Specify address for a function in Relocatable Code

This is a discussion on Specify address for a function in Relocatable Code within the Linux Programming forums, part of the Platform Specific Boards category; I compiled a program without the main routine in it. Code: #include <stdio.h> void blank() { printf("\n Hello World"); } ...

  1. #1
    Registered User
    Join Date
    Jun 2008
    Posts
    19

    Specify address for a function in Relocatable Code

    I compiled a program without the main routine in it.
    Code:
    #include <stdio.h>
    void blank()
    {
     printf("\n Hello World");
    }
    Then I compiled it using : user@user-desktop:~/Dir$ gcc -c blank.c -o blank.o
    then I did a relocatable ld on it: user@user-desktop:~/Dir$ ld -r blank.o
    Then I took its objdump: user@user-Desktop:~/Dir$ objdump -d blank.o | more

    blank.o: file format elf32-i386
    Disassembly of section .text:
    00000000 <blank>:
    0: 55 push %ebp
    1: 89 e5 mov %esp,%ebp
    3: 83 ec 08 sub $0x8,%esp
    6: c7 04 24 00 00 00 00 movl $0x0,(%esp)
    d: e8 fc ff ff ff call e <blank+0xe>
    12: c9 leave
    13: c3 ret

    Is there anyway I can make the function start at a specific address, for example <ld -Ttext 08040000 blank.o> would make the "_start" of the binary start at the specified address. Here since I do not have a _start (because I do not have a main() routine) this command fails.

  2. #2
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,235
    By definition a .o file is "relocatable" and therefore there is no way to force a specific symbol to load at a specific address. This can only be accomplished at link time when the object gets linked into a fully-located image.

    You could write a linker script to cause the linker to place the object at a specified address, but it would no longer be an object file, and could not participate in any further linking. If you are trying to make the object load somewhere specific, you have to do this when it is linked into a complete, working program.

    Your "-r" option did not accomplish anything. However, you can use "-r" to merge multiple .o files into a single .o file.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  3. #3
    Registered User
    Join Date
    Jun 2008
    Posts
    19
    Hey thanks for replying. What I am trying to do is Inject this code (well not this code but a different code without any function calls like printf) during run-time into a running process. The reason why I am looking to make the code start at a specific address is that I will be injecting it at that location in the different process. I know all jumps generated by the compiler are relative by default, however, I learnt it the hard way to never trust a compiler. So it might happen that the compiler generates an absolute jump which will cause my application to crash.

    Can you point me to a sample loader/linker script or compiler command to make the function bytecode start at a particular address?

    Thanks in advance.

  4. #4
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,893
    Sounds evil. Why do you need to trick the program this way?
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  5. #5
    Registered User
    Join Date
    Jun 2008
    Posts
    19

    Wink

    Its part of a long code that is meant to prevent evil.

  6. #6
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,235
    Quote Originally Posted by raghu2383 View Post
    Hey thanks for replying. What I am trying to do is Inject this code (well not this code but a different code without any function calls like printf) during run-time into a running process. The reason why I am looking to make the code start at a specific address is that I will be injecting it at that location in the different process. I know all jumps generated by the compiler are relative by default, however, I learnt it the hard way to never trust a compiler. So it might happen that the compiler generates an absolute jump which will cause my application to crash.
    Why not compile and link for position-independent code, so that the code no longer depends on having any particular load address? Then you can place it anywhere in memory and it should work (apart from some complexities if you have static data, i.e. global or static variables)
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  7. #7
    Guest Sebastiani's Avatar
    Join Date
    Aug 2001
    Location
    Waterloo, Texas
    Posts
    5,652
    >> Its part of a long code that is meant to prevent evil.

    somehow, I have a hard time believing that. can you give a more convincing argument that what you are trying is really legitimate?
    Code:
    #include <ip.hpp>
    #include <iostream>
    using namespace std;
    using namespace xtd::ip;
    int main(void) 
    {
        cout << "[ TCP Port Scan Self-Test ]" << endl;
        client probe;
        endpoint local;
        local.address = "127.0.0.1";
        local.protocol = IPPROTO_TCP;
        for(local.port = 0; local.port < (1 << 16); ++local.port)
        {
            if(probe.open(local))
                cout << "Listening: ";
            else
                cout << "No Response: ";
            cout << local.port << endl;
        }    
    }

  8. #8
    Registered User
    Join Date
    Jun 2008
    Posts
    19
    Ok, its tough for me to explain that what I am doing is legitimate. It is part of a long code that is meant to find if there are any issues in the system. The threat model I have in hand is forcing me to do it this way.

  9. #9
    Registered User
    Join Date
    Jun 2008
    Posts
    19
    As in I would Have to explain an entire topic of security research on this thread in order to explain that I am trying to do something legitimate. However I can give one argument which may or may not convince everyone: a process to inject code in this fashion needs to have high elevation. Which will not be possible in case it is a remote program being utilized by a cracker.

  10. #10
    Registered User
    Join Date
    Jun 2008
    Posts
    19
    Quote Originally Posted by brewbuck View Post
    Why not compile and link for position-independent code, so that the code no longer depends on having any particular load address? Then you can place it anywhere in memory and it should work (apart from some complexities if you have static data, i.e. global or static variables)
    How do I do that? As in what gcc options do I give to ensure that it does not generate absolute jumps?

  11. #11
    Registered User
    Join Date
    Jun 2008
    Posts
    19
    Do I use gcc -pie -fpie option?

  12. #12
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,893
    Yes, but the GCC must support this option. Not all do.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  13. #13
    Registered User
    Join Date
    Jun 2008
    Posts
    19
    Hey thanks for replying. I was actually worried about a class of JMP instructions which are
    1) FF : JMP (near) absolute to address given in operand (16 or 32 bit)
    2) EA : JMP (far) absolute address given in operand

    These two will jump to absolute addresses , the normal JMP instruction is EB or E9 which are relative jumps. So if FF & EA get generated during gcc, then I would have a problem inserting the new code. Which was why I was asking whether I can give an absolute address for a function while doing ld or any way in which I can ensure that these class of instructions do not come in the byte code.

    Thanks in Advance.

  14. #14
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    -fpic should work to avoid absolute jumps and calls.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. In over my head
    By Shelnutt2 in forum C Programming
    Replies: 1
    Last Post: 07-08-2008, 06:54 PM
  2. dllimport function not allowed
    By steve1_rm in forum C++ Programming
    Replies: 5
    Last Post: 03-11-2008, 03:33 AM
  3. Problem with Visual C++ Object-Oriented Programming Book.
    By GameGenie in forum C++ Programming
    Replies: 9
    Last Post: 08-29-2005, 11:21 PM
  4. C++ compilation issues
    By Rupan in forum C++ Programming
    Replies: 1
    Last Post: 08-22-2005, 05:45 AM
  5. help with a source code..
    By venom424 in forum C++ Programming
    Replies: 8
    Last Post: 05-21-2004, 12:42 PM

Tags for this Thread


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21