-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathglibc_open_verify_32.lmod
94 lines (69 loc) · 3.18 KB
/
glibc_open_verify_32.lmod
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
### Model for ELF loading in 32-bit glibc
## Written by Ervin Oro
# Note: this is not done for ELF files that are loaded by the kernel (usual for executables)
# Not part of glibc, but implementation details
DEFINE MAX_FILESIZE 1000
LOADREL glibc_elf linux
INPUT HEADER MAX_FILESIZE
DEFINE ELF_LENGTH 1000 # TODO!
P: elf <- HEADER
P: ehdr <- elf[0, (sizeof Elf32_Ehdr)] AS Elf32_Ehdr
# dl-load.c:1567
# "file too short"
V1: (Ge ELF_LENGTH (sizeof Elf32_Ehdr)) term
# dl-load.c:1593
# "invalid ELF header"
V2: (And (And (Eq ehdr.e_ident[EI_MAG0] ELFMAG0) (Eq ehdr.e_ident[EI_MAG1] ELFMAG1)) (And (Eq ehdr.e_ident[EI_MAG2] ELFMAG2) (Eq ehdr.e_ident[EI_MAG3] ELFMAG3))) term
# dl-load.c:1607
# "wrong ELF class"
V3: (Eq ehdr.e_ident[EI_CLASS] ELFCLASS32) term
# dl-load.c:1615
# "ELF file data encoding not little-endian"
V4: (Eq ehdr.e_ident[EI_DATA] ELFDATA2LSB) term
# dl-load.c:1622
# "ELF file version ident does not match current one"
V5: (Eq ehdr.e_ident[EI_VERSION] EV_CURRENT) term
# dl-load.c:1627
# "ELF file OS ABI invalid"
V6: (Eq ehdr.e_ident[EI_OSABI] ELFOSABI_SYSV) term
# dl-load.c:1629
# "ELF file ABI version invalid"
V7: (Eq ehdr.e_ident[EI_ABIVERSION] 0) term
# dl-load.c:1632
V8: Eq ehdr.e_ident[EI_PAD, 7] 0x0
# dl-load.c:1642
# "ELF file version does not match current one"
V9: (Eq ehdr.e_version EV_CURRENT) term
# sysdeps/i386/dl-machine.h:33
V10: (Eq ehdr.e_machine EM_386) term
# dl-load.c:1649
# "only ET_DYN and ET_EXEC can be loaded"
V11: (Or (Eq ehdr.e_type ET_EXEC) (Eq ehdr.e_type ET_DYN)) term
# dl-load.c:1655
# "ELF file's phentsize not the expected size"
V12: (Eq ehdr.e_phentsize (sizeof Elf32_Phdr)) term
#dl-load.c:1667
V13: (Ge ELF_LENGTH (Add (Mul (sizeof Elf32_Phdr) ehdr.e_phnum) ehdr.e_phoff)) term
LOADREL glibc_extra linux
# based on my kernel
DEFINE dl_osversion 0x50300
L2: phdr <- LOOP(elf, ehdr.e_phoff, (sizeof Elf32_Phdr), ehdr.e_phnum, 4) AS Elf32_Phdr
V14: (And (And (Eq phdr.p_type PT_NOTE) (Ge phdr.p_filesz 32)) (Or (Eq phdr.p_align 4) (Eq phdr.p_align 8)))
#dl-load.c:1706
V15(V14): (UGe ELF_LENGTH (Add phdr.p_offset phdr.p_filesz)) term
P: p_align <- phdr.p_align
P: p_size <- phdr.p_filesz
################## This needs a VLoop ##################
##### dl-load.c:1713 variable lenght strings
# L3: abi_note <- LOOP(elf, phdr.p_offset, sizeof Elf32_Note, 10, 3) AS Elf32_Note # TODO dl-load.c:1714
L3: abi_note_off <- VLOOP(phdr.p_offset, nxt_abi_note, V16, 3) # TODO dl-load.c:1714
P: abi_note <- elf[abi_note_off, sizeof Elf32_Note] AS Elf32_Note
P: namesz <- abi_note.namesz
P: descsz <- abi_note.descsz
P: note_size <- ALIGNUP (ADD (ALIGNUP (ADD namesz 4) p_align) descsz) p_align
P: nxt_abi_note <- ADD abi_note_off note_size
V16: (And (And (Eq abi_note.namesz 4) (Eq abi_note.descsz 16)) (And (Eq abi_note.type 1) (And (And (Eq abi_note.name[0] "G") (Eq abi_note.name[1] "N")) (And (Eq abi_note.name[2] "U") (Eq abi_note.name[3] 0)))))
P(V16): osversion <- (Add (Add (Mul (BitAnd abi_note.desc[1] 0xff) 65536) (Mul (BitAnd abi_note.desc[2] 0xff) 256)) (BitAnd abi_note.desc[3] 0xff))
V17(V16): (And (Eq abi_note.desc[0] 0) (Or (Eq dl_osversion 0) (Ge dl_osversion osversion))) term
END L3
END L2