/* prepare to run the aout image already verified to be aout */ Retcode aout_load(Environ *e, uByte *load, uInt loadlen, uLong *entrypoint) { struct exec exbuf = *(struct exec*)load; struct exec *ex = &exbuf; /* copy header to support overlapping loads */ char *os = get_config(e, "operating-system", CSTR); uInt loadoff = 0; if (!aout_is_exec(e, load, loadlen)) return E_BAD_IMAGE; *entrypoint = N_TXTADDR(*ex); if (*entrypoint < ex->a_entry) *entrypoint = ex->a_entry; if (AOUT_MAGIC_0 == MID_I386) { /* hacks for booting various x86 OSes */ if (compare_strs(os, CSTR, "openbsd", CSTR)) { DPRINTF(("aout_load: openbsd: entrypoint=%#lx\n", *entrypoint)); *entrypoint &= 0x00FFFFFF; loadoff = *entrypoint - sizeof *ex - N_TXTADDR(*ex); } } /* copy the text segment */ DPRINTF(("aout_load: textaddr=%#x load=%#x offset=%#x\n", loadoff + N_TXTADDR(*ex), load, N_TXTOFF(*ex))); memmove((char*)(loadoff + N_TXTADDR(*ex)), load + N_TXTOFF(*ex), ex->a_text); #ifdef MACHINE_CLAIM_MEMORY /* claim/map this area if requested */ MACHINE_CLAIM_MEMORY(e, (char*)(loadoff + N_TXTADDR(*ex)), ex->a_text); #endif /* MACHINE_CLAIM_MEMORY */ /* copy the data segment */ DPRINTF(("aout_load: dataaddr=%#x load=%#x offset=%#x\n", loadoff + N_DATADDR(*ex), load, N_DATOFF(*ex))); memmove((char*)(loadoff + N_DATADDR(*ex)), load + N_DATOFF(*ex), ex->a_data); /* zero bss segment */ DPRINTF(("aout_load: bssaddr=%#x size=%#x\n", loadoff + N_DATADDR(*ex) + ex->a_data, ex->a_bss)); memset((char*)(loadoff + N_DATADDR(*ex)) + ex->a_data, 0, ex->a_bss); #ifdef MACHINE_CLAIM_MEMORY /* claim/map this area if requested */ MACHINE_CLAIM_MEMORY(e, (char*)(loadoff + N_DATADDR(*ex)), ex->a_data + ex->a_bss); #endif /* MACHINE_CLAIM_MEMORY */ return NO_ERROR; }
/* Set parameters about this a.out file that are machine-dependent. This routine is called from some_aout_object_p just before it returns. */ static const bfd_target * MY (callback) (bfd *abfd) { struct internal_exec *execp = exec_hdr (abfd); /* Calculate the file positions of the parts of a newly read aout header */ obj_textsec (abfd)->size = N_TXTSIZE (*execp); /* The virtual memory addresses of the sections */ obj_textsec (abfd)->vma = N_TXTADDR (*execp); obj_datasec (abfd)->vma = N_DATADDR (*execp); obj_bsssec (abfd)->vma = N_BSSADDR (*execp); obj_textsec (abfd)->lma = obj_textsec (abfd)->vma; obj_datasec (abfd)->lma = obj_datasec (abfd)->vma; obj_bsssec (abfd)->lma = obj_bsssec (abfd)->vma; /* The file offsets of the sections */ obj_textsec (abfd)->filepos = N_TXTOFF (*execp); obj_datasec (abfd)->filepos = N_DATOFF (*execp); /* The file offsets of the relocation info */ obj_textsec (abfd)->rel_filepos = N_TRELOFF (*execp); obj_datasec (abfd)->rel_filepos = N_DRELOFF (*execp); /* The file offsets of the string table and symbol table. */ obj_sym_filepos (abfd) = N_SYMOFF (*execp); obj_str_filepos (abfd) = N_STROFF (*execp); /* Determine the architecture and machine type of the object file. */ #ifdef SET_ARCH_MACH SET_ARCH_MACH (abfd, *execp); #else bfd_default_set_arch_mach (abfd, DEFAULT_ARCH, 0); #endif if (obj_aout_subformat (abfd) == gnu_encap_format) { /* The file offsets of the relocation info */ obj_textsec (abfd)->rel_filepos = N_GNU_TRELOFF (*execp); obj_datasec (abfd)->rel_filepos = N_GNU_DRELOFF (*execp); /* The file offsets of the string table and symbol table. */ obj_sym_filepos (abfd) = N_GNU_SYMOFF (*execp); obj_str_filepos (abfd) = (obj_sym_filepos (abfd) + execp->a_syms); abfd->flags |= HAS_LINENO | HAS_DEBUG | HAS_SYMS | HAS_LOCALS; bfd_get_symcount (abfd) = execp->a_syms / 12; obj_symbol_entry_size (abfd) = 12; obj_reloc_entry_size (abfd) = RELOC_STD_SIZE; } return abfd->xvec; }
static unsigned long load_aout_interp(struct exec * interp_ex, int interpreter_fd) { unsigned long text_data, offset, elf_entry = ~0UL; char * addr; int retval; printf("WARNING: load_aout_interp() has not been tested at all!\n"); current->end_code = interp_ex->a_text; text_data = interp_ex->a_text + interp_ex->a_data; current->end_data = text_data; current->brk = interp_ex->a_bss + text_data; switch (N_MAGIC(*interp_ex)) { case OMAGIC: offset = 32; addr = (char *) 0; break; case ZMAGIC: case QMAGIC: offset = N_TXTOFF(*interp_ex); addr = (char *) N_TXTADDR(*interp_ex); break; default: goto out; } if ((unsigned long)addr + text_data < text_data) goto out; do_mmap(-1, 0, text_data, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, 0); retval = read_exec(interpreter_fd, offset, addr, text_data, 0); if (retval < 0) goto out; #if 0 flush_icache_range((unsigned long)addr, (unsigned long)addr + text_data); #endif do_mmap(-1, ELF_PAGESTART(text_data + ELF_EXEC_PAGESIZE - 1), interp_ex->a_bss, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, 0); elf_entry = interp_ex->a_entry; out: return elf_entry; }
static unsigned long load_aout_interp(struct exec * interp_ex, struct file * interpreter) { unsigned long text_data, elf_entry = ~0UL; char * addr; loff_t offset; current->mm->end_code = interp_ex->a_text; text_data = interp_ex->a_text + interp_ex->a_data; current->mm->end_data = text_data; current->mm->brk = interp_ex->a_bss + text_data; switch (N_MAGIC(*interp_ex)) { case OMAGIC: offset = 32; addr = (char *) 0; break; case ZMAGIC: case QMAGIC: offset = N_TXTOFF(*interp_ex); addr = (char *) N_TXTADDR(*interp_ex); break; default: goto out; } down_write(¤t->mm->mmap_sem); do_brk(0, text_data); up_write(¤t->mm->mmap_sem); if (!interpreter->f_op || !interpreter->f_op->read) goto out; if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0) goto out; flush_icache_range((unsigned long)addr, (unsigned long)addr + text_data); down_write(¤t->mm->mmap_sem); do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), interp_ex->a_bss); up_write(¤t->mm->mmap_sem); elf_entry = interp_ex->a_entry; out: return elf_entry; }
/* * "Load" an a.out-format executable. */ static int ld_aout(const struct iodesc * idi, const struct iodesc * ido, struct kgz_hdr * kh, const struct exec * a) { size_t load, addr; load = addr = N_TXTADDR(*a); xcopy(idi, ido, le32toh(a->a_text), N_TXTOFF(*a)); addr += le32toh(a->a_text); if (N_DATADDR(*a) != addr) return -1; xcopy(idi, ido, le32toh(a->a_data), N_DATOFF(*a)); addr += le32toh(a->a_data); kh->dload = load; kh->dsize = addr - load; kh->isize = kh->dsize + le32toh(a->a_bss); kh->entry = le32toh(a->a_entry); return 0; }
static unsigned long load_aout_interp(struct exec * interp_ex, struct dentry * interpreter_dentry) { unsigned long text_data, offset, elf_entry = ~0UL; char * addr; int retval; current->mm->end_code = interp_ex->a_text; text_data = interp_ex->a_text + interp_ex->a_data; current->mm->end_data = text_data; current->mm->brk = interp_ex->a_bss + text_data; switch (N_MAGIC(*interp_ex)) { case OMAGIC: offset = 32; addr = (char *) 0; break; case ZMAGIC: case QMAGIC: offset = N_TXTOFF(*interp_ex); addr = (char *) N_TXTADDR(*interp_ex); break; default: goto out; } do_mmap(NULL, 0, text_data, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_PRIVATE, 0); retval = read_exec(interpreter_dentry, offset, addr, text_data, 0); if (retval < 0) goto out; flush_icache_range((unsigned long)addr, (unsigned long)addr + text_data); do_mmap(NULL, ELF_PAGESTART(text_data + ELF_EXEC_PAGESIZE - 1), interp_ex->a_bss, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_PRIVATE, 0); elf_entry = interp_ex->a_entry; out: return elf_entry; }
static unsigned int load_aout_interp(struct exec * interp_ex, struct inode * interpreter_inode) { int retval; unsigned int elf_entry; current->mm->brk = interp_ex->a_bss + (current->mm->end_data = interp_ex->a_data + (current->mm->end_code = interp_ex->a_text)); elf_entry = interp_ex->a_entry; if (N_MAGIC(*interp_ex) == OMAGIC) { do_mmap(NULL, 0, interp_ex->a_text+interp_ex->a_data, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_PRIVATE, 0); retval = read_exec(interpreter_inode, 32, (char *) 0, interp_ex->a_text+interp_ex->a_data); } else if (N_MAGIC(*interp_ex) == ZMAGIC || N_MAGIC(*interp_ex) == QMAGIC) { do_mmap(NULL, 0, interp_ex->a_text+interp_ex->a_data, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_PRIVATE, 0); retval = read_exec(interpreter_inode, N_TXTOFF(*interp_ex) , (char *) N_TXTADDR(*interp_ex), interp_ex->a_text+interp_ex->a_data); } else retval = -1; if(retval >= 0) do_mmap(NULL, (interp_ex->a_text + interp_ex->a_data + 0xfff) & 0xfffff000, interp_ex->a_bss, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_PRIVATE, 0); if(retval < 0) return 0xffffffff; return elf_entry; }
static int load_aout32_binary(struct linux_binprm * bprm, struct pt_regs * regs) { struct exec ex; unsigned long error; unsigned long fd_offset; unsigned long rlim; unsigned long orig_thr_flags; int retval; ex = *((struct exec *) bprm->buf); /* exec-header */ if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != OMAGIC && N_MAGIC(ex) != QMAGIC && N_MAGIC(ex) != NMAGIC) || N_TRSIZE(ex) || N_DRSIZE(ex) || bprm->file->f_path.dentry->d_inode->i_size < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) { return -ENOEXEC; } fd_offset = N_TXTOFF(ex); /* Check initial limits. This avoids letting people circumvent * size limits imposed on them by creating programs with large * arrays in the data or bss. */ rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur; if (rlim >= RLIM_INFINITY) rlim = ~0; if (ex.a_data + ex.a_bss > rlim) return -ENOMEM; /* Flush all traces of the currently running executable */ retval = flush_old_exec(bprm); if (retval) return retval; /* OK, This is the point of no return */ set_personality(PER_SUNOS); current->mm->end_code = ex.a_text + (current->mm->start_code = N_TXTADDR(ex)); current->mm->end_data = ex.a_data + (current->mm->start_data = N_DATADDR(ex)); current->mm->brk = ex.a_bss + (current->mm->start_brk = N_BSSADDR(ex)); current->mm->free_area_cache = current->mm->mmap_base; current->mm->cached_hole_size = 0; current->mm->mmap = NULL; compute_creds(bprm); current->flags &= ~PF_FORKNOEXEC; if (N_MAGIC(ex) == NMAGIC) { loff_t pos = fd_offset; /* F**k me plenty... */ down_write(¤t->mm->mmap_sem); error = do_brk(N_TXTADDR(ex), ex.a_text); up_write(¤t->mm->mmap_sem); bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex), ex.a_text, &pos); down_write(¤t->mm->mmap_sem); error = do_brk(N_DATADDR(ex), ex.a_data); up_write(¤t->mm->mmap_sem); bprm->file->f_op->read(bprm->file, (char __user *)N_DATADDR(ex), ex.a_data, &pos); goto beyond_if; } if (N_MAGIC(ex) == OMAGIC) { loff_t pos = fd_offset; down_write(¤t->mm->mmap_sem); do_brk(N_TXTADDR(ex) & PAGE_MASK, ex.a_text+ex.a_data + PAGE_SIZE - 1); up_write(¤t->mm->mmap_sem); bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex), ex.a_text+ex.a_data, &pos); } else { static unsigned long error_time; if ((ex.a_text & 0xfff || ex.a_data & 0xfff) && (N_MAGIC(ex) != NMAGIC) && (jiffies-error_time) > 5*HZ) { printk(KERN_NOTICE "executable not page aligned\n"); error_time = jiffies; } if (!bprm->file->f_op->mmap) { loff_t pos = fd_offset; down_write(¤t->mm->mmap_sem); do_brk(0, ex.a_text+ex.a_data); up_write(¤t->mm->mmap_sem); bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex), ex.a_text+ex.a_data, &pos); goto beyond_if; } down_write(¤t->mm->mmap_sem); error = do_mmap(bprm->file, N_TXTADDR(ex), ex.a_text, PROT_READ | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset); up_write(¤t->mm->mmap_sem); if (error != N_TXTADDR(ex)) { send_sig(SIGKILL, current, 0); return error; } down_write(¤t->mm->mmap_sem); error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset + ex.a_text); up_write(¤t->mm->mmap_sem); if (error != N_DATADDR(ex)) { send_sig(SIGKILL, current, 0); return error; } } beyond_if: set_binfmt(&aout32_format); set_brk(current->mm->start_brk, current->mm->brk); /* Make sure STACK_TOP returns the right thing. */ orig_thr_flags = current_thread_info()->flags; current_thread_info()->flags |= _TIF_32BIT; retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); if (retval < 0) { current_thread_info()->flags = orig_thr_flags; /* Someone check-me: is this error path enough? */ send_sig(SIGKILL, current, 0); return retval; } current->mm->start_stack = (unsigned long) create_aout32_tables((char __user *)bprm->p, bprm); tsb_context_switch(current->mm); start_thread32(regs, ex.a_entry, current->mm->start_stack); if (current->ptrace & PT_PTRACED) send_sig(SIGTRAP, current, 0); return 0; }
static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) { struct exec ex; unsigned long error; unsigned long fd_offset; unsigned long rlim; int retval; ex = *((struct exec *) bprm->buf); /* exec-header */ if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != OMAGIC && N_MAGIC(ex) != QMAGIC && N_MAGIC(ex) != NMAGIC) || N_TRSIZE(ex) || N_DRSIZE(ex) || bprm->file->f_dentry->d_inode->i_size < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) { return -ENOEXEC; } fd_offset = N_TXTOFF(ex); /* Check initial limits. This avoids letting people circumvent * size limits imposed on them by creating programs with large * arrays in the data or bss. */ rlim = current->rlim[RLIMIT_DATA].rlim_cur; if (rlim >= RLIM_INFINITY) rlim = ~0; if (ex.a_data + ex.a_bss > rlim) return -ENOMEM; /* Flush all traces of the currently running executable */ retval = flush_old_exec(bprm); if (retval) return retval; /* OK, This is the point of no return */ #if defined(__alpha__) SET_AOUT_PERSONALITY(bprm, ex); #elif defined(__sparc__) set_personality(PER_SUNOS); #if !defined(__sparc_v9__) memcpy(¤t->thread.core_exec, &ex, sizeof(struct exec)); #endif #else set_personality(PER_LINUX); #endif current->mm->end_code = ex.a_text + (current->mm->start_code = N_TXTADDR(ex)); current->mm->end_data = ex.a_data + (current->mm->start_data = N_DATADDR(ex)); current->mm->brk = ex.a_bss + (current->mm->start_brk = N_BSSADDR(ex)); current->mm->rss = 0; current->mm->mmap = NULL; #ifdef CONFIG_ARM_FASS arch_new_mm(current, current->mm); #endif compute_creds(bprm); current->flags &= ~PF_FORKNOEXEC; #ifdef __sparc__ if (N_MAGIC(ex) == NMAGIC) { loff_t pos = fd_offset; /* F**k me plenty... */ /* <AOL></AOL> */ error = do_brk(N_TXTADDR(ex), ex.a_text); bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), ex.a_text, &pos); error = do_brk(N_DATADDR(ex), ex.a_data); bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), ex.a_data, &pos); goto beyond_if; } #endif if (N_MAGIC(ex) == OMAGIC) { unsigned long text_addr, map_size; loff_t pos; text_addr = N_TXTADDR(ex); #if defined(__alpha__) || defined(__sparc__) pos = fd_offset; map_size = ex.a_text+ex.a_data + PAGE_SIZE - 1; #else pos = 32; map_size = ex.a_text+ex.a_data; #endif error = do_brk(text_addr & PAGE_MASK, map_size); if (error != (text_addr & PAGE_MASK)) { send_sig(SIGKILL, current, 0); return error; } error = bprm->file->f_op->read(bprm->file, (char *)text_addr, ex.a_text+ex.a_data, &pos); if ((signed long)error < 0) { send_sig(SIGKILL, current, 0); return error; } flush_icache_range(text_addr, text_addr+ex.a_text+ex.a_data); } else { static unsigned long error_time, error_time2; if ((ex.a_text & 0xfff || ex.a_data & 0xfff) && (N_MAGIC(ex) != NMAGIC) && (jiffies-error_time2) > 5*HZ) { printk(KERN_NOTICE "executable not page aligned\n"); error_time2 = jiffies; } if ((fd_offset & ~PAGE_MASK) != 0 && (jiffies-error_time) > 5*HZ) { printk(KERN_WARNING "fd_offset is not page aligned. Please convert program: %s\n", bprm->file->f_dentry->d_name.name); error_time = jiffies; } if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { loff_t pos = fd_offset; do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), ex.a_text+ex.a_data, &pos); flush_icache_range((unsigned long) N_TXTADDR(ex), (unsigned long) N_TXTADDR(ex) + ex.a_text+ex.a_data); goto beyond_if; } down_write(¤t->mm->mmap_sem); error = do_mmap(bprm->file, N_TXTADDR(ex), ex.a_text, PROT_READ | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset); up_write(¤t->mm->mmap_sem); if (error != N_TXTADDR(ex)) { send_sig(SIGKILL, current, 0); return error; } down_write(¤t->mm->mmap_sem); error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset + ex.a_text); up_write(¤t->mm->mmap_sem); if (error != N_DATADDR(ex)) { send_sig(SIGKILL, current, 0); return error; } } beyond_if: set_binfmt(&aout_format); set_brk(current->mm->start_brk, current->mm->brk); retval = setup_arg_pages(bprm); if (retval < 0) { /* Someone check-me: is this error path enough? */ send_sig(SIGKILL, current, 0); return retval; } current->mm->start_stack = (unsigned long) create_aout_tables((char *) bprm->p, bprm); #ifdef __alpha__ regs->gp = ex.a_gpvalue; #endif start_thread(regs, ex.a_entry, current->mm->start_stack); if (current->ptrace & PT_PTRACED) send_sig(SIGTRAP, current, 0); #ifndef __arm__ return 0; #else return regs->ARM_r0; #endif }
static #endif void dump_file(const char *fname) { int fd; struct stat sb; caddr_t objbase; if (stat(fname, &sb) == -1) { warnx("cannot stat \"%s\"", fname); ++error_count; return; } if ((sb.st_mode & S_IFMT) != S_IFREG) { warnx("\"%s\" is not a regular file", fname); ++error_count; return; } if ((fd = open(fname, O_RDONLY, 0)) == -1) { warnx("cannot open \"%s\"", fname); ++error_count; return; } objbase = mmap(0, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (objbase == (caddr_t) -1) { warnx("cannot mmap \"%s\"", fname); ++error_count; close(fd); return; } close(fd); file_base = (const char *) objbase; /* Makes address arithmetic easier */ if (IS_ELF(*(const Elf32_Ehdr*) align_struct(file_base))) { warnx("%s: this is an ELF program; use objdump to examine", fname); ++error_count; munmap(objbase, sb.st_size); return; } ex = (const struct exec *) align_struct(file_base); printf("%s: a_midmag = 0x%lx\n", fname, (long)ex->a_midmag); printf(" magic = 0x%lx = 0%lo, netmagic = 0x%lx = 0%lo\n", (long)N_GETMAGIC(*ex), (long)N_GETMAGIC(*ex), (long)N_GETMAGIC_NET(*ex), (long)N_GETMAGIC_NET(*ex)); if (N_BADMAG(*ex)) { warnx("%s: bad magic number", fname); ++error_count; munmap(objbase, sb.st_size); return; } printf(" a_text = 0x%lx\n", (long)ex->a_text); printf(" a_data = 0x%lx\n", (long)ex->a_data); printf(" a_bss = 0x%lx\n", (long)ex->a_bss); printf(" a_syms = 0x%lx\n", (long)ex->a_syms); printf(" a_entry = 0x%lx\n", (long)ex->a_entry); printf(" a_trsize = 0x%lx\n", (long)ex->a_trsize); printf(" a_drsize = 0x%lx\n", (long)ex->a_drsize); text_base = file_base + N_TXTOFF(*ex); data_base = file_base + N_DATOFF(*ex); rel_base = (const struct relocation_info *) align_struct(file_base + N_RELOFF(*ex)); sym_base = (const struct nlist *) align_struct(file_base + N_SYMOFF(*ex)); str_base = file_base + N_STROFF(*ex); rel_count = (ex->a_trsize + ex->a_drsize) / sizeof rel_base[0]; assert(rel_count * sizeof rel_base[0] == ex->a_trsize + ex->a_drsize); sym_count = ex->a_syms / sizeof sym_base[0]; assert(sym_count * sizeof sym_base[0] == ex->a_syms); if (sym_count != 0) { sym_used = (unsigned char *) calloc(sym_count, sizeof(unsigned char)); assert(sym_used != NULL); } printf(" Entry = 0x%lx\n", (long)ex->a_entry); printf(" Text offset = %x, address = %lx\n", N_TXTOFF(*ex), (long)N_TXTADDR(*ex)); printf(" Data offset = %lx, address = %lx\n", (long)N_DATOFF(*ex), (long)N_DATADDR(*ex)); /* * In an executable program file, everything is relocated relative to * the assumed run-time load address, i.e., N_TXTADDR(*ex), i.e., 0x1000. * * In a shared library file, everything is relocated relative to the * start of the file, i.e., N_TXTOFF(*ex), i.e., 0. * * The way to tell the difference is by looking at ex->a_entry. If it * is >= 0x1000, then we have an executable program. Otherwise, we * have a shared library. * * When a program is executed, the entire file is mapped into memory, * including the a.out header and so forth. But it is not mapped at * address 0; rather it is mapped at address 0x1000. The first page * of the user's address space is left unmapped in order to catch null * pointer dereferences. * * In this program, when we map in an executable program, we have to * simulate the empty page by decrementing our assumed base address by * a pagesize. */ text_addr = text_base; data_addr = data_base; origin = 0; if (ex->a_entry >= PAGE_SIZE) { /* Executable, not a shared library */ /* * The fields in the object have already been relocated on the * assumption that the object will be loaded at N_TXTADDR(*ex). * We have to compensate for that. */ text_addr -= PAGE_SIZE; data_addr -= PAGE_SIZE; origin = PAGE_SIZE; printf(" Program, origin = %lx\n", origin); } else if (N_GETFLAG(*ex) & EX_DYNAMIC) printf(" Shared library, origin = %lx\n", origin); else printf(" Object file, origin = %lx\n", origin); if (N_GETFLAG(*ex) & EX_DYNAMIC) { dyn = (const struct _dynamic *) align_struct(data_base); printf(" Dynamic version = %d\n", dyn->d_version); sdt = (const struct section_dispatch_table *) align_struct(text_addr + (unsigned long) dyn->d_un.d_sdt); rtrel_base = (const struct relocation_info *) align_struct(text_addr + sdt->sdt_rel); rtrel_count = (sdt->sdt_hash - sdt->sdt_rel) / sizeof rtrel_base[0]; assert(rtrel_count * sizeof rtrel_base[0] == (size_t)(sdt->sdt_hash - sdt->sdt_rel)); rtsym_base = (const struct nzlist *) align_struct(text_addr + sdt->sdt_nzlist); rtsym_count = (sdt->sdt_strings - sdt->sdt_nzlist) / sizeof rtsym_base[0]; assert(rtsym_count * sizeof rtsym_base[0] == (size_t)(sdt->sdt_strings - sdt->sdt_nzlist)); if (rtsym_count != 0) { rtsym_used = (unsigned char *) calloc(rtsym_count, sizeof(unsigned char)); assert(rtsym_used != NULL); } rtstr_base = text_addr + sdt->sdt_strings; } dump_segs(); dump_sods(); dump_rels("Relocations", rel_base, rel_count, sym_name, sym_used); dump_syms(); dump_rels("Run-time relocations", rtrel_base, rtrel_count, rtsym_name, rtsym_used); dump_rtsyms(); if (rtsym_used != NULL) { free(rtsym_used); rtsym_used = NULL; } if (sym_used != NULL) { free(sym_used); sym_used = NULL; } munmap(objbase, sb.st_size); }
/* End of test binpatch variables */ int main(int argc, char *argv[]) { struct exec e; int c; u_long addr = 0, offset = 0; u_long index = 0;/* Related to offset */ u_long replace = 0, do_replace = 0; char *symbol = 0; char size = 4; /* default to long */ char size_opt = 0; /* Flag to say size option was set, used with index */ char *fname; char *pgname = argv[0]; /* Program name */ int fd; int type, off; u_long lval; u_short sval; u_char cval; while ((c = getopt (argc, argv, "H:a:bwlr:s:o:")) != -1) switch (c) { case 'H': Usage(argv[0]); break; case 'a': if (addr || symbol) error ("only one address/symbol allowed"); if (! strncmp (optarg, "0x", 2)) sscanf (optarg, "%x", &addr); else addr = atoi (optarg); if (! addr) error ("invalid address"); break; case 'b': size = 1; size_opt = 1; break; case 'w': size = 2; size_opt = 1; break; case 'l': size = 4; size_opt = 1; break; case 'r': do_replace = 1; if (! strncmp (optarg, "0x", 2)) sscanf (optarg, "%x", &replace); else replace = atoi (optarg); break; case 's': if (addr || symbol) error ("only one address/symbol allowed"); symbol = optarg; break; case 'o': if (offset) error ("only one offset allowed"); if (! strncmp (optarg, "0x", 2)) sscanf (optarg, "%x", &offset); else offset = atoi (optarg); break; }/* while switch() */ if (argc > 1) { if (addr || symbol) { argv += optind; argc -= optind; if (argc < 1) error ("No file to patch."); fname = argv[0]; if ((fd = open (fname, 0)) < 0) error ("Can't open file"); if (read (fd, &e, sizeof (e)) != sizeof (e) || N_BADMAG (e)) error ("Not a valid executable."); /* fake mid, so the N_ macros work on the amiga.. */ e.a_midmag |= 127 << 16; if (symbol) { struct nlist nl[2]; if (offset == 0) { u_long new_do_replace = 0; new_do_replace = FindAssign(symbol,&replace); if (new_do_replace && do_replace) error("Cannot use both '=' and '-r' option!"); FindOffset(symbol,&index); if (size_opt) offset = index*size; /* Treat like an index */ else offset = index; /* Treat index like an offset */ if (new_do_replace) do_replace = new_do_replace; } nl[0].n_un.n_name = symbol; nl[1].n_un.n_name = 0; if (nlist (fname, nl) != 0) { fprintf(stderr,"Symbol is %s ",symbol); error ("Symbol not found."); } addr = nl[0].n_value; type = nl[0].n_type & N_TYPE; } else { type = N_UNDF; if (addr >= N_TXTADDR(e) && addr < N_DATADDR(e)) type = N_TEXT; else if (addr >= N_DATADDR(e) && addr < N_DATADDR(e) + e.a_data) type = N_DATA; } addr += offset; /* if replace-mode, have to reopen the file for writing. Can't do that from the beginning, or nlist() will not work (at least not under AmigaDOS) */ if (do_replace) { close (fd); if ((fd = open (fname, 2)) == -1) error ("Can't reopen file for writing."); } if (type != N_TEXT && type != N_DATA) error ("address/symbol is not in text or data section."); if (type == N_TEXT) off = addr - N_TXTADDR(e) + N_TXTOFF(e); else off = addr - N_DATADDR(e) + N_DATOFF(e); if (lseek (fd, off, 0) == -1) error ("lseek"); /* not beautiful, but works on big and little endian machines */ switch (size) { case 1: if (read (fd, &cval, 1) != 1) error ("cread"); lval = cval; break; case 2: if (read (fd, &sval, 2) != 2) error ("sread"); lval = sval; break; case 4: if (read (fd, &lval, 4) != 4) error ("lread"); break; }/* switch size */ if (symbol) printf ("%s(0x%x): %d (0x%x)\n", symbol, addr, lval, lval); else printf ("0x%x: %d (0x%x)\n", addr, lval, lval); if (do_replace) { if (lseek (fd, off, 0) == -1) error ("write-lseek"); switch (size) { case 1: cval = replace; if (cval != replace) error ("byte-value overflow."); if (write (fd, &cval, 1) != 1) error ("cwrite"); break; case 2: sval = replace; if (sval != replace) error ("word-value overflow."); if (write (fd, &sval, 2) != 2) error ("swrite"); break; case 4: if (write (fd, &replace, 4) != 4) error ("lwrite"); break; }/* switch(size) */ }/* if (do_replace) */ close (fd); }/* if(addr || symbol ) */ else { error("Must specify either address or symbol."); } }/* if argc < 1 */ else { Synopsis(pgname); } return(0); }/* main () */
int util_save_image(char *orig_file_name, char *save_file_name) { int origFd = -1, saveFd = -1; char *start_data, *end_data, *start_text, *end_round; struct exec old_hdr, new_hdr; struct stat old_stat; int n, page_size, length_text, length_data; if ((origFd = open(orig_file_name, 0)) < 0) { perror(orig_file_name); (void) fprintf(stderr, "Cannot open original a.out file\n"); goto bad; } if (fstat(origFd, &old_stat) < 0) { perror(orig_file_name); (void) fprintf(stderr, "Cannot stat original a.out file\n"); goto bad; } /* * Read the a.out header from the original file. */ if (read(origFd, (char *) &old_hdr, sizeof(old_hdr)) != sizeof(old_hdr)) { perror(orig_file_name); (void) fprintf(stderr, "Cannot read original a.out header\n"); goto bad; } if (N_BADMAG(old_hdr)) { (void) fprintf(stderr, "File %s has a bad magic number (%o)\n", orig_file_name, old_hdr.a_magic); goto bad; } if (old_hdr.a_magic != ZMAGIC) { (void) fprintf(stderr, "File %s is not demand-paged\n", orig_file_name); goto bad; } /* * Open the output file. */ if (access(save_file_name, /* F_OK */ 0) == 0) { (void) unlink(save_file_name); } if ((saveFd = creat(save_file_name, 0777)) < 0) { if (errno == ETXTBSY) { (void) unlink(save_file_name); saveFd = creat(save_file_name, 0777); } if (saveFd < 0) { perror(save_file_name); (void) fprintf(stderr, "Cannot create save file.\n"); goto bad; } } /* * Find out how far the data segment extends. */ new_hdr = old_hdr; end_data = sbrk(0); page_size = getpagesize(); n = ((((int) end_data) + page_size - 1) / page_size) * page_size; end_round = (char *) n; if (end_round > end_data) { end_data = sbrk(end_round - end_data); } #ifdef vax start_text = 0; length_text = new_hdr.a_text; start_data = (char *) old_hdr.a_text; length_data = end_data - start_data; #endif vax #ifdef sun start_text = (char *) N_TXTADDR(old_hdr) + sizeof(old_hdr); length_text = old_hdr.a_text - sizeof(old_hdr); start_data = (char *) N_DATADDR(old_hdr); length_data = end_data - start_data; #endif sun new_hdr.a_data = end_data - start_data; new_hdr.a_bss = 0; /* * First, the header plus enough pad to extend up to N_TXTOFF. */ if (write(saveFd, (char *) &new_hdr, (int) sizeof(new_hdr)) != sizeof(new_hdr)) { perror("write"); (void) fprintf(stderr, "Error while copying header.\n"); goto bad; } if (! pad_file(saveFd, N_TXTOFF(old_hdr) - sizeof(new_hdr))) { (void) fprintf(stderr, "Error while padding.\n"); goto bad; } /* * Copy our text segment */ if (write(saveFd, start_text, length_text) != length_text) { perror("write"); (void) fprintf(stderr, "Error while copying text segment.\n"); goto bad; } /* * Copy our data segment */ if (write(saveFd, start_data, length_data) != length_data) { perror("write"); (void) fprintf(stderr, "Error while copying data segment.\n"); goto bad; } /* * Copy the symbol table and everything else. * This takes us to the end of the original file. */ (void) lseek(origFd, (long) N_SYMOFF(old_hdr), 0); if (! copy_file(origFd, saveFd, old_stat.st_size - N_SYMOFF(old_hdr))) { (void) fprintf(stderr, "Error while copying symbol table.\n"); goto bad; } (void) close(origFd); (void) close(saveFd); return 1; bad: if (origFd >= 0) (void) close(origFd); if (saveFd >= 0) (void) close(saveFd); return 0; }
static inline int do_load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) { struct exec ex; struct file * file; int fd; unsigned long error; unsigned long p = bprm->p; unsigned long fd_offset; unsigned long rlim; ex = *((struct exec *) bprm->buf); /* exec-header */ if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != OMAGIC && N_MAGIC(ex) != QMAGIC) || N_TRSIZE(ex) || N_DRSIZE(ex) || bprm->inode->i_size < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) { return -ENOEXEC; } current->personality = PER_LINUX; fd_offset = N_TXTOFF(ex); #if defined (__i386__) || defined (CONFIG_ARM) if (N_MAGIC(ex) == ZMAGIC && fd_offset != BLOCK_SIZE) { printk(KERN_NOTICE "N_TXTOFF != BLOCK_SIZE. See a.out.h.\n"); return -ENOEXEC; } if (N_MAGIC(ex) == ZMAGIC && ex.a_text && (fd_offset < bprm->inode->i_sb->s_blocksize)) { printk(KERN_NOTICE "N_TXTOFF < BLOCK_SIZE. Please convert binary.\n"); return -ENOEXEC; } #endif #if defined(CONFIG_ARM) if (N_MACHTYPE(ex) != M_ARM) { printk(KERN_NOTICE "Binary != ARM. Please recompile binary.\n"); return -ENOEXEC; } #endif /* Check initial limits. This avoids letting people circumvent * size limits imposed on them by creating programs with large * arrays in the data or bss. */ rlim = current->rlim[RLIMIT_DATA].rlim_cur; if (rlim >= RLIM_INFINITY) rlim = ~0; if (ex.a_data + ex.a_bss > rlim) return -ENOMEM; if (flush_old_exec(bprm)) return -ENOMEM; /* OK, This is the point of no return */ current->mm->end_code = ex.a_text + (current->mm->start_code = N_TXTADDR(ex)); current->mm->end_data = ex.a_data + (current->mm->start_data = N_DATADDR(ex)); current->mm->brk = ex.a_bss + (current->mm->start_brk = N_BSSADDR(ex)); current->mm->rss = 0; current->mm->mmap = NULL; current->suid = current->euid = current->fsuid = bprm->e_uid; current->sgid = current->egid = current->fsgid = bprm->e_gid; current->flags &= ~PF_FORKNOEXEC; if (N_MAGIC(ex) == OMAGIC) { #if defined(__alpha__) || defined(CONFIG_ARM) #ifndef CONFIG_ARM do_mmap(NULL, N_TXTADDR(ex) & PAGE_MASK, ex.a_text+ex.a_data + PAGE_SIZE - 1, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_PRIVATE, 0); #else do_mmap(NULL, N_TXTADDR(ex), ex.a_text+ex.a_data, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_PRIVATE, 0); #endif read_exec(bprm->inode, fd_offset, (char *) N_TXTADDR(ex), ex.a_text+ex.a_data, 0); #else do_mmap(NULL, 0, ex.a_text+ex.a_data, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_PRIVATE, 0); read_exec(bprm->inode, 32, (char *) 0, ex.a_text+ex.a_data, 0); #endif } else { if (ex.a_text & 0xfff || ex.a_data & 0xfff) printk(KERN_NOTICE "executable not page aligned\n"); fd = open_inode(bprm->inode, O_RDONLY); if (fd < 0) { send_sig(SIGKILL, current, 0); return fd; } file = current->files->fd[fd]; if (!file->f_op || !file->f_op->mmap) { sys_close(fd); do_mmap(NULL, 0, ex.a_text+ex.a_data, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_PRIVATE, 0); read_exec(bprm->inode, fd_offset, (char *) N_TXTADDR(ex), ex.a_text+ex.a_data, 0); goto beyond_if; } error = do_mmap(file, N_TXTADDR(ex), ex.a_text, PROT_READ | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset); if (error != N_TXTADDR(ex)) { sys_close(fd); send_sig(SIGKILL, current, 0); return error; } error = do_mmap(file, N_DATADDR(ex), ex.a_data, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset + ex.a_text); sys_close(fd); if (error != N_DATADDR(ex)) { send_sig(SIGKILL, current, 0); return error; } } beyond_if: if (current->exec_domain && current->exec_domain->use_count) (*current->exec_domain->use_count)--; if (current->binfmt && current->binfmt->use_count) (*current->binfmt->use_count)--; current->exec_domain = lookup_exec_domain(current->personality); current->binfmt = &aout_format; if (current->exec_domain && current->exec_domain->use_count) (*current->exec_domain->use_count)++; if (current->binfmt && current->binfmt->use_count) (*current->binfmt->use_count)++; set_brk(current->mm->start_brk, current->mm->brk); p = setup_arg_pages(p, bprm); p = (unsigned long) create_aout_tables((char *)p, bprm); current->mm->start_stack = p; #ifdef __alpha__ regs->gp = ex.a_gpvalue; #endif start_thread(regs, ex.a_entry, p); if (current->flags & PF_PTRACED) send_sig(SIGTRAP, current, 0); #ifndef CONFIG_ARM return 0; #else return regs->ARM_r0; #endif }
int main(int argc, char *argv[]) { struct exec head; struct ecoff_exechdr ehead; struct ecoff_scnhdr escn[3]; int infd, outfd; int n; if (argc != 3) usage(); infd = open(argv[1], O_RDONLY); if (infd < 0) err(1, argv[1]); outfd = open(argv[2], O_WRONLY | O_TRUNC | O_CREAT, 0644); if (outfd < 0) err(1, argv[2]); n = read(infd, &head, sizeof(head)); if (n < sizeof(head)) err(1, "read"); if (N_BADMAG(head)) { printf("%s: bad magic number\n", argv[1]); exit(1); } if (head.a_trsize || head.a_drsize) { printf("%s: has relocations\n", argv[1]); exit(1); } /* * Header */ ehead.f.f_magic = 0x016d; /* MC88OMAGIC */ ehead.f.f_nscns = 3; ehead.f.f_timdat = 0; /* ignored */ ehead.f.f_symptr = 0; /* ignored */ ehead.f.f_nsyms = 0; /* ignored */ ehead.f.f_opthdr = sizeof ehead.a; ehead.f.f_flags = 0x020f; /* F_RELFLG | F_EXEC | F_LNNO | 8 | F_AR16WR */ ehead.a.magic = N_GETMAGIC(head); ehead.a.vstamp = 0; /* ignored */ ehead.a.tsize = head.a_text; /* ignored */ ehead.a.dsize = head.a_data; /* ignored */ ehead.a.bsize = head.a_bss; /* ignored */ ehead.a.entry = head.a_entry; ehead.a.text_start = N_TXTADDR(head); /* ignored */ ehead.a.data_start = N_DATADDR(head); /* ignored */ n = write(outfd, &ehead, sizeof(ehead)); if (n != sizeof(ehead)) err(1, "write"); /* * Sections. * Note that we merge .bss into .data since the PROM will not * clear it and locore does not do this either. */ strncpy(escn[0].s_name, ".text", sizeof escn[0].s_name); escn[0].s_paddr = N_TXTADDR(head); /* ignored, 1:1 mapping */ escn[0].s_size = round(head.a_text, 8); escn[0].s_scnptr = round(sizeof(ehead) + sizeof(escn), 0x10); escn[0].s_relptr = 0; escn[0].s_lnnoptr = 0; escn[0].s_nlnno = 0; escn[0].s_flags = 0x20; /* STYP_TEXT */ strncpy(escn[1].s_name, ".data", sizeof escn[1].s_name); escn[1].s_paddr = N_DATADDR(head); /* ignored, 1:1 mapping */ escn[1].s_scnptr = escn[0].s_scnptr + escn[0].s_size; escn[1].s_size = round(head.a_data + head.a_bss, 8); escn[1].s_relptr = 0; escn[1].s_lnnoptr = 0; escn[1].s_nlnno = 0; escn[1].s_flags = 0x40; /* STYP_DATA */ strncpy(escn[2].s_name, ".bss", sizeof escn[2].s_name); escn[2].s_paddr = N_BSSADDR(head) + head.a_bss; /* ignored, 1:1 mapping */ escn[2].s_scnptr = 0; /* nothing in the file */ escn[2].s_size = 0; escn[2].s_relptr = 0; escn[2].s_lnnoptr = 0; escn[2].s_nlnno = 0; escn[2].s_flags = 0x80; /* STYP_BSS */ /* adjust load addresses */ escn[0].s_paddr += (head.a_entry & ~(__LDPGSZ - 1)) - __LDPGSZ; escn[1].s_paddr += (head.a_entry & ~(__LDPGSZ - 1)) - __LDPGSZ; escn[2].s_paddr += (head.a_entry & ~(__LDPGSZ - 1)) - __LDPGSZ; escn[0].s_vaddr = escn[0].s_paddr; escn[1].s_vaddr = escn[1].s_paddr; escn[2].s_vaddr = escn[2].s_paddr; n = write(outfd, &escn, sizeof(escn)); if (n != sizeof(escn)) err(1, "write"); /* * Copy text section */ #ifdef DEBUG printf("copying %s: source %lx dest %lx size %x\n", escn[0].s_name, N_TXTOFF(head), escn[0].s_scnptr, head.a_text); #endif lseek(outfd, escn[0].s_scnptr, SEEK_SET); lseek(infd, N_TXTOFF(head), SEEK_SET); copybits(infd, outfd, head.a_text); /* * Copy data section */ #ifdef DEBUG printf("copying %s: source %lx dest %lx size %x\n", escn[1].s_name, N_DATOFF(head), escn[1].s_scnptr, head.a_data); #endif lseek(outfd, escn[1].s_scnptr, SEEK_SET); lseek(infd, N_DATOFF(head), SEEK_SET); copybits(infd, outfd, head.a_data); /* * ``Copy'' bss section */ #ifdef DEBUG printf("copying %s: size %lx\n", escn[2].s_name, round(head.a_data + head.a_bss, 8) - head.a_data); #endif zerobits(outfd, round(head.a_data + head.a_bss, 8) - head.a_data); close(infd); close(outfd); exit(0); }