layout: post title: "Software Security Notes 2 (Compilation, ELF)" date: 2021-2-24 09:00:00 +0800
RISC:
ARM
Single cycle instructions
Small number of instructions
CISC:
Intel x86
An instruction can take several clock cycles
Microcode
Large number of instructions
Side effect flags
32-bits: arguments in the stack
64-bits: registers used for arguments then the stack
eip(32bit)/rip(64bit) program counter/instruction pointer
Input: Assembly files
Output Object files(Machine code)/modules
use -c to generate
Relocatable
Position Independent Code
Input: Object files
Output: Binary code
Merged into binary executable
References resolved entirely
Shared in memory Symbolic references in the final executable, resolved when loaded to memory.
Shared library
Provide core functionalities to GNU system
Symbolic names and record which binary code and data correspond to each symbol
Translate machine instructions back into assembly
Has a lot more code
contains sections
resolces incomplete code and data reference
GDB (GNU Debugger):
See inside a program during execution
GEF:
exploit dev and reverse-engineering
Ghidra:
software analysis tools and features
<br />
<br />
Executable and Linkable Format
Used for executable files, object files, shared libraries and core dumps.
Information about the binary
Depending on the contents
Not all used during execution
NULL: a section without entry, name, nor bytes; mark the first section header.
.init: Run before others execute.
.fini: Run after program completes.
.text: Main code; Executable not writable; SHT_PROGBITS: contains user-defined code; Usually point to _start and __libc_start_main.
.rodata: read only data; constant values.
.data: Default values; Writable.
.bss: Block started by symbol. Reserve space for uninitialized variables. Writable.