[eresi-dev] Status requested for etrace and kernsh
Julien Vanegue
vanegue at ens.fr
Mon Jul 30 17:11:37 UTC 2007
> This is the get_raw which must be change :
>
> librevm/elf/disasm.c : line 331
> buff = elfsh_get_raw(parent);
> index = off;
> buff += (vaddr - (parent->parent->rhdr.base + parent->shdr->sh_addr));
Why not simply put obj->rhdr.base = the base addr of the kernel for this
one ?
> librevm/elf/disasm.c : line 360
>
> loff = *((elfsh_Addr *) ((char *) elfsh_get_raw(parent) +
> (vaddr - parent->shdr->sh_addr) +
> index * sizeof(elfsh_Addr)));
I think this line lack the use of rhdr.base !
It should be (I think):
tmpbuff = elfsh_get_raw(parent);
tmpbuff += vaddr - (parent->parent->rhdr.base + parent->shdr->sh_addr);
tmpbuff += index * sizeof(elfsh_Addr);
loff = * (elfsh_Addr *) tmpbuff;
That would look more correct and clearer too. Currently, rhdr.base is
only used when trying to access a section in memory that was -runtime
injected- (rhdr means runtime header, which is an extension of the ELF
format I have created, alltogether with RPHT and RSHT to list all the
segments and sections injected during the runtime which has no existance
on disk, thus should not be injected in the regular SHT or PHT to avoid
confusing elfsh/e2dbg). Not having rhdr.base used was a hidden bug that
you just spot out, that would have arisen when an array present in such
runtime injected section was trying to get printed (which is what this
second code stub does).
Let me know if those hints help or if you still have problems. You
should never put things = 0 in the *_get_raw() functions just to make
it work. Instead, use the parent->parent->rhdr.base cleverly, because
this field is -only- used for what you want (e.g. switching from
static to runtime perspectives during reversing).
If you have more question on the use of the runtime ELF header, let me
know, its a fundamental header in the runtime capabilities of ERESI.
Check its use in the whole ERESI code if you have any doubt, before
asking ;P
-lmbdwr
More information about the eresi-dev
mailing list