RoyLuo
Load patch package into box
Parser patch (patch format)
Alloc patch memory area and copy image body
Drop RT-Threads into idle state
Modify two instructions of entrance of patched function
j target
nop
#define EI_NIDENT (16)
typedef struct
{
unsigned char e_ident[EI_NIDENT]; /* Magic number and other info */
Elf32_Half e_type; /* Object file type */
Elf32_Half e_machine; /* Architecture */
Elf32_Word e_version; /* Object file version */
Elf32_Addr e_entry; /* Entry point virtual address */
Elf32_Off e_phoff; /* Program header table file offset */
Elf32_Off e_shoff; /* Section header table file offset */
Elf32_Word e_flags; /* Processor-specific flags */
Elf32_Half e_ehsize; /* ELF header size in bytes */
Elf32_Half e_phentsize; /* Program header table entry size */
Elf32_Half e_phnum; /* Program header table entry count */
Elf32_Half e_shentsize; /* Section header table entry size */
Elf32_Half e_shnum; /* Section header table entry count */
Elf32_Half e_shstrndx; /* Section header string table index */
} Elf32_Ehdr;
typedef struct
{
Elf32_Word sh_name; /* Section name (string tbl index) */
Elf32_Word sh_type; /* Section type */
Elf32_Word sh_flags; /* Section flags */
Elf32_Addr sh_addr; /* Section virtual addr at execution */
Elf32_Off sh_offset; /* Section file offset */
Elf32_Word sh_size; /* Section size in bytes */
Elf32_Word sh_link; /* Link to another section */
Elf32_Word sh_info; /* Additional section information */
Elf32_Word sh_addralign; /* Section alignment */
Elf32_Word sh_entsize; /* Entry size if section holds table */
} Elf32_Shdr;
#define SHT_NULL 0 Section header table entry unused
#define SHT_PROGBITS 1 Program data
#define SHT_SYMTAB 2 Symbol table
#define SHT_STRTAB 3 String table
#define SHT_RELA 4 Relocation entries with addends
#define SHT_HASH 5 Symbol hash table
#define SHT_DYNAMIC 6 Dynamic linking information
#define SHT_NOTE 7 Notes
#define SHT_NOBITS 8 Program space with no data (bss)
#define SHT_REL 9 Relocation entries, no addends
#define SHF_WRITE (1 << 0) Writable
#define SHF_ALLOC (1 << 1) Occupies memory during execution
#define SHF_EXECINSTR (1 << 2) Executable
#define SHF_MERGE (1 << 4) Might be merged
#define SHF_STRINGS (1 << 5) Contains nul-terminated strings
#define SHF_INFO_LINK (1 << 6) `sh_info' contains SHT index
typedef struct
{
Elf32_Word st_name; /* Symbol name (string tbl index) */
Elf32_Addr st_value; /* Symbol value */
Elf32_Word st_size; /* Symbol size */
unsigned char st_info; /* Symbol type and binding */
unsigned char st_other; /* Symbol visibility */
Elf32_Section st_shndx; /* Section index */
} Elf32_Sym;
Text
#define ELF32_ST_BIND(val) (((unsigned char) (val)) >> 4)
#define ELF32_ST_TYPE(val) ((val) & 0xf)
#define ELF32_ST_INFO(bind, type) (((bind) << 4) + ((type) & 0xf))
不允许多次定义强符号
“multiple definition of “xxx””
__attribute__ ((weak)) void foo();
int main()
{
if (foo)
foo();
}
未初始化的全局变量
23: 00000004 4 OBJECT GLOBAL DEFAULT COM global_undef
typedef struct
{
Elf32_Addr r_offset; /* Address */
Elf32_Word r_info; /* Relocation type and symbol index */
Elf32_Sword r_addend; /* Addend */
} Elf32_Rela;
#define R_MIPS_NONE 0 No reloc
#define R_MIPS_16 1 Direct 16 bit
#define R_MIPS_32 2 Direct 32 bit
#define R_MIPS_REL32 3 PC relative 32 bit
#define R_MIPS_26 4 Direct 26 bit shifted
#define R_MIPS_HI16 5 High 16 bit
#define R_MIPS_LO16 6 Low 16 bit
#define R_MIPS_GPREL16 7 GP relative 16 bit
#define R_MIPS_LITERAL 8 16 bit literal entry
#define R_MIPS_GOT16 9 16 bit GOT entry
#define R_MIPS_PC16 10 PC relative 16 bit
#define R_MIPS_CALL16 11 16 bit GOT entry for function
#define R_MIPS_GPREL32 12 GP relative 32 bit
00000000 <function_handler>:
0: 27bdffe8 addiu sp,sp,-24
4: afbf0010 sw ra,16(sp)
8: 0c000000 jal 0 <function_handler>
c: 00a02021 move a0,a1
10: 8fbf0010 lw ra,16(sp)
14: 00001021 move v0,zero
18: 03e00008 jr ra
1c: 27bd0018 addiu sp,sp,24
00000000 <function_handler>:
0: 27bdffe8 addiu sp,sp,-24
4: afbf0010 sw ra,16(sp)
function_handler(m);
8: 3c020000 lui v0,0x0 0x3c021813
c: 24420000 addiu v0,v0,0 0x2442aa44
10: 0040f809 jalr v0
14: 00a02021 move a0,a1
18: 8fbf0010 lw ra,16(sp)
1c: 00001021 move v0,zero
20: 03e00008 jr ra
24: 27bd0018 addiu sp,sp,24
程序员的自我修养—链接 装载与库
insmod.c
modutils 2.4.27
static_yyy = 0;
2c: 3c020000 lui v0,0x0 0x3c025000
30: ac400004 sw zero,4(v0) 0xac400094
static_zzz = 0;
34: 3c030000 lui v1,0x0 0x3c035000
38: ac600000 sw zero,0(v1) 0xac600090
Dynamic Link
–fPIC, Position-independent Code
GOT, Global Offset Table
PLT, Procedure Linkage Table