864fe2ffb77a5eec43985dd2c1de28d34ff84c7d
explain/tinyelf-arm.md
| ... | ... | @@ -12,8 +12,95 @@ Looks like breadbox didn't want to go down *this* rabbithole. So we'll have to d |
| 12 | 12 | |
| 13 | 13 | ### A few questions on the target platform |
| 14 | 14 | |
| 15 | -* How many ARM Linux machines have... |
|
| 16 | - * Thumb support? (`thumb` in `/proc/cpuinfo`) |
|
| 17 | - * Halfword load/store support? (`ldrh`/`strh`, `half` in `/proc/cpuinfo`) |
|
| 18 | - * A fast multiplier? (`fastmult` in `/proc/cpuinfo`) |
|
| 19 | -* How many kernels are OABI, EABI with OABI support, or EABI-only? |
|
| 15 | +* How many ARM Linux machines have `thumb`, `half` and `fastmult`? EABI or OABI? |
|
| 16 | + * Seems to be common enough. OABI is dead, everyone's on EABI now. |
|
| 17 | +* Which CPU are we targetting? ARMv6T (RPI1)? ARMv5TE? |
|
| 18 | + |
|
| 19 | + |
|
| 20 | +### Minimal ELF Poc |
|
| 21 | + |
|
| 22 | +Not *that* minimal :) (But it should be able to show you which fields can be bogus quite clearly.) |
|
| 23 | + |
|
| 24 | +``` |
|
| 25 | +gcc -c -o tiny.o tiny.S |
|
| 26 | +ld -nostdlib -nostartfiles -T tiny.ld -o tiny.elf tiny.o |
|
| 27 | +objcopy -O binary tiny.elf tiny.bin # somehow ld --oformat=binary no worky? |
|
| 28 | +``` |
|
| 29 | + |
|
| 30 | +(Of course, the toolchain should be `arm-linux-gnueabi` or sth.) |
|
| 31 | + |
|
| 32 | +``` |
|
| 33 | +@ tiny.S |
|
| 34 | +.arch armv5te ; @.cpu arm946e-s |
|
| 35 | + |
|
| 36 | +.section .ehdr,"awx",%progbits |
|
| 37 | +.align 4 |
|
| 38 | +.arm |
|
| 39 | + |
|
| 40 | +#define ORG 0x08048000 |
|
| 41 | + |
|
| 42 | +ehdr: |
|
| 43 | + e_ident: |
|
| 44 | + .byte 0x7F; .ascii "ELF" |
|
| 45 | + .byte 'p' @ ELFCLASS32 |
|
| 46 | + .byte 'c' @ ELFDATA2LSB |
|
| 47 | + .byte 'y' @ EV_CURRENT |
|
| 48 | + .byte '/' @ EI_OSABI_SYSV |
|
| 49 | + @ EI_ABIVERSION |
|
| 50 | + .ascii "K2^TiTAN" @.byte 0,0,0,0,0,0,0 @ EI_PAD |
|
| 51 | + e_type: .2byte 2 @ ET_EXEC |
|
| 52 | + e_machine: .2byte 40 @ EM_ARM |
|
| 53 | + e_version: .4byte 1337 |
|
| 54 | + e_entry: .4byte _start |
|
| 55 | + e_phoff: .4byte phdr - ehdr |
|
| 56 | + e_shoff: .4byte 31337 |
|
| 57 | + e_flags: |
|
| 58 | + @.4byte 0x2|0x4|0x40|0x80|0x00400000|0x05000000 |
|
| 59 | + @ 2: hasentry |
|
| 60 | + @ 4: thumb interwork |
|
| 61 | + @ 40: 8-bit struct alignment |
|
| 62 | + @ 80: EABI |
|
| 63 | + @ 00400000: little-endian AAPCS |
|
| 64 | + @ 05000000: EABI v5 |
|
| 65 | + .4byte 0xdeadbeef @ 0x05000000 @ EABIv5, no float stuff |
|
| 66 | + e_ehsize: .2byte e__end - ehdr |
|
| 67 | + e_phentsize: .2byte p__end - phdr |
|
| 68 | + e_phnum: .2byte 1 |
|
| 69 | + e_shentsize: .2byte 1337 |
|
| 70 | + e_shnum: .2byte 1337 |
|
| 71 | + e_shstrndx: .2byte 1337 |
|
| 72 | + e__end: |
|
| 73 | +phdr: |
|
| 74 | + p_type: .4byte 1 @ PT_LOAD |
|
| 75 | + p_offset: .4byte 0 |
|
| 76 | + p_vaddr: .4byte ORG |
|
| 77 | + p_paddr: .4byte 1337 |
|
| 78 | + p_filesz: .4byte _start__end - _start + e__end - ehdr + p__end - phdr |
|
| 79 | + p_memsz: .4byte _start__end - _start + e__end - ehdr + p__end - phdr |
|
| 80 | + p_flags: .4byte 5 | (1337 << 8) @ R=4 W=2 X=1 |
|
| 81 | + p_align: .4byte 0xDEADBEEF @ 0x1000 |
|
| 82 | + p__end: |
|
| 83 | + |
|
| 84 | +.global _start |
|
| 85 | +_start: |
|
| 86 | + mov r7, #1 @ SYS_exit |
|
| 87 | + mov r0, #42 |
|
| 88 | + swi #31337 @ literal can be nonsense |
|
| 89 | + @bkpt #1337 @ like x86 int3 @ literal can be nonsense |
|
| 90 | +_start__end: |
|
| 91 | +``` |
|
| 92 | + |
|
| 93 | +``` |
|
| 94 | +/* tiny.ld */ |
|
| 95 | +OUTPUT_FORMAT("elf32-littlearm","elf32-bigarm","elf32-littlearm") |
|
| 96 | +OUTPUT_ARCH(arm) |
|
| 97 | +ENTRY(_start) |
|
| 98 | + |
|
| 99 | +SECTIONS { |
|
| 100 | + . = 0x08048000; |
|
| 101 | + |
|
| 102 | + .ehdr : { |
|
| 103 | + *(.ehdr*) |
|
| 104 | + } |
|
| 105 | +} |
|
| 106 | +``` |
|
| ... | ... | \ No newline at end of file |