-
Alessandro Di Federico authoredThis commit introduces support for dynamic objects. We do not support translating dynamic libraries yet, therefore this commit introduces support for PIE programs. At the current stage, QEMU does not provide us explicit information about an instruction using the program counter, but introduces its value as an immediate. As a consequence, we cannot support arbitrary relocation. For this reason, we statically relocate the program to a fixed address (`0x50000000` by default, but it can be customized through the `--base` argument). Therefore, all the addresses read from ELF data structure need to be relocated. Code compiled with `-fPIC` cannot store in global data the address of a function, since it will be relocated at run-time. This means that the global data harvesting won't bring any benefit. On the other hand, going through dynamic symbols can be hugely beneficial. Same argument for `*_RELATIVE` relocations. The `merge-dynamic.py` script has been improved to find the appropriate spot to put the rewritten program/section and headers and the dynamic sections (the kernel is peeky on them). Finally the `setRegister` function has been introduced in the module produced by `revamb`. This function allows to keep CSVs static and, at the same time, it allow `support.c` to set them. This is particularly useful when we want to call the `root` function with specific values in the registers (e.g., during for fuzzing purposes) or, as it's the case for PIE, to synchronize the value of the FS register, which is initialized by the dynamic loader, before execution gets to the `main` function in `support.c`.
Alessandro Di Federico authoredThis commit introduces support for dynamic objects. We do not support translating dynamic libraries yet, therefore this commit introduces support for PIE programs. At the current stage, QEMU does not provide us explicit information about an instruction using the program counter, but introduces its value as an immediate. As a consequence, we cannot support arbitrary relocation. For this reason, we statically relocate the program to a fixed address (`0x50000000` by default, but it can be customized through the `--base` argument). Therefore, all the addresses read from ELF data structure need to be relocated. Code compiled with `-fPIC` cannot store in global data the address of a function, since it will be relocated at run-time. This means that the global data harvesting won't bring any benefit. On the other hand, going through dynamic symbols can be hugely beneficial. Same argument for `*_RELATIVE` relocations. The `merge-dynamic.py` script has been improved to find the appropriate spot to put the rewritten program/section and headers and the dynamic sections (the kernel is peeky on them). Finally the `setRegister` function has been introduced in the module produced by `revamb`. This function allows to keep CSVs static and, at the same time, it allow `support.c` to set them. This is particularly useful when we want to call the `root` function with specific values in the registers (e.g., during for fuzzing purposes) or, as it's the case for PIE, to synchronize the value of the FS register, which is initialized by the dynamic loader, before execution gets to the `main` function in `support.c`.
Loading