如何让 GDB 将我手工制作的可运行 ELF 文件识别为可执行文件?
[英]How to make GDB recognize my handmade runnable ELF file as an executable?
问题描述
I have the following AMD64 ELF file on 64-bit (Arch)linux (not formatted to make it easier to copy-paste)
我在 64 位(Arch)linux 上有以下 AMD64 ELF 文件(未格式化以便更容易复制粘贴)
7F 45 4C 46 02 01 01 00 00 00 00 00 00 00 00 00 02 00 3E 00 01 00 00 00 78 00 40 00 00 00 00 00 40 00 00 00 00 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 40 00 38 00 01 00 40 00 03 00 02 00 01 00 00 00 05 00 00 00 78 00 00 00 00 00 00 00 78 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 48 B8 3C 00 00 00 00 00 00 00 0F 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 78 00 40 00 00 00 00 00 78 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 07 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 01 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 2E 74 65 78 74 00 2E 73 68 73 74 72 74 61 62 00
which does nothing but immediately exit.除了立即退出之外什么都不做。
The output of readelf -a is readelf -a的 output 是
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x400078
Start of program headers: 64 (bytes into file)
Start of section headers: 132 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 1
Size of section headers: 64 (bytes)
Number of section headers: 3
Section header string table index: 2
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .text PROGBITS 0000000000400078 00000078
000000000000000c 000000000000000c AX 0 0 8
[ 2] .shstrtab STRTAB 0000000000000000 00000144
0000000000000010 0000000000000010 0 0 0
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
l (large), p (processor specific)
There are no section groups in this file.
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000078 0x0000000000400078 0x0000000000000000
0x000000000000000c 0x000000000000000c R E 0x200000
Section to Segment mapping:
Segment Sections...
00 .text
There is no dynamic section in this file.
There are no relocations in this file.
The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.
No version information found in this file.
Although the executable runs perfectly fine, when I execute gdb <file> I am greeted with "0x7ffd7e078db0s": not in executable format: file format not recognized虽然可执行文件运行得非常好,但当我执行gdb <file>我"0x7ffd7e078db0s": not in executable format: file format not recognized
The weird thing is, when I remove all sections (so an ELF remains with only file header, program header and code) GDB does recognize it as an executable.奇怪的是,当我删除所有部分时(因此 ELF 仅保留文件 header、程序 header 和代码)GDB 确实将其识别为可执行文件。
Thus, my question is, how can I let GDB recognize my file as an executable?因此,我的问题是,如何让 GDB 将我的文件识别为可执行文件? Alternatively, what information does GDB use to determine that a file is executable?或者,GDB 使用什么信息来确定文件是可执行的?
Thanks for your time and effort.感谢您的时间和精力。
1 个解决方案
解决方案1
0 已采纳 2020-12-11 05:11:04
Your .shstrtab section has length 0x10 , but should have length 0x11 :您的.shstrtab部分的长度为0x10 ,但长度应为0x11 :
0 1 2 3 4 5 6 7 8 9 A B C D E F <-- byte offset
\0 . t e x t \0 . s h s t r t a b \0 <-- value
Changing 293 rd byte from 0x10 to 0x11 makes the program run under GDB.将第293个字节从0x10更改为0x11使程序在 GDB 下运行。
PS eu-readelf is more robust than readelf , and makes the error clearer. PS eu-readelf比readelf更健壮,并且使错误更清晰。 Using original (broken) binary:使用原始(损坏的)二进制文件:
$ readelf -WS junk.elf
There are 3 section headers, starting at offset 0x84:
Section Headers:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 0] NULL 0000000000000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 0000000000400078 000078 00000c 0c AX 0 0 8
[ 2] .shstrtab STRTAB 0000000000000000 000144 000010 10 0 0 0
Compare to eu-readelf :与eu-readelf比较:
$ eu-readelf -WS junk.elf
There are 3 section headers, starting at offset 0x84:
Section Headers:
[Nr] Name Type Addr Off Size ES Flags Lk Inf Al
[ 0] NULL 0000000000000000 00000000 00000000 0 0 0 0
[ 1] .text PROGBITS 0000000000400078 00000078 0000000c 12 AX 0 0 8
[ 2] <corrupt> STRTAB 0000000000000000 00000144 00000010 16 0 0 0
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.