flat assembler
Message board for the users of flat assembler.

Index > Linux > How do I use invoke in ELF64 format?

Author
Thread Post new topic Reply to topic
Hitakiry



Joined: 16 Jul 2020
Posts: 3
Hitakiry
Good afternoon. How do I use cinvoke in ELF64 format?
I can't find the file proc64.inc for ELF64, to use cinvoke.[/i]
Post 16 Jul 2020, 10:35
View user's profile Send private message Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 575
Location: Russian Federation, Sochi
ProMiNick
read Linux32(not only 32 anymore) Xlib GUI program template
but there described x64 linux ABI calling convention, other than cinvoke.
In Linux 64 looks like interpreter '/lib64/ld-linux-x86-64.so.2' is shrinked in functionality (in comparisson to it 32 bit analog) and requires to use sections (in addition to use segments) in 'format ELF64 executable 3' (
So future of fasm in linux 64 - don`t use imports at all or rewrite interpreter.
segments & sections same time - not a problem for fasmg.
Post 16 Jul 2020, 14:56
View user's profile Send private message Send e-mail Reply with quote
Hitakiry



Joined: 16 Jul 2020
Posts: 3
Hitakiry
Mmm... So on FAMS in 64 mod i can't use C lib and one codebase for projects on Win and Linux? How to create cross-platform "code section" in that case?
Post 16 Jul 2020, 18:49
View user's profile Send private message Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 575
Location: Russian Federation, Sochi
ProMiNick
Hitakiry, as I wrote above there are 2 solutions:
1. migrate to fasmg
2. rewrite linux elf64 interpreter for support sectionless imports
(And a third variant - explore logic of imports and inline their code).

so, simplest - use fasmg and same codebase for win & linux. And enjoy.(Oh yes, some macros will be needed to be ported to fasmg)
If thou looking for hard ways be ready to do part of work by thouself. Wish thou entusiasts with same targets. partialy I one of them.
Post 16 Jul 2020, 19:42
View user's profile Send private message Send e-mail Reply with quote
Hitakiry



Joined: 16 Jul 2020
Posts: 3
Hitakiry
Clearly. Now it's clear enough. Thank you very much.
Post 16 Jul 2020, 20:29
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17663
Location: In your JS exploiting you and your system
revolution
You don't need to use fasmg.

Here is an example of linking to libc and calling open:
Code:
format ELF64 executable 3

entry start

segment gnustack
segment executable

start:
        mov     rdi,maps
        mov     esi,O_RDONLY
        xor     edx,edx
        call    [open]
        mov     edx,0x1000
        sub     rsp,rdx
        mov     rdi,rax
        mov     eax,SYS_READ
        mov     rsi,rsp
        syscall
        mov     edx,eax
        mov     eax,SYS_WRITE
        mov     edi,STD_OUTPUT
        mov     rsi,rsp
        syscall
        mov     eax,SYS_EXIT
        xor     edi,edi
        syscall

SYS_READ        = 0
SYS_WRITE       = 1
SYS_OPEN        = 2
SYS_MPROTECT    = 10
SYS_EXIT        = 60
STD_INPUT       = 0
STD_OUTPUT      = 1
O_RDONLY        = 0
PROT_READ       = 0x1

DT_NULL         = 0
DT_NEEDED       = 1
DT_STRTAB       = 5
DT_SYMTAB       = 6
DT_RELA         = 7
DT_RELASZ       = 8
DT_RELAENT      = 9
DT_STRSZ        = 10
DT_SYMENT       = 11
DT_BIND_NOW     = 24
DT_FLAGS        = 30
DT_FLAGS_1      = 0x6ffffffb
STB_GLOBAL      = 1
STT_FUNC        = 2
R_X86_64_64     = 1
DF_BIND_NOW     = 0x00000008
DF_1_NOW        = 0x00000001
DF_1_PIE        = 0x08000000

macro Elf64_Sym name,value,size,bind,type,other,shndx {
        dd name+0
        db (bind+0) shl 4 + (type+0)
        db other+0
        dw shndx+0
        dq value+0
        dq size+0
}
macro Elf64_Rela offset,symbol,type,addend {
        dq rva offset+0
        dq (symbol+0) shl 32 + (type+0)
        dq addend+0
}
virtual at 0
        Elf64_Sym
        sizeof.Elf64_Sym = $
        Elf64_Rela
        sizeof.Elf64_Rela = $ - sizeof.Elf64_Sym
end virtual

segment interpreter readable
                db '/lib64/ld-linux-x86-64.so.2'
        strtab:
                db 0
        _libc   db 'libc.so.6',0
        _open   db 'open',0
        strsz   = $ - strtab

maps:   db      '/proc/self/maps',0

segment dynamic readable
        dq DT_NEEDED,_libc - strtab
        dq DT_STRTAB,rva strtab
        dq DT_STRSZ,strsz
        dq DT_SYMTAB,rva symtab
        dq DT_SYMENT,sizeof.Elf64_Sym
        dq DT_RELA,rva rela
        dq DT_RELASZ,relasz
        dq DT_RELAENT,sizeof.Elf64_Rela
        dq DT_BIND_NOW,1
        dq DT_FLAGS,DF_BIND_NOW
        dq DT_FLAGS_1,DF_1_NOW or DF_1_PIE
        dq DT_NULL,0
        symtab:
                Elf64_Sym
                Elf64_Sym _open - strtab,0,0,STB_GLOBAL,STT_FUNC,0,0
        rela:
                Elf64_Rela open,1,R_X86_64_64
        relasz  = $ - rela
        external_links:
                open dq 0
        external_links_length = $ - external_links

segment readable writeable

segment fixups    
Post 16 Jul 2020, 22:43
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 575
Location: Russian Federation, Sochi
ProMiNick
revolution, as I understand it is needed to use patched version?
Code:
segment fixups.
Error: extra characters on line    

external_links & external_links_length are not used anywhere, so I can suppose they needed for fixups?
Post 29 Jul 2020, 06:23
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17663
Location: In your JS exploiting you and your system
revolution
You have an extra dot.
Code:
segment fixups ; <--- don't put a dot here    
Post 29 Jul 2020, 06:54
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 575
Location: Russian Federation, Sochi
ProMiNick
I tryed to compile thour above sample exactly (without dot)
dot is only separation of error line & error message
Post 29 Jul 2020, 06:57
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17663
Location: In your JS exploiting you and your system
revolution
It works for me with v1.73.08, no modifications.
Post 29 Jul 2020, 07:01
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 575
Location: Russian Federation, Sochi
ProMiNick
with 1.73.24 not. why not?


Last edited by ProMiNick on 29 Jul 2020, 07:15; edited 1 time in total
Post 29 Jul 2020, 07:01
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17663
Location: In your JS exploiting you and your system
revolution
I don't have that version. It hasn't been approved for running here. Sad
Post 29 Jul 2020, 07:11
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 575
Location: Russian Federation, Sochi
ProMiNick
Thou can`t download last version?
how 1.73.08 approved. But 1.73.24 not?
It hasn't been approved. by who?
Thou can`t download binaryes? needed sources in textual form posted?
Post 29 Jul 2020, 07:21
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17663
Location: In your JS exploiting you and your system
revolution
ProMiNick wrote:
Thou can`t download last version?
how 1.73.08 approved. But 1.73.24 not?
It hasn't been approved. by who?
Thou can`t download binaryes? needed sources in textual form posted?
I can download from flatassembler.net, but I can't run anything not in the whitelist. It's not my machine, I don't have administrative control.
Post 29 Jul 2020, 07:32
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 575
Location: Russian Federation, Sochi
ProMiNick
I think thou version patched according to contents of topic ELF executable + relocations/fixups for ASLR?
there are exacly time when 1.73.08 was actual.

post starts from
segment fixups ; this doesn't work
section fixups ; this doesn't work either
Post 29 Jul 2020, 07:54
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17663
Location: In your JS exploiting you and your system
revolution
ProMiNick wrote:
I think thou version patched according to contents of topic ELF executable + relocations/fixups for ASLR?
there are exacly time when 1.73.08 was actual.

post starts from
segment fixups ; this doesn't work
section fixups ; this doesn't work either
You are absolutely correct. I forget about that. Embarassed

The fasm executables I have here have been modified. I can't change them now, the hashes will change and the whitelist will refuse to recognise them.
Post 29 Jul 2020, 08:24
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 575
Location: Russian Federation, Sochi
ProMiNick
Could I provide these patches to newest version? or they could conflict? looks like not. but why Tomasz didn`t applied them? only elf dynamic type applied from times of this post.


Last edited by ProMiNick on 29 Jul 2020, 08:36; edited 1 time in total
Post 29 Jul 2020, 08:30
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17663
Location: In your JS exploiting you and your system
revolution
ProMiNick wrote:
Could I provide these patches to newest version? or they could conflict?
No harm in trying.
Post 29 Jul 2020, 08:35
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 575
Location: Russian Federation, Sochi
ProMiNick
Thanks. successfuly compiled.
Contrary to thou I compile everything in windows environment (my fasmpack is still support only windows as host, I mix charcase) and only after test in linux. At work I restricted to run linux( ...so have to wait to test output.
Post 29 Jul 2020, 08:59
View user's profile Send private message Send e-mail Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7796
Location: Kraków, Poland
Tomasz Grysztar
I believe there is some level of confusion here. You can have working imports with fasm as old as 1.69.05, no fasmg nor patches are necessary. The Linux packages contain a 64-bit example elfexe/dynamic/hello64.asm.
Post 29 Jul 2020, 09:23
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.