Hello class, and welcome to x86 Masochism 101. Here you will learn how to use opcodes directly to create an executable without ever touching the compiler, assembler, or linker. We will only use an editor capable of modifying binaries (ie a hex editor) and “chmod” to make the file executable.
If that doesn't turn you on, then I don't even know ...
Seriously though, this is one of those things that I personally find very interesting. Obviously, you are not going to use this to write serious programs with millions of lines. However, you can have a lot of fun learning that you really understand how things like this really work at a low level. It's also great to be able to tell that you wrote an executable without even touching the compiler or interpreter. In addition, there are applications for kernel programming, reverse engineering, and (unsurprisingly) compiler building.
First of all, let's take a very quick look at how executing an ELF file actually works. Many details will be omitted. What's important is getting a good idea of what your computer is doing when you tell it to execute the ELF binary.
When you tell the computer to execute an ELF binary, the first thing it will look for is the corresponding ELF headers. These headers contain all sorts of important information about the processor architecture, file segments and sections, and more - we'll talk about that later. The header also contains information that helps the computer identify the file as ELF. Most importantly, the ELF header contains information about the program header table in the case of an executable file and the virtual address to which the computer transfers control when executed.
, , . - , , «text» «data», . , , .
, , , ELF, .
, , , ELF x86. - Bless. Linux, ELF . Unix- , -, . , . Windows, . , x86 ( x86_64 ), .
ELF . (payload), . -, ELF program header table, . , , , .
: ELF . , , , , , . (: ) , « -» « », . !
, , . "Hello World!" , 93. , . ( ), ( «Hello World!» ). , :
(text segment)
mov ebx, 1
mov eax, 4
mov ecx, HWADDR
mov edx, HWLEN
int 0x80
mov eax, 1
mov ebx, 0x5D
int 0x80
, . 0x80 , EAX EBX , . .
. , -, . x86 , , :
0xBB 0x01 0x00 0x00 0x00
0xB8 0x04 0x00 0x00 0x00
0xB9 0x** 0x** 0x** 0x**
0xBA 0x0D 0x00 0x00 0x00
0xCD 0x80
0xB8 0x01 0x00 0x00 0x00
0xBB 0x5D 0x00 0x00 0x00
0xCD 0x80
( . , )
, «Hello World!\n». ASCII ('man ascii'), , , :
(data segment)
0x48 0x65 0x6C 0x6C 0x6F 0x20 0x57 0x6F 0x72 0x6C 0x64 0x21 0x0A
!
. , , , , - ELF . ELF , :
e_ident(16), e_type(2), e_machine(2), e_version(4), e_entry(4), e_phoff(4),
e_shoff(4), e_flags(4), e_ehsize(2), e_phentsize(2), e_phnum(2), e_shentsize(2)
e_shnum(2), e_shstrndx(2)
, , .
e_ident (16) - 16 , ELF. 0x7F, 'E', L ', F'. 0x01 32- little-endian. , 0x00, , 16 (= 0x10).
e_type (2) - 0x02 0x00. , , ELF.
e_machine (2) - 0x03 0x00, , ELF i386.
e_version (4) - 0x01 0x00 0x00 0x00.
e_entry (4) - . , 0x** 0x** 0x** 0x**.
e_phoff (4) - program header table. ELF, ELF : 0x34 0x00 0x00 0x00.
e_shoff (4) - . . 0x00 0x00 0x00 0x00.
e_flags (4) - . 0x00 0x00 0x00 0x00 .
e_ehsize (2) - ELF, 0x34 0x00.
e_phentsize (2) - . , , 0x20 0x00. , , .
e_phnum (2) - , . , 0x02 0x00.
e_shentsize (2), e_shnum (2), e_shstrndx (2) - , ( ), 0x00 0x00 0x00 0x00 0x00 0x00.
ELF! , , , :
0x7F 0x45 0x4C 0x46 0x01 0x01 0x01 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x10 0x02 0x00 0x03 0x00 0x01 0x00 0x00 0x00
0x** 0x** 0x** 0x** 0x34 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0x00 0x00 0x00 0x00 0x34 0x00 0x20 0x00 0x02 0x00 0x00 0x00
0x00 0x00 0x00 0x00
. program header table. :
p_type(4), p_offset(4), p_vaddr(4), p_paddr(4), p_filesz(4), p_memsz(4),
p_flags(4), p_align(4)
, ( : , ) :
p_type (4) - . , PT_LOAD (= 0x01 0x00 0x00 0x00).
p_offset (4) - . , , . 0x** 0x** 0x** 0x**.
p_vaddr (4) - . 0x** 0x** 0x** 0x** 0x**, .
p_paddr (4) - , 0x00 0x00 0x00 0x00.
p_filesz (4) - , . , 0x** 0x** 0x** 0x**. .
p_memsz (4) - . , p_filesz, . 0x** 0x** 0x** 0x**, , , p_filesz.
p_flags (4) - , . , , READ - 0x04, WRITE - 0x02, EXEC - 0x01. READ + EXEC, 0x05 0x00 0x00 0x00, READ + WRITE + EXEC, 0x07 0x00 0x00 0x00.
p_align (4) - . 4 , 0x1000. , x86 little-endian, 0x00 0x10 0x00 0x00.
. , , . , ELF, . , (, , ELF - ?) :
0x01 0x00 0x00 0x00 0x** 0x** 0x** 0x** 0x** 0x** 0x** 0x**
0x00 0x00 0x00 0x00 0x** 0x** 0x** 0x** 0x** 0x** 0x** 0x**
0x05 0x00 0x00 0x00 0x00 0x10 0x00 0x00
0x01 0x00 0x00 0x00 0x** 0x** 0x** 0x** 0x** 0x** 0x** 0x**
0x00 0x00 0x00 0x00 0x** 0x** 0x** 0x** 0x** 0x** 0x** 0x**
0x07 0x00 0x00 0x00 0x00 0x10 0x00 0x00
, . ELF , , , - , , . , .
-, , - . . ELF 116 + 2 , 116 = 0x74, 0x74. , 0x80. 0x74 0x7F 0x00, 0x80 .
34 = 0x22 , , 0x80 + 0x22 = 0xA2. 0xA4 0xA2 0xA3 0x00.
, , ELF, 0x00 0x73, 0x74 0x7F , 0x80 0xA1, 0xA2 0xA3 , 0xA4 0xB0. , , , .
, , . , , .
e_entry (4) - 0x80 0x80 0x04 0x08; 0x8048080 . , , , , , - , . ELF , , .
p_offset (4) - 0x80 0x00 0x00 0x00 , 0xA4 0x00 0x00 0x00 . - , .
p_vaddr (4) - 0x80 0x80 0x04 0x08 , 0xA4 0x80 0x04 0x08 . , , , .
p_filesz (4) - 0x24 0x00 0x00 0x00 , 0x20 0x00 0x00 0x00 . . p_memsz = p_filesz, .
, , :
7F 45 4C 46 01 01 01 00 00 00 00 00 00 00 00 10 02 00 03 00
01 00 00 00 80 80 04 08 34 00 00 00 00 00 00 00 00 00 00 00
34 00 20 00 02 00 00 00 00 00 00 00 01 00 00 00 80 00 00 00
80 80 04 08 00 00 00 00 24 00 00 00 24 00 00 00 05 00 00 00
00 10 00 00 01 00 00 00 A4 00 00 00 A4 80 04 08 00 00 00 00
20 00 00 00 20 00 00 00 07 00 00 00 00 10 00 00 00 00 00 00
00 00 00 00 00 00 00 00 BB 01 00 00 00 B8 04 00 00 00 B9 A4
80 04 08 BA 0D 00 00 00 CD 80 B8 01 00 00 00 BB 2A 00 00 00
CD 80 00 00 48 65 6C 6C 6F 20 57 6F 72 6C 64 21 0A
That's all. Run chmod + x on this binary and then execute it. Hello World in 178 bytes. I hope you enjoyed writing this. :-) If you find this HOWTO useful or interesting, let me know! I always appreciate it. Also, advice, comments and / or constructive criticism are always welcome.