如何让 GDB 将我手工制作的可运行 ELF 文件识别为可执行文件?
How to make GDB recognize my handmade runnable ELF file as an executable?
我在 64 位 (Arch) 上有以下 AMD64 ELF 文件linux(未格式化以便于复制粘贴)
7F 45 4C 46 02 01 01 00 00 00 00 00 00 00 00 00 02 00 3E 00 01 00 00 00 78 00 40 00 00 00 00 00 40 00 00 00 00 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 40 00 38 00 01 00 40 00 03 00 02 00 01 00 00 00 05 00 00 00 78 00 00 00 00 00 00 00 78 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 48 B8 3C 00 00 00 00 00 00 00 0F 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 78 00 40 00 00 00 00 00 78 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 07 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 01 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 2E 74 65 78 74 00 2E 73 68 73 74 72 74 61 62 00
除了立即退出什么都不做。
readelf -a的输出是
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x400078
Start of program headers: 64 (bytes into file)
Start of section headers: 132 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 1
Size of section headers: 64 (bytes)
Number of section headers: 3
Section header string table index: 2
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .text PROGBITS 0000000000400078 00000078
000000000000000c 000000000000000c AX 0 0 8
[ 2] .shstrtab STRTAB 0000000000000000 00000144
0000000000000010 0000000000000010 0 0 0
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
l (large), p (processor specific)
There are no section groups in this file.
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000078 0x0000000000400078 0x0000000000000000
0x000000000000000c 0x000000000000000c R E 0x200000
Section to Segment mapping:
Segment Sections...
00 .text
There is no dynamic section in this file.
There are no relocations in this file.
The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.
No version information found in this file.
虽然可执行文件运行得很好,但当我执行 gdb <file> 时,我收到 "0x7ffd7e078db0s": not in executable format: file format not recognized
奇怪的是,当我删除所有部分时(因此 ELF 仅保留文件头、程序头和代码)GDB 确实将其识别为可执行文件。
因此,我的问题是,如何让 GDB 将我的文件识别为可执行文件?或者,GDB 使用什么信息来确定文件是否可执行?
感谢您的时间和精力。
您的 .shstrtab 部分的长度为 0x10,但长度应为 0x11:
0 1 2 3 4 5 6 7 8 9 A B C D E F <-- byte offset
[=10=] . t e x t [=10=] . s h s t r t a b [=10=] <-- value
将 293rd 字节从 0x10 更改为 0x11 使程序在 GDB 下 运行。
P.S。 eu-readelf 比 readelf 更健壮,并且使错误更清楚。使用原始(损坏的)二进制文件:
$ readelf -WS junk.elf
There are 3 section headers, starting at offset 0x84:
Section Headers:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 0] NULL 0000000000000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 0000000000400078 000078 00000c 0c AX 0 0 8
[ 2] .shstrtab STRTAB 0000000000000000 000144 000010 10 0 0 0
与eu-readelf比较:
$ eu-readelf -WS junk.elf
There are 3 section headers, starting at offset 0x84:
Section Headers:
[Nr] Name Type Addr Off Size ES Flags Lk Inf Al
[ 0] NULL 0000000000000000 00000000 00000000 0 0 0 0
[ 1] .text PROGBITS 0000000000400078 00000078 0000000c 12 AX 0 0 8
[ 2] <corrupt> STRTAB 0000000000000000 00000144 00000010 16 0 0 0
我在 64 位 (Arch) 上有以下 AMD64 ELF 文件linux(未格式化以便于复制粘贴)
7F 45 4C 46 02 01 01 00 00 00 00 00 00 00 00 00 02 00 3E 00 01 00 00 00 78 00 40 00 00 00 00 00 40 00 00 00 00 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 40 00 38 00 01 00 40 00 03 00 02 00 01 00 00 00 05 00 00 00 78 00 00 00 00 00 00 00 78 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 48 B8 3C 00 00 00 00 00 00 00 0F 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 78 00 40 00 00 00 00 00 78 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 07 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 01 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 2E 74 65 78 74 00 2E 73 68 73 74 72 74 61 62 00
除了立即退出什么都不做。
readelf -a的输出是
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x400078
Start of program headers: 64 (bytes into file)
Start of section headers: 132 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 1
Size of section headers: 64 (bytes)
Number of section headers: 3
Section header string table index: 2
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .text PROGBITS 0000000000400078 00000078
000000000000000c 000000000000000c AX 0 0 8
[ 2] .shstrtab STRTAB 0000000000000000 00000144
0000000000000010 0000000000000010 0 0 0
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
l (large), p (processor specific)
There are no section groups in this file.
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000078 0x0000000000400078 0x0000000000000000
0x000000000000000c 0x000000000000000c R E 0x200000
Section to Segment mapping:
Segment Sections...
00 .text
There is no dynamic section in this file.
There are no relocations in this file.
The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.
No version information found in this file.
虽然可执行文件运行得很好,但当我执行 gdb <file> 时,我收到 "0x7ffd7e078db0s": not in executable format: file format not recognized
奇怪的是,当我删除所有部分时(因此 ELF 仅保留文件头、程序头和代码)GDB 确实将其识别为可执行文件。
因此,我的问题是,如何让 GDB 将我的文件识别为可执行文件?或者,GDB 使用什么信息来确定文件是否可执行?
感谢您的时间和精力。
您的 .shstrtab 部分的长度为 0x10,但长度应为 0x11:
0 1 2 3 4 5 6 7 8 9 A B C D E F <-- byte offset
[=10=] . t e x t [=10=] . s h s t r t a b [=10=] <-- value
将 293rd 字节从 0x10 更改为 0x11 使程序在 GDB 下 运行。
P.S。 eu-readelf 比 readelf 更健壮,并且使错误更清楚。使用原始(损坏的)二进制文件:
$ readelf -WS junk.elf
There are 3 section headers, starting at offset 0x84:
Section Headers:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 0] NULL 0000000000000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 0000000000400078 000078 00000c 0c AX 0 0 8
[ 2] .shstrtab STRTAB 0000000000000000 000144 000010 10 0 0 0
与eu-readelf比较:
$ eu-readelf -WS junk.elf
There are 3 section headers, starting at offset 0x84:
Section Headers:
[Nr] Name Type Addr Off Size ES Flags Lk Inf Al
[ 0] NULL 0000000000000000 00000000 00000000 0 0 0 0
[ 1] .text PROGBITS 0000000000400078 00000078 0000000c 12 AX 0 0 8
[ 2] <corrupt> STRTAB 0000000000000000 00000144 00000010 16 0 0 0