void
hide_sym(Elf_Ehdr * ehdr, Elf_Shdr * symsect,
Elf_Sym * symtab, int symtabsize, int symtabsecnum)
{
int i;
unsigned char info;
Elf_Sym *psymtab;
for (i = 0; i < (symtabsize / sizeof(Elf_Sym)); i++) {
psymtab = &(symtab[i]);
if ((psymtab->st_info & 0xf0) == 0x10 &&
(psymtab->st_shndx != SHN_UNDEF)) {
if (in_keep_list(get_str(psymtab->st_name)))
continue;
#ifdef DEBUG
printf("symbol %d:\n", i);
printf("st_name %x \"%s\"\n", psymtab->st_name,
get_str(psymtab->st_name));
printf("st_info %x\n", psymtab->st_info);
#endif
if (!elf_mangle) {
info = psymtab->st_info;
info = info & 0xf;
psymtab->st_info = info;
} else {
mangle_str(get_str(psymtab->st_name));
}
#ifdef DEBUG
printf("st_info %x\n", psymtab->st_info);
#endif
}
}
reorder_syms(ehdr, symsect, symtab, symtabsize, symtabsecnum);
}
int hide_aout(int inf, const char *filename)
{
struct stat infstat;
struct relocation_info *relp;
struct nlist *symp;
int rc;
/*
* do some error checking.
*/
if(fstat(inf, &infstat) == -1) {
perror(filename);
return 1;
}
/*
* Read the entire file into memory. XXX - Really, we only need to
* read the header and from TRELOFF to the end of the file.
*/
if((aoutdata = (char *) malloc(infstat.st_size)) == NULL) {
fprintf(stderr, "%s: too big to read into memory\n", filename);
return 1;
}
if((rc = read(inf, aoutdata, infstat.st_size)) < infstat.st_size) {
fprintf(stderr, "%s: read error: %s\n", filename,
rc == -1? strerror(errno) : "short read");
return 1;
}
/*
* Calculate offsets and sizes from the header.
*/
hdrp = (struct exec *) aoutdata;
#ifdef __FreeBSD__
textrel = (struct relocation_info *) (aoutdata + N_RELOFF(*hdrp));
datarel = (struct relocation_info *) (aoutdata + N_RELOFF(*hdrp) +
hdrp->a_trsize);
#else
textrel = (struct relocation_info *) (aoutdata + N_TRELOFF(*hdrp));
datarel = (struct relocation_info *) (aoutdata + N_DRELOFF(*hdrp));
#endif
symbase = (struct nlist *) (aoutdata + N_SYMOFF(*hdrp));
strbase = (char *) (aoutdata + N_STROFF(*hdrp));
ntextrel = hdrp->a_trsize / sizeof(struct relocation_info);
ndatarel = hdrp->a_drsize / sizeof(struct relocation_info);
nsyms = hdrp->a_syms / sizeof(struct nlist);
/*
* Zap the type field of all globally-defined symbols. The linker will
* subsequently ignore these entries. Don't zap any symbols in the
* keep list.
*/
for(symp = symbase; symp < symbase + nsyms; symp++) {
if(!IS_GLOBAL_DEFINED(symp)) /* keep undefined syms */
continue;
/* keep (C) symbols which are on the keep list */
if(SYMSTR(symp)[0] == '_' && in_keep_list(SYMSTR(symp) + 1))
continue;
symp->n_type = 0;
}
/*
* Check whether the relocation entries reference any symbols that we
* just zapped. I don't know whether ld can handle this case, but I
* haven't encountered it yet. These checks are here so that the program
* doesn't fail silently should such symbols be encountered.
*/
for(relp = textrel; relp < textrel + ntextrel; relp++)
check_reloc(filename, relp);
for(relp = datarel; relp < datarel + ndatarel; relp++)
check_reloc(filename, relp);
/*
* Write the .o file back out to disk. XXX - Really, we only need to
* write the symbol table entries back out.
*/
lseek(inf, 0, SEEK_SET);
if((rc = write(inf, aoutdata, infstat.st_size)) < infstat.st_size) {
fprintf(stderr, "%s: write error: %s\n", filename,
rc == -1? strerror(errno) : "short write");
return 1;
}
return 0;
}
/*
* This function 'hides' (some of) ELF executable file's symbols.
* It hides them by renaming them to "_$$hide$$ <filename> <symbolname>".
* Symbols in the global keep list, or which are marked as being undefined,
* are left alone.
*
* An old version of this code shuffled various tables around, turning
* global symbols to be hidden into local symbols. That lost on the
* mips, because CALL16 relocs must reference global symbols, and, if
* those symbols were being hidden, they were no longer global.
*
* The new renaming behaviour doesn't take global symbols out of the
* namespace. However, it's ... unlikely that there will ever be
* any collisions in practice because of the new method.
*/
int
ELFNAMEEND(hide)(int fd, const char *fn)
{
Elf_Ehdr ehdr;
struct shlayout *layoutp = NULL;
Elf_Shdr *shdrp = NULL, *symtabshdr, *strtabshdr, *shstrtabshdr;
Elf_Shdr shdrshdr;
Elf_Sym *symtabp = NULL;
char *shstrtabp = NULL, *strtabp = NULL;
Elf_Size nsyms, ewi;
Elf_Off off;
ssize_t shdrsize;
int rv, i, weird, l, m, r, strtabidx;
size_t nstrtab_size, nstrtab_nextoff, fn_size, size;
char *nstrtabp = NULL;
unsigned char data;
const char *weirdreason = NULL;
void *buf;
Elf_Half shnum;
rv = 0;
if (xreadatoff(fd, &ehdr, 0, sizeof ehdr, fn) != sizeof ehdr)
goto bad;
data = ehdr.e_ident[EI_DATA];
shnum = xe16toh(ehdr.e_shnum);
shdrsize = shnum * xe16toh(ehdr.e_shentsize);
if ((shdrp = xmalloc(shdrsize, fn, "section header table")) == NULL)
goto bad;
if (xreadatoff(fd, shdrp, xewtoh(ehdr.e_shoff), shdrsize, fn) !=
shdrsize)
goto bad;
symtabshdr = strtabshdr = shstrtabshdr = NULL;
weird = 0;
for (i = 0; i < shnum; i++) {
switch (xe32toh(shdrp[i].sh_type)) {
case SHT_SYMTAB:
if (symtabshdr != NULL) {
weird = 1;
weirdreason = "multiple symbol tables";
}
symtabshdr = &shdrp[i];
strtabshdr = &shdrp[xe32toh(shdrp[i].sh_link)];
break;
case SHT_STRTAB:
if (i == xe16toh(ehdr.e_shstrndx))
shstrtabshdr = &shdrp[i];
break;
}
}
if (symtabshdr == NULL)
goto out;
if (strtabshdr == NULL) {
weird = 1;
weirdreason = "string table does not exist";
}
if (shstrtabshdr == NULL) {
weird = 1;
weirdreason = "section header string table does not exist";
}
if (weirdreason == NULL)
weirdreason = "unsupported";
if (weird) {
fprintf(stderr, "%s: weird executable (%s)\n", fn, weirdreason);
goto bad;
}
/*
* sort section layout table by offset
*/
layoutp = xmalloc((shnum + 1) * sizeof(struct shlayout),
fn, "layout table");
if (layoutp == NULL)
goto bad;
/* add a pseudo entry to represent the section header table */
shdrshdr.sh_offset = ehdr.e_shoff;
shdrshdr.sh_size = htoxew(shdrsize);
shdrshdr.sh_addralign = htoxew(ELFSIZE / 8);
layoutp[shnum].shdr = &shdrshdr;
/* insert and sort normal section headers */
for (i = shnum; i-- != 0;) {
l = i + 1;
r = shnum;
while (l <= r) {
m = ( l + r) / 2;
if (xewtoh(shdrp[i].sh_offset) >
xewtoh(layoutp[m].shdr->sh_offset))
l = m + 1;
else
r = m - 1;
}
if (r != i) {
memmove(&layoutp[i], &layoutp[i + 1],
sizeof(struct shlayout) * (r - i));
}
layoutp[r].shdr = &shdrp[i];
layoutp[r].bufp = NULL;
}
++shnum;
/*
* load up everything we need
*/
/* load section string table for debug use */
if ((size = xewtoh(shstrtabshdr->sh_size)) == 0)
goto bad;
if ((shstrtabp = xmalloc(size, fn, "section string table")) == NULL)
goto bad;
if ((size_t)xreadatoff(fd, shstrtabp, xewtoh(shstrtabshdr->sh_offset),
size, fn) != size)
goto bad;
if (shstrtabp[size - 1] != '\0')
goto bad;
/* we need symtab, strtab, and everything behind strtab */
strtabidx = INT_MAX;
for (i = 0; i < shnum; i++) {
if (layoutp[i].shdr == &shdrshdr) {
/* not load section header again */
layoutp[i].bufp = shdrp;
continue;
}
if (layoutp[i].shdr == shstrtabshdr) {
/* not load section string table again */
layoutp[i].bufp = shstrtabp;
continue;
}
if (layoutp[i].shdr == strtabshdr)
strtabidx = i;
if (layoutp[i].shdr == symtabshdr || i >= strtabidx) {
off = xewtoh(layoutp[i].shdr->sh_offset);
if ((size = xewtoh(layoutp[i].shdr->sh_size)) == 0)
goto bad;
layoutp[i].bufp = xmalloc(size, fn,
shstrtabp + xewtoh(layoutp[i].shdr->sh_name));
if (layoutp[i].bufp == NULL)
goto bad;
if ((size_t)xreadatoff(fd, layoutp[i].bufp, off, size, fn) !=
size)
goto bad;
/* set symbol table and string table */
if (layoutp[i].shdr == symtabshdr) {
symtabp = layoutp[i].bufp;
} else if (layoutp[i].shdr == strtabshdr) {
strtabp = layoutp[i].bufp;
if (strtabp[size - 1] != '\0')
goto bad;
}
}
}
nstrtab_size = 256;
nstrtabp = xmalloc(nstrtab_size, fn, "new string table");
if (nstrtabp == NULL)
goto bad;
nstrtab_nextoff = 0;
fn_size = strlen(fn);
/* Prepare data structures for symbol movement. */
nsyms = xewtoh(symtabshdr->sh_size) / xewtoh(symtabshdr->sh_entsize);
/* move symbols, making them local */
for (ewi = 0; ewi < nsyms; ewi++) {
Elf_Sym *sp = &symtabp[ewi];
const char *symname = strtabp + xe32toh(sp->st_name);
size_t newent_len;
/*
* make sure there's size for the next entry, even if it's
* as large as it can be.
*
* "_$$hide$$ <filename> <symname><NUL>" ->
* 9 + 3 + sizes of fn and sym name
*/
while ((nstrtab_size - nstrtab_nextoff) <
strlen(symname) + fn_size + 12) {
nstrtab_size *= 2;
nstrtabp = xrealloc(nstrtabp, nstrtab_size, fn,
"new string table");
if (nstrtabp == NULL)
goto bad;
}
sp->st_name = htowew(nstrtab_nextoff);
/* if it's a keeper or is undefined, don't rename it. */
if (in_keep_list(symname) ||
(xe16toh(sp->st_shndx) == SHN_UNDEF)) {
newent_len = sprintf(nstrtabp + nstrtab_nextoff,
"%s", symname) + 1;
} else {
newent_len = sprintf(nstrtabp + nstrtab_nextoff,
"_$$hide$$ %s %s", fn, symname) + 1;
}
nstrtab_nextoff += newent_len;
}
strtabshdr->sh_size = htoxew(nstrtab_nextoff);
/*
* update section header table in ascending order of offset
*/
for (i = strtabidx + 1; i < shnum; i++) {
Elf_Off off, align;
off = xewtoh(layoutp[i - 1].shdr->sh_offset) +
xewtoh(layoutp[i - 1].shdr->sh_size);
align = xewtoh(layoutp[i].shdr->sh_addralign);
off = (off + (align - 1)) & ~(align - 1);
layoutp[i].shdr->sh_offset = htoxew(off);
}
/*
* write data to the file in descending order of offset
*/
for (i = shnum; i-- != 0;) {
if (layoutp[i].shdr == strtabshdr) {
/* new string table */
buf = nstrtabp;
} else
buf = layoutp[i].bufp;
if (layoutp[i].shdr == &shdrshdr ||
layoutp[i].shdr == symtabshdr || i >= strtabidx) {
if (buf == NULL)
goto bad;
/*
* update the offset of section header table in elf
* header if needed.
*/
if (layoutp[i].shdr == &shdrshdr &&
ehdr.e_shoff != shdrshdr.sh_offset) {
ehdr.e_shoff = shdrshdr.sh_offset;
off = offsetof(Elf_Ehdr, e_shoff);
size = sizeof(Elf_Off);
if ((size_t)xwriteatoff(fd, &ehdr.e_shoff, off, size,
fn) != size)
goto bad;
}
off = xewtoh(layoutp[i].shdr->sh_offset);
size = xewtoh(layoutp[i].shdr->sh_size);
if ((size_t)xwriteatoff(fd, buf, off, size, fn) != size)
goto bad;
}
}
out:
if (layoutp != NULL) {
for (i = 0; i < shnum; i++) {
if (layoutp[i].bufp != NULL)
free(layoutp[i].bufp);
}
free(layoutp);
}
free(nstrtabp);
return (rv);
bad:
rv = 1;
goto out;
}
void
hide_syms(char *filename)
{
int inf, outf, rc;
struct stat infstat;
struct relocation_info *relp;
struct nlist *symp;
char *buf;
u_char zero = 0;
/*
* Open the file and do some error checking.
*/
if ((inf = open(filename, O_RDWR)) == -1) {
perror(filename);
return;
}
if (fstat(inf, &infstat) == -1) {
perror(filename);
close(inf);
return;
}
if (infstat.st_size < sizeof(struct exec)) {
fprintf(stderr, "%s: short file\n", filename);
close(inf);
return;
}
if ((buf = mmap(NULL, infstat.st_size, PROT_READ | PROT_WRITE,
MAP_FILE | MAP_SHARED, inf, 0)) == MAP_FAILED) {
fprintf(stderr, "%s: cannot map\n", filename);
close(inf);
return;
}
#ifdef _NLIST_DO_ELF
if (buf[0] == 0x7f && (buf[1] == 'E' || buf[1] == 'O') &&
buf[2] == 'L' && buf[3] == 'F') {
elf_hide(inf, buf);
return;
}
#endif /* _NLIST_DO_ELF */
#ifdef _NLIST_DO_ECOFF
if (!ECOFF_BADMAG((struct ecoff_exechdr *) buf)) {
ecoff_hide(inf, buf);
return;
}
#endif /* _NLIST_DO_ECOFF */
#ifdef DO_AOUT
aoutdata = buf;
/*
* Check the header and calculate offsets and sizes from it.
*/
hdrp = (struct exec *) aoutdata;
if (N_BADMAG(*hdrp)) {
fprintf(stderr, "%s: bad magic: not an a.out, ecoff or elf file\n",
filename);
close(inf);
return;
}
textrel = (struct relocation_info *) (aoutdata + N_TRELOFF(*hdrp));
datarel = (struct relocation_info *) (aoutdata + N_DRELOFF(*hdrp));
symbase = (struct nlist *) (aoutdata + N_SYMOFF(*hdrp));
strbase = (char *) (aoutdata + N_STROFF(*hdrp));
ntextrel = hdrp->a_trsize / sizeof(struct relocation_info);
ndatarel = hdrp->a_drsize / sizeof(struct relocation_info);
nsyms = hdrp->a_syms / sizeof(struct nlist);
/*
* Zap the type field of all globally-defined symbols. The linker will
* subsequently ignore these entries. Don't zap any symbols in the
* keep list.
*/
for (symp = symbase; symp < symbase + nsyms; symp++)
if (IS_GLOBAL_DEFINED(symp) && !in_keep_list(SYMSTR(symp))) {
/*
* XXX Our VM system has some problems, so
* avoid the VM system....
*/
lseek(inf, (off_t) ((void *) &symp->n_type -
(void *) buf), SEEK_SET);
write(inf, &zero, sizeof zero);
symp->n_type = 0;
}
/*
* Check whether the relocation entries reference any symbols that we
* just zapped. I don't know whether ld can handle this case, but I
* haven't encountered it yet. These checks are here so that the program
* doesn't fail silently should such symbols be encountered.
*/
for (relp = textrel; relp < textrel + ntextrel; relp++)
check_reloc(filename, relp);
for (relp = datarel; relp < datarel + ndatarel; relp++)
check_reloc(filename, relp);
msync(buf, infstat.st_size, MS_SYNC);
munmap(buf, infstat.st_size);
close(inf);
#endif /* DO_AOUT */
}
void
hide_sym(Elf_Ehdr * ehdr, Elf_Shdr * symsect,
Elf_Sym * symtab, int symtabsize, int symtabsecnum)
{
int i;
unsigned char info;
Elf_Sym *psymtab;
#ifdef __mips__
u_int32_t f = arc4random();
#endif
for (i = 0; i < (symtabsize / sizeof(Elf_Sym)); i++) {
psymtab = &(symtab[i]);
if ((psymtab->st_info & 0xf0) == 0x10 &&
(psymtab->st_shndx != SHN_UNDEF)) {
if (in_keep_list(get_str(psymtab->st_name)))
continue;
#ifdef DEBUG
printf("symbol %d:\n", i);
printf("st_name %x \"%s\"\n", psymtab->st_name,
get_str(psymtab->st_name));
printf("st_info %x\n", psymtab->st_info);
#endif
#ifndef __mips__
info = psymtab->st_info;
info = info & 0xf;
psymtab->st_info = info;
#else
/*
* XXX This is a small ugly hack to be able to use
* XXX chrunchide with MIPS.
* XXX Because MIPS needs global symbols to stay
* XXX global (has to do with GOT), we mess around
* XXX with the symbol names instead. For most uses
* XXX this will be no problem, symbols are stripped
* XXX anyway. However, if many one character
* XXX symbols exist, names may clash.
*/
{
char *p;
u_int32_t n, z;
z = f++;
p = get_str(psymtab->st_name);
n = strlen(p);
if (n > 4)
n = 4;
while (n--) {
p[n] = z;
z >>= 8;
while (p[n] == 0)
p[n] += arc4random();
}
}
#endif
#ifdef DEBUG
printf("st_info %x\n", psymtab->st_info);
#endif
}
}
reorder_syms(ehdr, symsect, symtab, symtabsize, symtabsecnum);
}
