Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot load prelinked binaries #191

Open
julioauto opened this issue Jun 17, 2019 · 3 comments
Open

Cannot load prelinked binaries #191

julioauto opened this issue Jun 17, 2019 · 3 comments
Labels
feature help wanted

Comments

@julioauto
Copy link

In some Linux systems, users can employ prelink (https://linux.die.net/man/8/prelink) to try to speed up startup time. I haven't dug too much into prelink's code (https://github.com/jwilk-mirrors/prelink) but surely it changes relocation entries in such a way that CLE cannot handle when loading a binary. The basic idea of prelink is to assign hard coded base addresses to shared objects so the final addresses of symbols will be known and advance and statically written in the relocation segments of ELF objects that use them.

In my view, a fix for this requires 2 things:

  1. Some logic to figure out whether a relocation entry has been tampered with by prelink or not - this is because you won't find offset values in these symbols, but actual absolute addresses; so this line (https://github.com/angr/cle/blob/master/cle/backends/elf/metaelf.py#L38) will be wrong and you need to use realaddr instead of the from-lva-to-rva calculation.

  2. Defer the PLT loading to after all objects have been loaded - this is because prelinked symbols will have addresses outside the address space of current object, so if you try to access these addresses (e.g. via self.memory.load at the line I mentioned above) you'll crash because there's no backer satisfying the target address. In fact, you may have to use self.loader.memory.load instead. One idea for implementing this deferring is to remove the call to _load_plt() from the ELF constructor (https://github.com/angr/cle/blob/master/cle/backends/elf/elf.py#L121) and move it to loader instead, after all objects have been mapped (e.g. circa https://github.com/angr/cle/blob/master/cle/loader.py#L682).
@rhelmot
Copy link
Member

rhelmot commented Jun 20, 2019

so! this is a lot. I don't think I can get to this myself, so I'm just going to slap the good old help-wanted sticker on this and see if anyone thinks they're up for it.

I don't think the PLT resolution is quite as critically broken in the presence of prelinks as you're thinking - the PLT walking code shouldn't ever try to jump out of the main binary; the last block it looks at should be the PLT stub itself, and should check for a reference to the relevant GOT slot. Prelinking does not change these properties of the PLT.

@symflood
Copy link
Contributor

symflood commented Sep 30, 2019
edited
Loading

#65 and #67 are related.

@github-actions
Copy link
Contributor

This issue has been marked as stale because it has no recent activity. Please comment or add the pinned tag to prevent this issue from being closed.

@github-actions github-actions bot added the stale label May 19, 2022
@rhelmot rhelmot added pinned and removed stale labels May 19, 2022
@zwimer zwimer removed the pinned label Nov 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rhelmot @julioauto @symflood @zwimer