計算機系統篇之鏈接(9):PIC 函數調用在 Linux 上的 X86-64 示例
Author:stormQ
Wednesday, 15. April 2020 04:35PM
step 1: 生成共享庫,見前篇
step 2: 生成測試程序(用於調用以上兩個共享庫)——main_mix,見前篇
step 3: 分析可執行文件 main_mix 中 PLT 與 GOT 條目間的對應關係
1)查看可執行文件 main_mix 的 sections
$ readelf -S main_mix
輸出結果爲:
There are 36 section headers, starting at offset 0x1c40:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
; Skip ......
[ 9] .rela.dyn RELA 0000000000400520 00000520
0000000000000018 0000000000000018 A 5 0 8
[10] .rela.plt RELA 0000000000400538 00000538
0000000000000048 0000000000000018 AI 5 24 8
[11] .init PROGBITS 0000000000400580 00000580
000000000000001a 0000000000000000 AX 0 0 4
[12] .plt PROGBITS 00000000004005a0 000005a0
0000000000000040 0000000000000010 AX 0 0 16
[13] .plt.got PROGBITS 00000000004005e0 000005e0
0000000000000008 0000000000000000 AX 0 0 8
[14] .text PROGBITS 00000000004005f0 000005f0
0000000000000192 0000000000000000 AX 0 0 16
[15] .fini PROGBITS 0000000000400784 00000784
0000000000000009 0000000000000000 AX 0 0 4
[16] .rodata PROGBITS 0000000000400790 00000790
0000000000000004 0000000000000004 AM 0 0 4
[17] .eh_frame_hdr PROGBITS 0000000000400794 00000794
0000000000000034 0000000000000000 A 0 0 4
[18] .eh_frame PROGBITS 00000000004007c8 000007c8
00000000000000f4 0000000000000000 A 0 0 8
[19] .init_array INIT_ARRAY 0000000000600df0 00000df0
0000000000000008 0000000000000000 WA 0 0 8
[20] .fini_array FINI_ARRAY 0000000000600df8 00000df8
0000000000000008 0000000000000000 WA 0 0 8
[21] .jcr PROGBITS 0000000000600e00 00000e00
0000000000000008 0000000000000000 WA 0 0 8
[22] .dynamic DYNAMIC 0000000000600e08 00000e08
00000000000001f0 0000000000000010 WA 6 0 8
[23] .got PROGBITS 0000000000600ff8 00000ff8
0000000000000008 0000000000000008 WA 0 0 8
[24] .got.plt PROGBITS 0000000000601000 00001000
0000000000000030 0000000000000008 WA 0 0 8
[25] .data PROGBITS 0000000000601030 00001030
0000000000000010 0000000000000000 WA 0 0 8
[26] .bss NOBITS 0000000000601040 00001040
0000000000000008 0000000000000000 WA 0 0 1
; Skip ......
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), l (large)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
從輸出結果中可以看出:
- 可執行文件 main_mix 的 .got.plt 的起始位置爲 0x601000,大小爲 0x30,共有 6 個條目
2)反彙編可執行文件 main_mix 的 .plt section
$ objdump -d main_mix
輸出結果爲:
; Skip ......
Disassembly of section .plt:
00000000004005a0 <_Z3addii@plt-0x10>:
4005a0: ff 35 62 0a 20 00 pushq 0x200a62(%rip) # 601008 <_GLOBAL_OFFSET_TABLE_+0x8>
4005a6: ff 25 64 0a 20 00 jmpq *0x200a64(%rip) # 601010 <_GLOBAL_OFFSET_TABLE_+0x10>
4005ac: 0f 1f 40 00 nopl 0x0(%rax)
00000000004005b0 <_Z3addii@plt>:
4005b0: ff 25 62 0a 20 00 jmpq *0x200a62(%rip) # 601018 <_GLOBAL_OFFSET_TABLE_+0x18>
4005b6: 68 00 00 00 00 pushq $0x0
4005bb: e9 e0 ff ff ff jmpq 4005a0 <_init+0x20>
00000000004005c0 <_Z3subii@plt>:
4005c0: ff 25 5a 0a 20 00 jmpq *0x200a5a(%rip) # 601020 <_GLOBAL_OFFSET_TABLE_+0x20>
4005c6: 68 01 00 00 00 pushq $0x1
4005cb: e9 d0 ff ff ff jmpq 4005a0 <_init+0x20>
00000000004005d0 <__libc_start_main@plt>:
4005d0: ff 25 52 0a 20 00 jmpq *0x200a52(%rip) # 601028 <_GLOBAL_OFFSET_TABLE_+0x28>
4005d6: 68 02 00 00 00 pushq $0x2
4005db: e9 c0 ff ff ff jmpq 4005a0 <_init+0x20>
; Skip ......
從輸出結果中可以看出…
關注公衆號,即可查看完整內容。
