Closed vrmiguel closed 2 months ago
let start = text_section.sh_offset + magic_func.st_value;
This should probably be let start = text_section.sh_offset + (magic_func.st_value - text_section.sh_addr);
.
Print out the bytes you are getting, and compare with the objdump -d
output.
Also, since this function would return me a pointer, I'm assuming I'd also have to fetch the pointer's content in the .so as well, is that correct? I haven't started doing this yet
Yes, and you'd have to adjust the pointer by magic_func.st_value - exec_ptr
because it'll be getting a pointer to the data using relative addressing and you're not running it at the expected address.
Personally, I would disassemble the code instead of executing it. You wouldn't even need a full disassembler, just hard code the instructions that you expect to see.
Hey there @m4b @philipc !
First off, congrats on the awesome crate, it's super impressive. This issue is not a bug or a feature request, I'd like to request a bit of help with the following:
Given an ELF64
.so
of a Postgres extension, I wish to find out which Postgres version the extension was built for. I know that every extension has a function calledPg_magic_func
that returns a pointer to a struct (in .rodata, I assume) that contains this information.In Rust, a
Pg_magic_func
would look something like:Using goblin, here's what I have to parse the ELF and obtain the relevant symbol:
However, I believe I'm struggling a bit to find the function within .TEXT (I figure it's in .text since that's what
objdump
tells me), since the bytes I get don't mean nothing useful once I disassembly them. Is mytext_section
being defined correctly?This is my code to execute those bytes:
The previous works if I pass in shellcode to write "Hello, world" to stdout, for example, so I'm assuming there's nothing wrong there.
Also, since this function would return me a pointer, I'm assuming I'd also have to fetch the pointer's content in the .so as well, is that correct? I haven't started doing this yet
Any help would be useful, and thanks a lot for the crate!