fasm 1.72-1.73.24)
for compilation use fasmw.exe in BIN (it same as official one but in fasmw.ini there are paths to proper assembly)
And source has no patch suggested in this topic. By the way there are fasmarm sources for all OSes, except 64 bit variants.

Good Luck in arm elf research process. Hope thou share results - they could be usefull for community.
Post 06 May 2020, 08:19
View user's profile Send private message Send e-mail Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen
ProMiNick, thank you for your answers.

I added this code at the bottom of ARMv8.INC and FASMARM.ASM compiles without errors:
Code:
ARM_elf_fix_machine_flags:
        mov byte[edx+12h],40 ; EM_ARM
        mov byte[edx+27h],5  ; ABI version 5
        ret
    

However, when I replace the line with patch as suggested, I get error in the patch macro:
Quote:
Length original: 4, Length replacement: 5

I have no idea what's wrong. I'm not familiar with fasm macro language. I also dn't understand how the "offset" parameter actually works.

And I'm willing to share everything but I don't do anything special, I just need to create an ELF object file with fasmarm. Feel free to ask if you have questions.
Post 09 May 2020, 15:51
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 600
Location: Russian Federation, Sochi
ProMiNick
Code:
        patch format_elf,       <<mov byte[edx+12h],3>,<mov byte [edx+28h],34h>>,        <<call ARM_elf_fix_machine_flags>,nop,nop,nop>,       62      ;ARM    
Code:
ARM_elf_fix_machine_flags:
        mov byte[edx+12h],40 ; EM_ARM
        mov word[edx+27h],3405h  ; ABI version 5 & smthing that was 34h
        ret    


patched & patch bytes should be equal size, call 1 byte bigger so increase patch size to fit it.
Post 09 May 2020, 19:34
View user's profile Send private message Send e-mail Reply with quote
guignol



Joined: 06 Dec 2008
Posts: 727
guignol
revolution wrote:
For various legal and virus related reasons I can't access any of the code right now. Sorry, It might be another two months before I can get back to my dev machine.
I wonder...

It might as well be two years
Post 11 May 2020, 07:07
View user's profile Send private message Reply with quote
guignol



Joined: 06 Dec 2008
Posts: 727
guignol
I do notice you reside on the forum for quite a time, most of your day maybe
Post 11 May 2020, 07:11
View user's profile Send private message Reply with quote
guignol



Joined: 06 Dec 2008
Posts: 727
guignol
ProMiNick wrote:
By the way there are fasmarm sources for all OSes, except 64 bit variants.
yeah, i mean, it's the near future of "personal computing"
fasm for Android, too, once again
ProMiNick wrote:
Good Luck in arm elf research process. Hope thou share results - they could be usefull for community.
aww, elves...
Post 11 May 2020, 07:16
View user's profile Send private message Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 600
Location: Russian Federation, Sochi
ProMiNick
guignol, modern androids have nothing common with linux(
Thou cant run elf on them.
Jnly dalvik scripts.
fasmarm will not help. dalvik different architecture.
Post 11 May 2020, 14:53
View user's profile Send private message Send e-mail Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen
ProMiNick, you can run ELF executables on Android easily: https://board.flatassembler.net/topic.php?t=21327
Post 11 May 2020, 15:02
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 600
Location: Russian Federation, Sochi
ProMiNick
Some time ago that was still possible to run elfes.
Modern androids fix that so nothing except dalvic could not be run in android environment. Or thou targeted to android versions that soon became out of date?
Post 11 May 2020, 22:33
View user's profile Send private message Send e-mail Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen
Let's move the discussion about ELF executables and Android here: https://board.flatassembler.net/topic.php?p=213974#213974
Post 12 May 2020, 14:25
View user's profile Send private message Visit poster's website Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen
ProMiNick, your last patch seems to work, thanks. The byte at offset 0x27 should be 0x05, as documented in ARM manual:
Quote:
EF_ARM_ABIMASK (0xFF000000) (current version is 0x05000000): This masks an 8-bit version number, the version of the ABI to which this ELF file conforms. This ABI is version 5. A value of 0 denotes unknown conformance.
I've just found that the objdump output is confusing, it says "architecture: UNKNOWN!" even when I patch the byte to 0x05.

The readelf utility has better output in this case. For the object file generated with fasmarm, using -h option, it says:
Code:
ELF Header:
  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF32
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              REL (Relocatable file)
  Machine:                           ARM
  Version:                           0x1
  Entry point address:               0x0
  Start of program headers:          0 (bytes into file)
  Start of section headers:          3146176 (bytes into file)
  Flags:                             0x0
  Size of this header:               52 (bytes)    

But the correct Flags is:
Code:
  Flags:                             0x5000000, Version5 EABI    
Post 12 May 2020, 15:01
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 600
Location: Russian Federation, Sochi
ProMiNick
try this?
Code:
ARM_elf_fix_machine_flags:
        mov byte[edx+7],97 ; ELFOSABI_ARM
        mov byte[edx+12h],40 ; EM_ARM
        mov word[edx+27h],3405h  ; ABI version 5 & smthing that was 34h
        ret    
Post 13 May 2020, 05:38
View user's profile Send private message Send e-mail Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen
Thanks, the "Version5 EABI" flag is enough for me because I can link the file now.
Post 25 May 2020, 10:16
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.