• 4el1
  • New member
  • Offline
  • Registered: 2011-11-28
  • Posts: 2

Topic: Loading and executing elf from memory.

Hi everyone. Glad to be registered to this forum.

Please tell me is there a way to execute ELF file from memory?

I wrote a simple code in C, which reads elf-header, loads all segments by mmap into memory and transfers control to start point of executable by asm-command jmp. Everything goes ok with simple asm-programs like hello-world, but I get segfault while executing more complicated C-programs.
I've tried to pack them by UPX first, when load compressed file by my program (there are only two code segments in upx-file, no interpreter), but also got segfalt.

I think there are three problems:
1) I don't know how to correctly load interpreter (like /lib/ld-linux.so.2) and dynamic libraries.
2) I don't know what I should do with .got section, .bss section and others. It isn't enough to place them in memory, is it?
3) I place my code at wrong address (I tried 0x01048000 and 0x09048000).

I thought UPX would solve my problems #1 and #2, but I was wrong because UPX reads itself from file got by /proc/self/exe.
Also, I looked through UPX unpacker code, but it's a bit too complicated for me, so it would take a long time to understand it and implement it in my program.

Any ideas would be helpful, thanks!

Last edited by 4el1 (2011-11-28 16:45:18)

  • Registered: 2011-01-13
  • Posts: 77
  • User Karma: 4

Re: Loading and executing elf from memory.

i was thinking about coding the same thing but not executables, shared libraries, but they are mostly the same

- Have you Tried using Position Independent Code? -fPIC?
- The Memory Locations needs some sort of protection (mprotect) and be careful with mprotect's result, always check it since its not like the windows VirtualProtect, in VirtualProtect u specify a piece of memory, and VirtualProtect protects the whole page this memory is at, with mprotect thats not the case, u need to have a PAGE (with the exact page size, so u cant malloc(10) for example, must me malloc(PAGE_SIZE)) and send that pointer to mprotect. or u can use memalign().


hope this helps.
just let me know ur results.

  • herm1t
  • Administrator
  • Offline
  • Registered: 2010-01-06
  • Posts: 257
  • User Karma: 251

Re: Loading and executing elf from memory.

4el1 wrote:

1) I don't know how to correctly load interpreter (like /lib/ld-linux.so.2) and dynamic libraries.
2) I don't know what I should do with .got section, .bss section and others. It isn't enough to place them in memory, is it?
3) I place my code at wrong address (I tried 0x01048000 and 0x09048000).
Any ideas would be helpful, thanks!

2) GOT at very least must have the link_map pointer initialized, .bss - setbrk(2).
3) Use MAP_FIXED with mmap(2)

VX Heavens

herm1t's Website

  • 4el1
  • New member
  • Offline
  • Registered: 2011-11-28
  • Posts: 2

Re: Loading and executing elf from memory.

Hecktor wrote:

- Have you Tried using Position Independent Code? -fPIC?.

I want to be able to execute almost any ELF-file if you meant PIC in ELF-file. My program seems to be not PIC, but does it really matter?

Hecktor wrote:

- The Memory Locations needs some sort of protection (mprotect) and be careful with mprotect's result, always check it since its not like the windows VirtualProtect, in VirtualProtect u specify a piece of memory, and VirtualProtect protects the whole page this memory is at, with mprotect thats not the case, u need to have a PAGE (with the exact page size, so u cant malloc(10) for example, must me malloc(PAGE_SIZE)) and send that pointer to mprotect. or u can use memalign().

I do use mprotect with PAGE_SIZE alignment.

herm1t wrote:

2) GOT at very least must have the link_map pointer initialized, .bss - setbrk(2).

I'll try to do this, thanks.

herm1t wrote:

3) Use MAP_FIXED with mmap(2)

I do use MAP_FIXED to relocate memory for ELF segments, if you meant it. By this question I meant that I don't know where to place code of my program, which loads ELF-file. Just to simplify I assume that every elf-file I want to execute is placed at 0x08048000 (most of them actually are). So, my code is placed at 0x01048000 to prevent its corruption by loading elf-segments.