ELF file by hand

Question

Hey, I've created an ELF file by hand, it has two sections(.text and .shstrtab) and a programm header which loads the .text section. The .text section is very small and it only consists of following three instructions...

    # and exit
    movl    $0,%ebx       # first argument: exit code
    movl    $1,%eax       # system call number (sys_exit)
    int     $0x80         # call kernel

The readelf does not complain when I run it on this elf file. If I excute this file, then as soon as I execute it, it gets killed and the message "Killed" appears on the screen. I've gone through the following post here at stackoverflow and I'm still going through it.

Now my concern is that this programm does not ask for any (additional)memory and also is it really possible to do an ELF by hand and expect it to be tolerated at all by the system?.

Thank you,

Answer 1

The ELF loader can send SIGKILL to your process for a variety of reasons; you probably have a bad address and/or length somewhere in the headers.

e.g. a PT_LOAD segment must map the appropriate part of the executable to a sensible address (the usual address for x86 Linux is 0x08048000, although that's probably not critical as long it is page aligned, not 0, and not too high) and the addresses in both the .text section header and the entry point in the ELF header need to match up with that.

There's no reason why you shouldn't be able to do this by hand (if the linker can create it, so can you!) - if you really want to. But note that if you simply assemble then link with symbols stripped (the -s flag to ld below):

$ cat exit.s
.globl _start
_start:
 movl $0,%ebx
 movl $1,%eax
 int $0x80
$ as -o exit.o exit.s
$ ld -s -o exit exit.o
$ ./exit
$ hexdump -Cv exit
00000000  7f 45 4c 46 01 01 01 00  00 00 00 00 00 00 00 00  |.ELF............|
00000010  02 00 03 00 01 00 00 00  54 80 04 08 34 00 00 00  |........T...4...|
00000020  74 00 00 00 00 00 00 00  34 00 20 00 01 00 28 00  |t.......4. ...(.|
00000030  03 00 02 00 01 00 00 00  00 00 00 00 00 80 04 08  |................|
00000040  00 80 04 08 60 00 00 00  60 00 00 00 05 00 00 00  |....`...`.......|
00000050  00 10 00 00 bb 00 00 00  00 b8 01 00 00 00 cd 80  |................|
00000060  00 2e 73 68 73 74 72 74  61 62 00 2e 74 65 78 74  |..shstrtab..text|
00000070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000080  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000090  00 00 00 00 00 00 00 00  00 00 00 00 0b 00 00 00  |................|
000000a0  01 00 00 00 06 00 00 00  54 80 04 08 54 00 00 00  |........T...T...|
000000b0  0c 00 00 00 00 00 00 00  00 00 00 00 04 00 00 00  |................|
000000c0  00 00 00 00 01 00 00 00  03 00 00 00 00 00 00 00  |................|
000000d0  00 00 00 00 60 00 00 00  11 00 00 00 00 00 00 00  |....`...........|
000000e0  00 00 00 00 01 00 00 00  00 00 00 00              |............|
000000ec
$

...then the result is fairly minimal anyway (probably sufficiently minimal to compare with your failing hand-crafted file to see where you've gone wrong).