Elves, what do you mean by that?
Well, there is this file format called ELF. It is an acronym for Executable Linkable Format.
Now what does this mean, or what the heck, why not what is a file?
Good question. What is a file. It seems so obvious, a file is a set of collected data, but how does the computer know that this piece of data is part of this file and what you've placed in another file is indeed content of this other file.
This has to do with the way the hard disk is made up but also how the main memory or RAM works.
The system implements a file-system. Now what is a file-system? It basically is an index of which regions of the disk are part of one file and which regions are part of another.
Okay, this is on disk, now what about in main memory?
The main memory contains tables which point to places on the disk. These tables are read of fixed places from the disk, or rather partition. For simplicities sake we'll assume the disk to hold only one partition meaning that those terms can nearly be used interchangeably.
So we now have a table of pointers to what? Files? Directories? Other tables?
Well, I'm still investigating this part, but for what I know the table points to files. There can be special files, which are called directories, and other types of files called symbolic links.
A special case is the hard-link which makes 2 pointers point to the same file.
That's fine and all, but how do we get this all from disk to memory? Is it just a matter of reading from a pointer and getting the answer or is there something more complicated going on.
Well, I know it's a little more complicated than that, but I still need to investigate this bit. All I know grub has done some things for me and I can just use a region in memory Grub has given me in which the core image is loaded. I need to parse it my self into the regions where it needs to be.
So the core image needs to be put in some other place than it is in right now. Why is that and how do you do such thing?
The reason why the image needs to be replaced is that it is an ELF image which is more or less compressed. That's fine and all, but this makes that it misses some very important things. One of which is the fact that there is no space reserved for variables, only indicators of where they need to be. Another issue is that I have written my code to go to a fixed place, somewhere very high (or very low, depends on how you look at it) in memory. Grub can't load to this place since it doesn't support virtual memory (at least, it doesn't initialise it for the client, according to the multiboot specifications). This means I need to initialise it my self and put the image there.
I've chosen ELF because it's flexible, but I also could have chosen the plain binary format. That's nice and all, but that also means linking is a bit tougher. Now from a security point of view this isn't necessarily a bad thing, but from a development perspective it could mean that the image is harder to inspect with an object dump.
As to how we do this, it turns out to be quite well documented in the ELF specifications. The ELF header holds pointers to the inside of the file with notes on where the section should go, and all I need to do is put the sections into place. Once that's done, I can (in case of the core image) transfer control to the core image. In the case of an user space application I should probably fork first.
Now to get the image as it is on disk it first needs to be transferred to main memory. Luckily Grub has done all the hard work for me, meaning I can transfer control without the need for a messy hard disk driver.
No comments:
Post a Comment