flat assembler
Message board for the users of flat assembler.

Index > Linux > PIE (position independent executable)

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
sleepsleep



Joined: 05 Oct 2006
Posts: 13077
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 27 Jun 2013, 10:04
hi my fasm friends,

i just tried my 1st linux executable,
Code:
format elf
include '/fasm/examples/libcdemo/ccall.inc'


section '.text' executable
public main
extrn getpid
extrn printf
align 4
main:
        call getpid
        ccall printf,msg,eax
        mov  eax,1
        int  0x80
        ret

section '.data' writeable
msg db 'hello world %d',0
    


my environment is as below,
uname -a
Linux sleepserver 3.9.6-0-grsec #1-Alpine SMP Mon Jun 24 06:11:28 UTC 2013 i686 Linux

using alpine linux,
added uclibc
i extracted fasm on /
Code:
sleepserver:/# /fasm/fasm a1.asm
flat assembler  version 1.70.03  (16384 kilobytes memory)
3 passes, 513 bytes.

sleepserver:/# gcc /a1.o -o /a1
sleepserver:/# ./a1
Can't modify application's text section; use the GCC option -fPIE for position-independent executables.

tried with gcc /a1.o -fPIE -o /a1
same error too,
    


i suspect i need to do something with section?
any ideas my friends?
Post 27 Jun 2013, 10:04
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20455
Location: In your JS exploiting you and your system
revolution 28 Jun 2013, 05:01
I'm not a Linux user so I don't know what I am talking about here, but since there is no reply yet I'll venture a guess that perhaps your code section needs to be marked "writeable" to allow the address to be patched?

Anyhow, there are Linux examples in the fasm download, don't they show you how to achieve such a thing? If not then perhaps it should be added.
Post 28 Jun 2013, 05:01
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13077
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 28 Jun 2013, 08:22
tried with writetable,
Code:
section '.text' writeable executable
    

no luck still,

thanks for reply, revolution.
Post 28 Jun 2013, 08:22
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13077
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 28 Jun 2013, 08:34
Code:
sleepserver:/# readelf -d /a1

Dynamic section at offset 0x5d0 contains 21 entries:
  Tag        Type                         Name/Value
 0x00000001 (NEEDED)                     Shared library: [libc.so.0.9.32]
 0x0000000c (INIT)                       0x374
 0x0000000d (FINI)                       0x5a0
 0x00000004 (HASH)                       0x110
 0x00000005 (STRTAB)                     0x250
 0x00000006 (SYMTAB)                     0x160
 0x0000000a (STRSZ)                      169 (bytes)
 0x0000000b (SYMENT)                     16 (bytes)
 0x00000015 (DEBUG)                      0x0
 0x00000003 (PLTGOT)                     0x16b4
 0x00000002 (PLTRELSZ)                   32 (bytes)
 0x00000014 (PLTREL)                     REL
 0x00000017 (JMPREL)                     0x354
 0x00000011 (REL)                        0x2fc
 0x00000012 (RELSZ)                      88 (bytes)
 0x00000013 (RELENT)                     8 (bytes)
 0x00000016 (TEXTREL)                    0x0
 0x00000018 (BIND_NOW)
 0x6ffffffb (FLAGS_1)                    Flags: NOW
 0x6ffffffa (RELCOUNT)                   5
 0x00000000 (NULL)                       0x0
    

idk if this info will be useful for us to fix?
Post 28 Jun 2013, 08:34
View user's profile Send private message Reply with quote
Endre



Joined: 29 Dec 2003
Posts: 215
Location: Budapest, Hungary
Endre 28 Jun 2013, 11:29
Advice: try not mixing syscalls and libc calls. So if you comment out the int 0x80 line I'd expect it to work.
Post 28 Jun 2013, 11:29
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13077
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 29 Jun 2013, 00:00
thanks Endre,
doesnt work still =(

Code:
section '.text' writeable executable
...
main:
  call getpid
  ccall printf,msg,eax
  ret
    

same error,
Can't modify application's text section; use the GCC option -fPIE for position-independent executables.
Post 29 Jun 2013, 00:00
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20455
Location: In your JS exploiting you and your system
revolution 29 Jun 2013, 00:26
Perhaps you can try to make your exe differently.
Code:
_printf dd printf
;...
call [_printf]    
That way the linker will see a normal offset.
Post 29 Jun 2013, 00:26
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13077
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 29 Jun 2013, 00:47
tried the following as you suggest, no luck still,

Code:
section '.text' writeable executable
extrn getpid
_getpid dd getpid
main:
  call [_getpid]
  ret
    

still same error
Post 29 Jun 2013, 00:47
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20455
Location: In your JS exploiting you and your system
revolution 29 Jun 2013, 00:51
Move the data into a different section.
Post 29 Jun 2013, 00:51
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 29 Jun 2013, 01:26
sleepsleep, try making the same thing as a really simple C program (of course stille using µlibc - glibc is a VERY different beast!), and take a look at section definitions as well as disassemble of the various object files (and the executable if need be - but my gut feeling says the error is in your .o somewhere).
Post 29 Jun 2013, 01:26
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13077
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 29 Jun 2013, 01:26
ok, i remove the section '.data'

Code:
format elf
include '/fasm/examples/libcdemo/ccall.inc'

section '.text' writeable executable
public main
extrn getpid
_getpid dd getpid
main:
        call [_getpid]
        ret
    

no luck, same error,

the below also no luck
Code:
format elf
include '/fasm/examples/libcdemo/ccall.inc'

section '.text' writeable executable
public main
extrn getpid
main:
        call [_getpid]
        ret
section '.data' writeable
_getpid dd getpid
    

same error too,


all tried with below gcc switches
gcc /a1.o -o /a1
gcc /a1.o -o -fPIE /a1
Post 29 Jun 2013, 01:26
View user's profile Send private message Reply with quote
gens



Joined: 18 Feb 2013
Posts: 161
gens 29 Jun 2013, 23:42
try -fPIC
-fPIE should depend on libc and kernel things
Post 29 Jun 2013, 23:42
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13077
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 30 Jun 2013, 03:45
no luck still,
tried -fPIC and -fPIE separately and both,

the linux i am using is alpine linux
Quote:

Alpine Linux is a Linux distribution based on uClibc and BusyBox, which has the goal of being lightweight and secure by default while still being useful for general-purpose tasks. Alpine Linux uses PaX and grsecurity patches in the default kernel and compiles all packages with stack-smashing protection.

idk if this stack-smashing protection is issue probably?
Post 30 Jun 2013, 03:45
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13077
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 30 Jun 2013, 08:10
based on this,
http://www.undeadly.org/cgi?action=article&sid=20081117202731
maybe i should give ldd info
Code:
sleepserver:/# ldd a1
Can't modify a1's text section. Use GCC option -fPIC for shared objects, please.
checking sub-depends for '/lib/libc.so.0.9.32'
checking sub-depends for '/lib/ld-uClibc.so.0.9.32'
        libc.so.0.9.32 => /lib/libc.so.0.9.32 (0x00000000)
        ld-uClibc.so.0.9.32 => /lib/ld-uClibc.so.0.9.32 (0x00000000)
        not a dynamic executable
    
Post 30 Jun 2013, 08:10
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13077
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 30 Jun 2013, 12:08
i dig deeper into this,
found this,
http://www.tortall.net/projects/yasm/manual/html/manual.html
Quote:

The ELF specification contains enough features to allow position-independent code (PIC) to be written, which makes ELF shared libraries very flexible. However, it also means Yasm has to be able to generate a variety of strange relocation types in ELF object files, if it is to be an assembler which can write PIC.

basically, i still got no idea why i failed to create & run executable that use ccall.inc,
(a libcdemo example) in fasm linux examples zip file.

is this OS issue or assembler issue or gcc issue? Question
Post 30 Jun 2013, 12:08
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13077
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 30 Jun 2013, 12:21
dig and found maybe a solution,
http://lists.uclibc.org/pipermail/uclibc/2008-January/039750.html
Quote:

as you've found out, uClibc rejects TEXTRELs by default in shared code because
this means the code is no longer shared ... and that's sort of the point of
having the shared object in the first place.


Quote:

For the record, I recompiled uClibc with FORCE_SHAREABLE_TEXT_SEGMENTS
undefined (via the .config file) and now I can execute the program of
interest (J9) successfully.

Thanks for your help,
Robert Dodier
Post 30 Jun 2013, 12:21
View user's profile Send private message Reply with quote
gens



Joined: 18 Feb 2013
Posts: 161
gens 30 Jun 2013, 22:17
soooo
why do you need that fasm macro ?

you can just call getpid()
no need for PIC/PIE

Code:
format elf64

section '.text' writeable executable
public main
extrn getpid
main:
        call getpid
        ret    


works np for me, with 64bit calling convention
(32bit is passing paramaters on the stack)
Post 30 Jun 2013, 22:17
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13077
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 01 Jul 2013, 00:09
it doesnt works,
using exact source like yours, except first line,
Code:
format elf
    

same error too,
Can't modify application's text section; use the GCC option -fPIE for position-independent executables.
Post 01 Jul 2013, 00:09
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13077
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 01 Jul 2013, 05:25
i created a hello world compile using
Code:
gcc -c hello.c
gcc -fPIE hello.o -o hello
./hello (it works)

readelf -h hello > c1.txt
readelf -h a1 > a1.txt
    

a1 is gens code only line 1 was change to format elf

Code:
diff a1.txt c1.txt
--- a1.txt
+++ c1.txt
@@ -8,13 +8,13 @@
   Type:                              DYN (Shared object file)
   Machine:                           Intel 80386
   Version:                           0x1
-  Entry point address:               0x3a0
+  Entry point address:               0x3f0
   Start of program headers:          52 (bytes into file)
-  Start of section headers:          1844 (bytes into file)
+  Start of section headers:          2196 (bytes into file)
   Flags:                             0x0
   Size of this header:               52 (bytes)
   Size of program headers:           32 (bytes)
-  Number of program headers:         6
+  Number of program headers:         7
   Size of section headers:           40 (bytes)
-  Number of section headers:         24
-  Section header string table index: 21
+  Number of section headers:         26
+  Section header string table index: 23
    

idk if this useful for debug?

then i tried readelf several program, nano, whois, most of them got 7 in number of program headers, idk is number of program headers important or not, just try to think any possibilities that prevent executable from running.
Post 01 Jul 2013, 05:25
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 13077
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 0010456
sleepsleep 01 Jul 2013, 05:29
a1 (fasm)
Code:
readelf -l a1
readelf -l c1

 Elf file type is DYN (Shared object file)
-Entry point 0x3a0
-There are 6 program headers, starting at offset 52
+Entry point 0x3f0
+There are 7 program headers, starting at offset 52

 Program Headers:
   Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
-  PHDR           0x000034 0x00000034 0x00000034 0x000c0 0x000c0 R E 0x4
-  INTERP         0x0000f4 0x000000f4 0x000000f4 0x00019 0x00019 R   0x1
+  PHDR           0x000034 0x00000034 0x00000034 0x000e0 0x000e0 R E 0x4
+  INTERP         0x000114 0x00000114 0x00000114 0x00019 0x00019 R   0x1
       [Requesting program interpreter: /lib/ld-uClibc.so.0.9.32]
-  LOAD           0x000000 0x00000000 0x00000000 0x0055c 0x0055c R E 0x1000
-  LOAD           0x00055c 0x0000155c 0x0000155c 0x00118 0x00120 RW  0x1000
-  DYNAMIC        0x000570 0x00001570 0x00001570 0x000c8 0x000c8 RW  0x4
-  GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
+  LOAD           0x000000 0x00000000 0x00000000 0x006a8 0x006a8 R E 0x1000
+  LOAD           0x0006a8 0x000016a8 0x000016a8 0x00114 0x0011c RW  0x1000
+  DYNAMIC        0x0006bc 0x000016bc 0x000016bc 0x000c0 0x000c0 RW  0x4
+  GNU_EH_FRAME   0x000608 0x00000608 0x00000608 0x00024 0x00024 R   0x4
+  GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x4

  Section to Segment mapping:
   Segment Sections...
    00
    01     .interp
-   02     .interp .hash .dynsym .dynstr .rel.dyn .rel.plt .init .plt .text .fini .eh_frame
+   02     .interp .hash .dynsym .dynstr .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
    03     .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
    04     .dynamic
-   05
+   05     .eh_frame_hdr
+   06
    
Post 01 Jul 2013, 05:29
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.