Reputation: 43
How to create an ELF executable from process memory image
First of all, Engilish is not my native language. Please excuse if there are any mistakes.
As stated above, I want to create an ELF executable from process memory image. Up until now, I successfully extracted an ELF Header, Program Headers and a list of Elf64_Dyn structures resides in Dynamic segment. I also restored GOT. However, I can't figure out how to reconstruct section headers.
The problem is when an ELF executable is loaded into memory, section headers are not loaded. If we use a list of Elf64_Dyn structures inside Dynamic segment, we can get .rela* sections' address, GOT's address, string table's address, and so on. However, it doesn't contain addresses for sections like .text and .data. To reconstruct section headers we need section's offset and address, but it seems that there is no way to get these information.
How can I reconstruct section headers properly?
Thanks for your consideration.
Upvotes: 4
Views: 980
Answers (1)
Reputation: 213636
How can I reconstruct section headers properly?
You can't, but you don't have to -- sections (and section headers) are not used at runtime (at least not by the dynamic loader).
You can also run strip --strip-all a.out to remove them from a "normal" ELF binary, which will continue to run just fine.
Upvotes: 2
Related Questions
- Making an executable by running an executable
- Executing binary/elf-file directly from (shared)-memory in C
- How to convert an ELF executable to C code? The generated C code need not be human-readable
- How is a process created from an ELF file?
- Linux executable memory mapping
- ELF binary from memory
- Intel binary to ELF
- Creating ELF binaries without using libelf or other libraries
- How do I load and execute an ELF binary executable manually?
- Creating new ELF executable file