How to write machine language commands directly to ELF executable
I'm currently using NASM to take some assembly code commands, make a .o file, and then using ld to link it to an ELF executable. My assembly file ok.asm:
section .text
global _start ;must be declared for linker (ld)
_start: ;tells linker entry point
mov edx,len ;message length
mov ecx,msg ;message to write
mov ebx,1 ;file descriptor (stdout)
mov eax,4 ;system call number (sys_write)
int 0x80 ;call kernel
mov eax,1 ;system call number (sys_exit)
int 0x80 ;call kernel
section .data
msg db 'Hello, world!', 0xa ;string to be printed
len equ $ - msg ;length of the string
Then nasm -f elf ok.asm which generates ok.o
Then ld -m elf_1386 -s -o yo ok.o to generate the finished product.
The problem is that I want to be able to test out pure machine language (not necessarily assembly) without any dependencies to build and link it, like NASM and LD. All I have available is the ability to write (/generate) pure bytes into a file, so I would like to take the machine language pure commands (I can take care of that part) and write it to an executable .ELF format (the part I need help with).
If I object dump it I can get some idea of the architecture.
First objdump -x ./yo (to get the header info):
x ./yo
./yo: file format elf32-i386
./yo
architecture: i386, flags 0x00000102:
EXEC_P, D_PAGED
start address 0x08048080
Program Header:
LOAD off 0x00000000 vaddr 0x08048000 paddr 0x08048000 align 2**12
filesz 0x0000009d memsz 0x0000009d flags r-x
LOAD off 0x000000a0 vaddr 0x080490a0 paddr 0x080490a0 align 2**12
filesz 0x0000000e memsz 0x0000000e flags rw-
Sections:
Idx Name Size VMA LMA File off Algn
0 .text 0000001d 08048080 08048080 00000080 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
1 .data 0000000e 080490a0 080490a0 000000a0 2**2
CONTENTS, ALLOC, LOAD, DATA
SYMBOL TABLE:
no symbols
Now objdump -s ./yo to get the contents:
s yo
yo: file format elf32-i386
Contents of section .text:
8048080 ba0e0000 00b9a090 0408bb01 000000b8 ................
8048090 04000000 cd80b801 000000cd 80 .............
Contents of section .data:
80490a0 48656c6c 6f2c2077 6f726c64 210a Hello, world!.
Pretty sure that ".text" section contains the pure machine code bytes generated from the above commands (e.g., mov edx, len ;etc)
And when I read it byte-for-byte in JavaScript along with the string, I get this (360 lines, one line for each byte, first line number, then byte in base 2, then charCode, then actual char):
000: 01111111, 127: \u007f
001: 01000101, 069: E
002: 01001100, 076: L
003: 01000110, 070: F
004: 00000001, 001: \u0001
005: 00000001, 001: \u0001
006: 00000001, 001: \u0001
007: 00000000, 000: \u0000
008: 00000000, 000: \u0000
009: 00000000, 000: \u0000
010: 00000000, 000: \u0000
011: 00000000, 000: \u0000
012: 00000000, 000: \u0000
013: 00000000, 000: \u0000
014: 00000000, 000: \u0000
015: 00000000, 000: \u0000
016: 00000010, 002: \u0002
017: 00000000, 000: \u0000
018: 00000011, 003: \u0003
019: 00000000, 000: \u0000
020: 00000001, 001: \u0001
021: 00000000, 000: \u0000
022: 00000000, 000: \u0000
023: 00000000, 000: \u0000
024: 10000000, 128: \u0080
025: 10000000, 128: \u0080
026: 00000100, 004: \u0004
027: 00001000, 008: \u0008
028: 00110100, 052: 4
029: 00000000, 000: \u0000
030: 00000000, 000: \u0000
031: 00000000, 000: \u0000
032: 11001000, 200: È
033: 00000000, 000: \u0000
034: 00000000, 000: \u0000
035: 00000000, 000: \u0000
036: 00000000, 000: \u0000
037: 00000000, 000: \u0000
038: 00000000, 000: \u0000
039: 00000000, 000: \u0000
040: 00110100, 052: 4
041: 00000000, 000: \u0000
042: 00100000, 032:
043: 00000000, 000: \u0000
044: 00000010, 002: \u0002
045: 00000000, 000: \u0000
046: 00101000, 040: (
047: 00000000, 000: \u0000
048: 00000100, 004: \u0004
049: 00000000, 000: \u0000
050: 00000011, 003: \u0003
051: 00000000, 000: \u0000
052: 00000001, 001: \u0001
053: 00000000, 000: \u0000
054: 00000000, 000: \u0000
055: 00000000, 000: \u0000
056: 00000000, 000: \u0000
057: 00000000, 000: \u0000
058: 00000000, 000: \u0000
059: 00000000, 000: \u0000
060: 00000000, 000: \u0000
061: 10000000, 128: \u0080
062: 00000100, 004: \u0004
063: 00001000, 008: \u0008
064: 00000000, 000: \u0000
065: 10000000, 128: \u0080
066: 00000100, 004: \u0004
067: 00001000, 008: \u0008
068: 10011101, 157: \u009d
069: 00000000, 000: \u0000
070: 00000000, 000: \u0000
071: 00000000, 000: \u0000
072: 10011101, 157: \u009d
073: 00000000, 000: \u0000
074: 00000000, 000: \u0000
075: 00000000, 000: \u0000
076: 00000101, 005: \u0005
077: 00000000, 000: \u0000
078: 00000000, 000: \u0000
079: 00000000, 000: \u0000
080: 00000000, 000: \u0000
081: 00010000, 016: \u0010
082: 00000000, 000: \u0000
083: 00000000, 000: \u0000
084: 00000001, 001: \u0001
085: 00000000, 000: \u0000
086: 00000000, 000: \u0000
087: 00000000, 000: \u0000
088: 10100000, 160:
089: 00000000, 000: \u0000
090: 00000000, 000: \u0000
091: 00000000, 000: \u0000
092: 10100000, 160:
093: 10010000, 144: \u0090
094: 00000100, 004: \u0004
095: 00001000, 008: \u0008
096: 10100000, 160:
097: 10010000, 144: \u0090
098: 00000100, 004: \u0004
099: 00001000, 008: \u0008
100: 00001110, 014: \u000e
101: 00000000, 000: \u0000
102: 00000000, 000: \u0000
103: 00000000, 000: \u0000
104: 00001110, 014: \u000e
105: 00000000, 000: \u0000
106: 00000000, 000: \u0000
107: 00000000, 000: \u0000
108: 00000110, 006: \u0006
109: 00000000, 000: \u0000
110: 00000000, 000: \u0000
111: 00000000, 000: \u0000
112: 00000000, 000: \u0000
113: 00010000, 016: \u0010
114: 00000000, 000: \u0000
115: 00000000, 000: \u0000
116: 00000000, 000: \u0000
117: 00000000, 000: \u0000
118: 00000000, 000: \u0000
119: 00000000, 000: \u0000
120: 00000000, 000: \u0000
121: 00000000, 000: \u0000
122: 00000000, 000: \u0000
123: 00000000, 000: \u0000
124: 00000000, 000: \u0000
125: 00000000, 000: \u0000
126: 00000000, 000: \u0000
127: 00000000, 000: \u0000
128: 10111010, 186: º
129: 00001110, 014: \u000e
130: 00000000, 000: \u0000
131: 00000000, 000: \u0000
132: 00000000, 000: \u0000
133: 10111001, 185: ¹
134: 10100000, 160:
135: 10010000, 144: \u0090
136: 00000100, 004: \u0004
137: 00001000, 008: \u0008
138: 10111011, 187: »
139: 00000001, 001: \u0001
140: 00000000, 000: \u0000
141: 00000000, 000: \u0000
142: 00000000, 000: \u0000
143: 10111000, 184: ¸
144: 00000100, 004: \u0004
145: 00000000, 000: \u0000
146: 00000000, 000: \u0000
147: 00000000, 000: \u0000
148: 11001101, 205: Í
149: 10000000, 128: \u0080
150: 10111000, 184: ¸
151: 00000001, 001: \u0001
152: 00000000, 000: \u0000
153: 00000000, 000: \u0000
154: 00000000, 000: \u0000
155: 11001101, 205: Í
156: 10000000, 128: \u0080
157: 00000000, 000: \u0000
158: 00000000, 000: \u0000
159: 00000000, 000: \u0000
160: 01001000, 072: H
161: 01100101, 101: e
162: 01101100, 108: l
163: 01101100, 108: l
164: 01101111, 111: o
165: 00101100, 044: ,
166: 00100000, 032:
167: 01110111, 119: w
168: 01101111, 111: o
169: 01110010, 114: r
170: 01101100, 108: l
171: 01100100, 100: d
172: 00100001, 033: !
173: 00001010, 010:
174: 00000000, 000: \u0000
175: 00101110, 046: .
176: 01110011, 115: s
177: 01101000, 104: h
178: 01110011, 115: s
179: 01110100, 116: t
180: 01110010, 114: r
181: 01110100, 116: t
182: 01100001, 097: a
183: 01100010, 098: b
184: 00000000, 000: \u0000
185: 00101110, 046: .
186: 01110100, 116: t
187: 01100101, 101: e
188: 01111000, 120: x
189: 01110100, 116: t
190: 00000000, 000: \u0000
191: 00101110, 046: .
192: 01100100, 100: d
193: 01100001, 097: a
194: 01110100, 116: t
195: 01100001, 097: a
196: 00000000, 000: \u0000
197: 00000000, 000: \u0000
198: 00000000, 000: \u0000
199: 00000000, 000: \u0000
200: 00000000, 000: \u0000
201: 00000000, 000: \u0000
202: 00000000, 000: \u0000
203: 00000000, 000: \u0000
204: 00000000, 000: \u0000
205: 00000000, 000: \u0000
206: 00000000, 000: \u0000
207: 00000000, 000: \u0000
208: 00000000, 000: \u0000
209: 00000000, 000: \u0000
210: 00000000, 000: \u0000
211: 00000000, 000: \u0000
212: 00000000, 000: \u0000
213: 00000000, 000: \u0000
214: 00000000, 000: \u0000
215: 00000000, 000: \u0000
216: 00000000, 000: \u0000
217: 00000000, 000: \u0000
218: 00000000, 000: \u0000
219: 00000000, 000: \u0000
220: 00000000, 000: \u0000
221: 00000000, 000: \u0000
222: 00000000, 000: \u0000
223: 00000000, 000: \u0000
224: 00000000, 000: \u0000
225: 00000000, 000: \u0000
226: 00000000, 000: \u0000
227: 00000000, 000: \u0000
228: 00000000, 000: \u0000
229: 00000000, 000: \u0000
230: 00000000, 000: \u0000
231: 00000000, 000: \u0000
232: 00000000, 000: \u0000
233: 00000000, 000: \u0000
234: 00000000, 000: \u0000
235: 00000000, 000: \u0000
236: 00000000, 000: \u0000
237: 00000000, 000: \u0000
238: 00000000, 000: \u0000
239: 00000000, 000: \u0000
240: 00001011, 011: \u000b
241: 00000000, 000: \u0000
242: 00000000, 000: \u0000
243: 00000000, 000: \u0000
244: 00000001, 001: \u0001
245: 00000000, 000: \u0000
246: 00000000, 000: \u0000
247: 00000000, 000: \u0000
248: 00000110, 006: \u0006
249: 00000000, 000: \u0000
250: 00000000, 000: \u0000
251: 00000000, 000: \u0000
252: 10000000, 128: \u0080
253: 10000000, 128: \u0080
254: 00000100, 004: \u0004
255: 00001000, 008: \u0008
256: 10000000, 128: \u0080
257: 00000000, 000: \u0000
258: 00000000, 000: \u0000
259: 00000000, 000: \u0000
260: 00011101, 029: \u001d
261: 00000000, 000: \u0000
262: 00000000, 000: \u0000
263: 00000000, 000: \u0000
264: 00000000, 000: \u0000
265: 00000000, 000: \u0000
266: 00000000, 000: \u0000
267: 00000000, 000: \u0000
268: 00000000, 000: \u0000
269: 00000000, 000: \u0000
270: 00000000, 000: \u0000
271: 00000000, 000: \u0000
272: 00010000, 016: \u0010
273: 00000000, 000: \u0000
274: 00000000, 000: \u0000
275: 00000000, 000: \u0000
276: 00000000, 000: \u0000
277: 00000000, 000: \u0000
278: 00000000, 000: \u0000
279: 00000000, 000: \u0000
280: 00010001, 017: \u0011
281: 00000000, 000: \u0000
282: 00000000, 000: \u0000
283: 00000000, 000: \u0000
284: 00000001, 001: \u0001
285: 00000000, 000: \u0000
286: 00000000, 000: \u0000
287: 00000000, 000: \u0000
288: 00000011, 003: \u0003
289: 00000000, 000: \u0000
290: 00000000, 000: \u0000
291: 00000000, 000: \u0000
292: 10100000, 160:
293: 10010000, 144: \u0090
294: 00000100, 004: \u0004
295: 00001000, 008: \u0008
296: 10100000, 160:
297: 00000000, 000: \u0000
298: 00000000, 000: \u0000
299: 00000000, 000: \u0000
300: 00001110, 014: \u000e
301: 00000000, 000: \u0000
302: 00000000, 000: \u0000
303: 00000000, 000: \u0000
304: 00000000, 000: \u0000
305: 00000000, 000: \u0000
306: 00000000, 000: \u0000
307: 00000000, 000: \u0000
308: 00000000, 000: \u0000
309: 00000000, 000: \u0000
310: 00000000, 000: \u0000
311: 00000000, 000: \u0000
312: 00000100, 004: \u0004
313: 00000000, 000: \u0000
314: 00000000, 000: \u0000
315: 00000000, 000: \u0000
316: 00000000, 000: \u0000
317: 00000000, 000: \u0000
318: 00000000, 000: \u0000
319: 00000000, 000: \u0000
320: 00000001, 001: \u0001
321: 00000000, 000: \u0000
322: 00000000, 000: \u0000
323: 00000000, 000: \u0000
324: 00000011, 003: \u0003
325: 00000000, 000: \u0000
326: 00000000, 000: \u0000
327: 00000000, 000: \u0000
328: 00000000, 000: \u0000
329: 00000000, 000: \u0000
330: 00000000, 000: \u0000
331: 00000000, 000: \u0000
332: 00000000, 000: \u0000
333: 00000000, 000: \u0000
334: 00000000, 000: \u0000
335: 00000000, 000: \u0000
336: 10101110, 174: ®
337: 00000000, 000: \u0000
338: 00000000, 000: \u0000
339: 00000000, 000: \u0000
340: 00010111, 023: \u0017
341: 00000000, 000: \u0000
342: 00000000, 000: \u0000
343: 00000000, 000: \u0000
344: 00000000, 000: \u0000
345: 00000000, 000: \u0000
346: 00000000, 000: \u0000
347: 00000000, 000: \u0000
348: 00000000, 000: \u0000
349: 00000000, 000: \u0000
350: 00000000, 000: \u0000
351: 00000000, 000: \u0000
352: 00000001, 001: \u0001
353: 00000000, 000: \u0000
354: 00000000, 000: \u0000
355: 00000000, 000: \u0000
356: 00000000, 000: \u0000
357: 00000000, 000: \u0000
358: 00000000, 000: \u0000
359: 00000000, 000: \u0000
Also a simple hexdump command yields the following:
hexdump -C -n 360 ./yo
00000000 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 03 00 01 00 00 00 80 80 04 08 34 00 00 00 |............4...|
00000020 c8 00 00 00 00 00 00 00 34 00 20 00 02 00 28 00 |........4. ...(.|
00000030 04 00 03 00 01 00 00 00 00 00 00 00 00 80 04 08 |................|
00000040 00 80 04 08 9d 00 00 00 9d 00 00 00 05 00 00 00 |................|
00000050 00 10 00 00 01 00 00 00 a0 00 00 00 a0 90 04 08 |................|
00000060 a0 90 04 08 0e 00 00 00 0e 00 00 00 06 00 00 00 |................|
00000070 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000080 ba 0e 00 00 00 b9 a0 90 04 08 bb 01 00 00 00 b8 |................|
00000090 04 00 00 00 cd 80 b8 01 00 00 00 cd 80 00 00 00 |................|
000000a0 48 65 6c 6c 6f 2c 20 77 6f 72 6c 64 21 0a 00 2e |Hello, world!...|
000000b0 73 68 73 74 72 74 61 62 00 2e 74 65 78 74 00 2e |shstrtab..text..|
000000c0 64 61 74 61 00 00 00 00 00 00 00 00 00 00 00 00 |data............|
000000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000000f0 0b 00 00 00 01 00 00 00 06 00 00 00 80 80 04 08 |................|
00000100 80 00 00 00 1d 00 00 00 00 00 00 00 00 00 00 00 |................|
00000110 10 00 00 00 00 00 00 00 11 00 00 00 01 00 00 00 |................|
00000120 03 00 00 00 a0 90 04 08 a0 00 00 00 0e 00 00 00 |................|
00000130 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|
00000140 01 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 |................|
00000150 ae 00 00 00 17 00 00 00 00 00 00 00 00 00 00 00 |................|
00000160 01 00 00 00 00 00 00 00 |........|
00000168
I've also seen https://docs.oracle.com/cd/E19455-01/806-3773/6jct9o0bs/index.html
as well as this https://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/
which gives this useful picture diagram:
as well as a link to the elf header file.
The question:
How, exactly, can I simply "insert" the pure machine language list of commands directly into an ELF file format (perhaps using a template based on the above?) without using any external dependencies (like NASM, LD etc.), only a pure binary writer?
I tried simply changing the string "Hello, World!" to something longer, but (obviously) it got cut off, because the length was only set to a specific amount, but I don't know where to find the length attribute in the binary code, if someone could at least point to that, then that would be helpful
bluejayke0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0