Skip to content
This repository has been archived by the owner on Dec 3, 2019. It is now read-only.

[BUGFIX] Find the correct segment on Debian Unstable #155

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

cbayet
Copy link

@cbayet cbayet commented Nov 7, 2018

Since binutils 2.31, the options --enable-separate-code is enabled by default for Linux x86 binaries.
(see changelog https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=ld/NEWS;hb=refs/tags/binutils-2_31)
This new version of binutils is the version of last Debian Unstable.

You can still compile your binaries with the option "-z no-separate-code" in gcc, but pyflame should be able to support this.

This breaks pyflame, in the parsing of the ELF, in the function GetBaseAddress : we're looking for the start of the .text section, but because of this change into binutils, the first PT_LOAD segment found is the ELF header segment, and not the .text.

The patch now look for a PT_LOAD segment with the executable flags, since the ELF header segment is not executable.

I already found a bug with the same root cause in frida and patched it: frida/frida-core#208

Tested on python 2.7.15 and 3.6.7.

Thanks for the project, and don't use Debian Unstable !

@CLAassistant
Copy link

CLAassistant commented Nov 7, 2018

CLA assistant check
All committers have signed the CLA.

@cbayet cbayet changed the title [BUGFIX] Find the correct .text zone in debian unstable [BUGFIX] Find the correct segment on Debian Unstable Nov 7, 2018
@randomstuff
Copy link

I think my fix (#170) is the correct fix for this.

ELF::GetBaseAddress() computs the base address of the SO. This is supposed to be the address of the first (well, in fact, the lower) PT_LOAD entry.

The problem is that the offset of the SO in the process VMA is not computed correctly.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants