|
|
fc6d88 |
@@ -, +, @@
|
|
|
fc6d88 |
relocation
|
|
|
fc6d88 |
- In general they are. But IRELATIVE relocations are sorted to come
|
|
|
fc6d88 |
last, and PLT entries are not sorted accordingly.
|
|
|
fc6d88 |
---
|
|
|
fc6d88 |
sysdeps/linux-gnu/x86/arch.h | 11 +++++
|
|
|
fc6d88 |
sysdeps/linux-gnu/x86/plt.c | 101 +++++++++++++++++++++++++++++++++++++++++-
|
|
|
fc6d88 |
2 files changed, 111 insertions(+), 1 deletions(-)
|
|
|
fc6d88 |
--- a/sysdeps/linux-gnu/x86/arch.h
|
|
|
fc6d88 |
+++ a/sysdeps/linux-gnu/x86/arch.h
|
|
|
fc6d88 |
@@ -19,6 +19,10 @@
|
|
|
fc6d88 |
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
|
|
fc6d88 |
* 02110-1301 USA
|
|
|
fc6d88 |
*/
|
|
|
fc6d88 |
+#ifndef LTRACE_X86_ARCH_H
|
|
|
fc6d88 |
+#define LTRACE_X86_ARCH_H
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+#include "vect.h"
|
|
|
fc6d88 |
|
|
|
fc6d88 |
#define BREAKPOINT_VALUE {0xcc}
|
|
|
fc6d88 |
#define BREAKPOINT_LENGTH 1
|
|
|
fc6d88 |
@@ -30,9 +34,16 @@
|
|
|
fc6d88 |
|
|
|
fc6d88 |
#define ARCH_HAVE_ADD_PLT_ENTRY
|
|
|
fc6d88 |
|
|
|
fc6d88 |
+#define ARCH_HAVE_LTELF_DATA
|
|
|
fc6d88 |
+struct arch_ltelf_data {
|
|
|
fc6d88 |
+ struct vect plt_map;
|
|
|
fc6d88 |
+};
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
#ifdef __x86_64__
|
|
|
fc6d88 |
#define LT_ELFCLASS ELFCLASS64
|
|
|
fc6d88 |
#define LT_ELF_MACHINE EM_X86_64
|
|
|
fc6d88 |
#endif
|
|
|
fc6d88 |
#define LT_ELFCLASS2 ELFCLASS32
|
|
|
fc6d88 |
#define LT_ELF_MACHINE2 EM_386
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+#endif /* LTRACE_X86_ARCH_H */
|
|
|
fc6d88 |
--- a/sysdeps/linux-gnu/x86/plt.c
|
|
|
fc6d88 |
+++ a/sysdeps/linux-gnu/x86/plt.c
|
|
|
fc6d88 |
@@ -27,10 +27,19 @@
|
|
|
fc6d88 |
#include "library.h"
|
|
|
fc6d88 |
#include "trace.h"
|
|
|
fc6d88 |
|
|
|
fc6d88 |
+static GElf_Addr
|
|
|
fc6d88 |
+x86_plt_offset(uint32_t i)
|
|
|
fc6d88 |
+{
|
|
|
fc6d88 |
+ /* Skip the first PLT entry, which contains a stub to call the
|
|
|
fc6d88 |
+ * resolver. */
|
|
|
fc6d88 |
+ return (i + 1) * 16;
|
|
|
fc6d88 |
+}
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
GElf_Addr
|
|
|
fc6d88 |
arch_plt_sym_val(struct ltelf *lte, size_t ndx, GElf_Rela *rela)
|
|
|
fc6d88 |
{
|
|
|
fc6d88 |
- return lte->plt_addr + (ndx + 1) * 16;
|
|
|
fc6d88 |
+ uint32_t i = *VECT_ELEMENT(<e->arch.plt_map, uint32_t, ndx);
|
|
|
fc6d88 |
+ return x86_plt_offset(i) + lte->plt_addr;
|
|
|
fc6d88 |
}
|
|
|
fc6d88 |
|
|
|
fc6d88 |
void *
|
|
|
fc6d88 |
@@ -62,3 +71,93 @@ arch_elf_add_plt_entry(struct process *proc, struct ltelf *lte,
|
|
|
fc6d88 |
|
|
|
fc6d88 |
return PLT_DEFAULT;
|
|
|
fc6d88 |
}
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+int
|
|
|
fc6d88 |
+arch_elf_init(struct ltelf *lte, struct library *lib)
|
|
|
fc6d88 |
+{
|
|
|
fc6d88 |
+ VECT_INIT(<e->arch.plt_map, unsigned int);
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+ /* IRELATIVE slots may make the whole situation a fair deal
|
|
|
fc6d88 |
+ * more complex. On x86{,_64}, the PLT slots are not
|
|
|
fc6d88 |
+ * presented in the order of the corresponding relocations,
|
|
|
fc6d88 |
+ * but in the order it which these symbols are in the symbol
|
|
|
fc6d88 |
+ * table. That's static symbol table, which may be stripped
|
|
|
fc6d88 |
+ * off, not dynsym--that doesn't contain IFUNC symbols at all.
|
|
|
fc6d88 |
+ * So we have to decode each PLT entry to figure out what
|
|
|
fc6d88 |
+ * entry it corresponds to. We need to interpret the PLT
|
|
|
fc6d88 |
+ * table to figure this out.
|
|
|
fc6d88 |
+ *
|
|
|
fc6d88 |
+ * On i386, the PLT entry format is as follows:
|
|
|
fc6d88 |
+ *
|
|
|
fc6d88 |
+ * 8048300: ff 25 0c a0 04 08 jmp *0x804a00c
|
|
|
fc6d88 |
+ * 8048306: 68 20 00 00 00 push $0x20
|
|
|
fc6d88 |
+ * 804830b: e9 e0 ff ff ff jmp 80482f0 <_init+0x30>
|
|
|
fc6d88 |
+ *
|
|
|
fc6d88 |
+ * For PIE binaries it is the following:
|
|
|
fc6d88 |
+ *
|
|
|
fc6d88 |
+ * 410: ff a3 10 00 00 00 jmp *0x10(%ebx)
|
|
|
fc6d88 |
+ * 416: 68 00 00 00 00 push $0x0
|
|
|
fc6d88 |
+ * 41b: e9 d0 ff ff ff jmp 3f0 <_init+0x30>
|
|
|
fc6d88 |
+ *
|
|
|
fc6d88 |
+ * On x86_64, it is:
|
|
|
fc6d88 |
+ *
|
|
|
fc6d88 |
+ * 400420: ff 25 f2 0b 20 00 jmpq *0x200bf2(%rip) # 601018 <_GLOBAL_OFFSET_TABLE_+0x18>
|
|
|
fc6d88 |
+ * 400426: 68 00 00 00 00 pushq $0x0
|
|
|
fc6d88 |
+ * 40042b: e9 e0 ff ff ff jmpq 400410 <_init+0x18>
|
|
|
fc6d88 |
+ *
|
|
|
fc6d88 |
+ * On i386, the argument to push is an offset of relocation to
|
|
|
fc6d88 |
+ * use. The first PLT slot has an offset of 0x0, the second
|
|
|
fc6d88 |
+ * 0x8, etc. On x86_64, it's directly the index that we are
|
|
|
fc6d88 |
+ * looking for.
|
|
|
fc6d88 |
+ */
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+ /* Here we scan the PLT table and initialize a map of
|
|
|
fc6d88 |
+ * relocation->slot number in lte->arch.plt_map. */
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+ size_t i;
|
|
|
fc6d88 |
+ for (i = 0; i < vect_size(<e->plt_relocs); ++i) {
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+ GElf_Addr offset = x86_plt_offset(i);
|
|
|
fc6d88 |
+ uint32_t reloc_arg = 0;
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+ uint8_t byte;
|
|
|
fc6d88 |
+ if (elf_read_next_u8(lte->plt_data, &offset, &byte) < 0
|
|
|
fc6d88 |
+ || byte != 0xff
|
|
|
fc6d88 |
+ || elf_read_next_u8(lte->plt_data, &offset, &byte) < 0
|
|
|
fc6d88 |
+ || (byte != 0xa3 && byte != 0x25))
|
|
|
fc6d88 |
+ goto next;
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+ /* Skip immediate argument in the instruction. */
|
|
|
fc6d88 |
+ offset += 4;
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+ if (elf_read_next_u8(lte->plt_data, &offset, &byte) < 0
|
|
|
fc6d88 |
+ || byte != 0x68
|
|
|
fc6d88 |
+ || elf_read_next_u32(lte->plt_data,
|
|
|
fc6d88 |
+ &offset, &reloc_arg) < 0) {
|
|
|
fc6d88 |
+ reloc_arg = 0;
|
|
|
fc6d88 |
+ goto next;
|
|
|
fc6d88 |
+ }
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+ if (lte->ehdr.e_machine == EM_386) {
|
|
|
fc6d88 |
+ if (reloc_arg % 8 != 0) {
|
|
|
fc6d88 |
+ reloc_arg = 0;
|
|
|
fc6d88 |
+ goto next;
|
|
|
fc6d88 |
+ }
|
|
|
fc6d88 |
+ reloc_arg /= 8;
|
|
|
fc6d88 |
+ }
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+ next:
|
|
|
fc6d88 |
+ if (VECT_PUSHBACK(<e->arch.plt_map, &reloc_arg) < 0) {
|
|
|
fc6d88 |
+ arch_elf_destroy(lte);
|
|
|
fc6d88 |
+ return -1;
|
|
|
fc6d88 |
+ }
|
|
|
fc6d88 |
+ }
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+ return 0;
|
|
|
fc6d88 |
+}
|
|
|
fc6d88 |
+
|
|
|
fc6d88 |
+void
|
|
|
fc6d88 |
+arch_elf_destroy(struct ltelf *lte)
|
|
|
fc6d88 |
+{
|
|
|
fc6d88 |
+ VECT_DESTROY(<e->arch.plt_map, uint32_t, NULL, NULL);
|
|
|
fc6d88 |
+}
|
|
|
fc6d88 |
--
|