chore: add linker script

cinit · Dec 10, 2024 · 884780c · 884780c
1 parent 941338e
commit 884780c
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 14 deletions.
diff --git a/attic/README.md b/attic/README.md
@@ -89,35 +89,43 @@ Some compilers/linker specific flags are needed to compile the shellcode.
 - Visibility: `-fvisibility=hidden -fvisibility-inlines-hidden`
 - Make linker complain about missing symbols: `-Wl,--no-allow-shlib-undefined,--no-undefined`
 - Disable lazy binding: `-Wl,-z,defs,-z,now,-z,relro`
-- Remove unused sections: `-Wl,--gc-sections`
+- Specify the linker script: `-T,shellcode.ld`
+- Remove unused code: `-Wl,--gc-sections`
 
 An example command to compile the shellcode:
 
 ```shell
 /path/to/clang++ -shared -fPIC -std=c++14 -O3 \
 -fvisibility=hidden -fvisibility-inlines-hidden -fno-omit-frame-pointer -Wall \
 -fno-rtti -fno-exceptions -nostdlib \
--Wl,-Bsymbolic,--no-allow-shlib-undefined,--no-undefined,-z,defs,-z,now,-z,relro,--gc-sections \
+-Wl,-Bsymbolic,--no-allow-shlib-undefined,--no-undefined,-z,defs,-z,now,-z,relro,--gc-sections,-T,shellcode.ld \
 -I/path/to/jni/include -I/path/to/linux-syscall-support \
 all_in_one.cc -o libcore_syscall.so
 ```
 
-The `file *.so` output may look like this:
+The `readelf --dynamic *.so` output may look like this:
 
 ```text
-shellcode-arm.so:     ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), static-pie linked, not stripped
-shellcode-arm64.so:   ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), static-pie linked, not stripped
-shellcode-mips.so:    ELF 32-bit LSB shared object, MIPS, MIPS32 version 1 (SYSV), static-pie linked, not stripped
-shellcode-mips64.so:  ELF 64-bit LSB shared object, MIPS, MIPS64 rel6 version 1 (SYSV), static-pie linked, not stripped
-shellcode-riscv64.so: ELF 64-bit LSB shared object, UCB RISC-V, RVC, double-float ABI, version 1 (SYSV), static-pie linked, not stripped
-shellcode-x86.so:     ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), static-pie linked, not stripped
-shellcode-x86_64.so:  ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), static-pie linked, not stripped
+Dynamic section at offset 0x1000 contains 9 entries:
+  Tag        Type                         Name/Value
+ 0x000000000000001e (FLAGS)              SYMBOLIC BIND_NOW
+ 0x000000006ffffffb (FLAGS_1)            Flags: NOW
+ 0x0000000000000006 (SYMTAB)             0x1090
+ 0x000000000000000b (SYMENT)             24 (bytes)
+ 0x0000000000000005 (STRTAB)             0x1258
+ 0x000000000000000a (STRSZ)              444 (bytes)
+ 0x000000006ffffef5 (GNU_HASH)           0x14b8
+ 0x0000000000000004 (HASH)               0x1414
+ 0x0000000000000000 (NULL)               0x0
 ```
 
-Note that they should be `static-pie linked`, not `dynamically linked`.
+Note that there should be no `DT_NEEDED` entry in the dynamic section.
 
 Get the symbol table: `llvm-objdump -T libcore_syscall.so`
 
-Dump the text section: `llvm-objcopy -O binary --only-section=.text libcore_syscall.so shellcode.bin`
+If you are using your own linker script, make sure that the `.text` and `.rodata` sections are in the right place.
+
+Dump the .text and .rodata sections:
+`llvm-objcopy -O binary --only-section=.text --only-section=.rodata libcore_syscall.so shellcode.bin`
 
 That's all for the shellcode.
diff --git a/attic/hook_info.cc b/attic/hook_info.cc
@@ -1,8 +1,8 @@
 #include "hook_info.h"
 
 EXPORT volatile HookInfo* get_hook_info() {
-    // place the hook info in the .text section, it will be filled before the shellcode is executed
-    __attribute__((aligned(16), section(".text")))
+    // place the hook info in the .rodata.hook_info section, it will be filled before the shellcode is executed
+    __attribute__((aligned(16), section(".rodata.hook_info")))
     static volatile HookInfo sHookInfo = {0xdeafbeef, {(int* (*)()) 0x114514}, {0x1000}};
     return &sHookInfo;
 }

diff --git a/attic/shellcode.ld b/attic/shellcode.ld
@@ -0,0 +1,63 @@
+
+MEMORY {
+    ramheader (r!wx) : ORIGIN = 0x0000, LENGTH = 1K
+    ramnone (r!wx) : ORIGIN = 0x1000, LENGTH = 3K
+    ramrx (rx!w) : ORIGIN = 0x2000, LENGTH = 4K
+    ramrw (rw!x) : ORIGIN = 0x3000, LENGTH = 4K
+}
+
+PHDRS {
+    headers PT_PHDR PHDRS;
+    phdr    PT_LOAD FILEHDR PHDRS FLAGS(4);
+    text    PT_LOAD FLAGS(5);
+    data    PT_LOAD FLAGS(6);
+    bss     PT_LOAD FLAGS(6);
+    dynamic PT_DYNAMIC;
+}
+
+SECTIONS {
+
+    .dynamic : {
+        *(.dynamic)
+    } > ramnone : phdr
+
+    .dynsym : {
+        *(.dynsym)
+    } > ramnone : phdr
+
+    .dynstr : {
+        *(.dynstr)
+    } > ramnone : phdr
+
+    .hash : {
+        *(.hash)
+    } > ramnone : phdr
+
+    .gnu.hash : {
+        *(.gnu.hash)
+    } > ramnone : phdr
+
+    .eh_frame : {
+        *(.eh_frame)
+    } > ramnone : phdr
+
+    .text : {
+        . = ALIGN(4096);
+        PROVIDE( __text_start = . );
+        *(.text.init) *(.text .text.*)
+        PROVIDE( __text_end = . );
+    } > ramrx : text
+
+    .rodata : {
+        *(.rodata .rodata.*)
+    } > ramrx : text
+
+    .data : {
+        *(*.sdata .sdata*) *(.data .data.*)
+    } > ramrw : data
+
+    .bss : {
+        *(.sbss .sbss.*) *(.bss .bss.*)
+    } > ramrw : bss
+
+}