Open brandonros opened 1 year ago
sha0coder
commented
1 year ago UML emulation, interesting, good opportunity to improve algorithms.
uml is dynamic-linked which is not supported for now, one option is compile it statically. For emulating UML is necessary to implement dynamic-linking and crafting the GOT I'm working on it. It's like the IAT binding of windows but the linux relocations.
sha0coder
commented
1 year ago Ok the strtab sometimes is vaddr instead of file offset, fixed.
~/s/scemu ❯❯❯ target/release/scemu -f '/home/sha0/Downloads/Telegram Desktop/uml/linux-user-mode/linux-6.2.2-uml-vmlinux' -6 -vv -c 11
initializing regs
loading memory maps
elf64 detected.
loading map elf64 0x0 sz:0
loading map elf64.interp 0x600002a8 sz:28
loading map elf64.init.text 0x60001000 sz:104002
loading map elf64.gnu.hash 0x6001b000 sz:1228
loading map elf64.dynsym 0x6001b4d0 sz:3456
loading map elf64.dynstr 0x6001c250 sz:1336
loading map elf64.gnu.version 0x6001c788 sz:288
loading map elf64.gnu.version_r 0x6001c8a8 sz:256
loading map elf64.rela.got 0x6001c9a8 sz:48
loading map elf64.rela.bss 0x6001c9d8 sz:48
loading map elf64.rela.plt 0x6001ca08 sz:3336
loading map elf64.init 0x6001d710 sz:23
loading map elf64.plt 0x6001d730 sz:2240
loading map code 0x6001dff0 sz:3534864
loading map elf64.syscall_stub 0x6037d000 sz:246
loading map elf64.fini 0x6037d0f8 sz:9
loading map elf64.rodata 0x6037e000 sz:876192
loading map elf64.eh_frame_hdr 0x60453ea0 sz:149524
loading map elf64__ksymtab 0x604786b8 sz:74448
loading map elf64__ksymtab_gpl 0x6048a988 sz:42168
loading map elf64__ksymtab_strings 0x60494e40 sz:86019
loading map elf64__param 0x604a9e48 sz:2200
loading map elf64__modver 0x604aa6e0 sz:72
loading map elf64.notes 0x604aa728 sz:116
loading map elf64__ex_table 0x604ab000 sz:48
loading map elf64.uml.setup.init 0x604ab030 sz:240
loading map elf64.uml.help.init 0x604ab120 sz:184
loading map elf64.uml.postsetup.init 0x604ab1d8 sz:8
loading map elf64.init.setup 0x604ab1e0 sz:2256
loading map elf64.data..percpu 0x604ac000 sz:0
loading map elf64.initcall.init 0x604ac000 sz:1808
loading map elf64.con_initcall.init 0x604ac710 sz:8
loading map elf64.uml.exitcall 0x604ac718 sz:72
loading map elf64.altinstructions 0x604ac760 sz:72
loading map elf64.altinstr_replacement 0x604ac7a8 sz:15
loading map elf64.init_array 0x604ac7b8 sz:8
loading map elf64init.data 0x604ad000 sz:46400
loading map elf64.data 0x604b8540 sz:309248
loading map elf64.eh_frame 0x60503d40 sz:652764
loading map elf64.dynamic 0x605a3320 sz:496
loading map elf64.got 0x605a3510 sz:1152
loading map elf64.bss 0x605a39c0 sz:170964
loading map elf64.debug_aranges 0x0 sz:56096
loading map elf64.debug_info 0x0 sz:49673760
loading map elf64.debug_abbrev 0x0 sz:1727486
loading map elf64.debug_line 0x0 sz:6710949
loading map elf64.debug_str 0x0 sz:1390110
loading map elf64.debug_loc 0x0 sz:13190828
loading map elf64.debug_ranges 0x0 sz:3700832
loading map elf64.comment 0x0 sz:39
loading map elf64.symtab 0x0 sz:1013112
loading map elf64.strtab 0x0 sz:758203
loading map elf64.shstrtab 0x0 sz:552
lib: libutil.so.1
lib: librt.so.1
lib: libpthread.so.0
lib: libc.so.6
dynamic library libutil.so.1
loading map libutil.so.1 0x0 sz:0
loading map libutil.so.1.note.gnu.build-id 0x238 sz:36
loading map libutil.so.1.note.ABI-tag 0x25c sz:32
loading map libutil.so.1.gnu.hash 0x280 sz:92
loading map libutil.so.1.dynsym 0x2e0 sz:1008
loading map libutil.so.1.dynstr 0x6d0 sz:438
loading map libutil.so.1.gnu.version 0x886 sz:84
loading map libutil.so.1.gnu.version_d 0x8e0 sz:56
loading map libutil.so.1.gnu.version_r 0x918 sz:64
loading map libutil.so.1.rela.dyn 0x958 sz:192
loading map libutil.so.1.rela.plt 0xa18 sz:696
loading map libutil.so.1.init 0x1000 sz:23
loading map libutil.so.1.plt 0x1020 sz:480
loading map libutil.so.1.plt.got 0x1200 sz:8
loading map libutil.so.1.text 0x1210 sz:2440
loading map libutil.so.1.fini 0x1b98 sz:9
loading map libutil.so.1.rodata 0x2000 sz:34
loading map libutil.so.1.eh_frame_hdr 0x2024 sz:92
loading map libutil.so.1.eh_frame 0x2080 sz:592
loading map libutil.so.1.hash 0x22d0 sz:472
loading map libutil.so.1.init_array 0x3db8 sz:8
loading map libutil.so.1.fini_array 0x3dc0 sz:8
loading map libutil.so.1.dynamic 0x3dc8 sz:528
loading map libutil.so.1.got 0x3fd8 sz:40
loading map libutil.so.1.got.plt 0x4000 sz:256
loading map libutil.so.1.data 0x4100 sz:8
loading map libutil.so.1.bss 0x4108 sz:8
loading map libutil.so.1.gnu_debuglink 0x0 sz:52
loading map libutil.so.1.shstrtab 0x0 sz:260
dynamic library librt.so.1
loading map librt.so.1 0x0 sz:0
loading map librt.so.1.note.gnu.build-id 0x238 sz:36
loading map librt.so.1.note.ABI-tag 0x25c sz:32
loading map librt.so.1.gnu.hash 0x280 sz:560
loading map librt.so.1.dynsym 0x4b0 sz:2592
loading map librt.so.1.dynstr 0xed0 sz:1365
loading map librt.so.1.gnu.version 0x1426 sz:216
loading map librt.so.1.gnu.version_d 0x1500 sz:200
loading map librt.so.1.gnu.version_r 0x15c8 sz:160
loading map librt.so.1.rela.dyn 0x1668 sz:240
loading map librt.so.1.rela.plt 0x1758 sz:1320
loading map librt.so.1.init 0x2000 sz:23
loading map librt.so.1.plt 0x2020 sz:896
loading map librt.so.1.plt.got 0x23a0 sz:8
loading map librt.so.1.text 0x23b0 sz:12796
loading map librt.so.1__libc_freeres_fn 0x55b0 sz:61
loading map librt.so.1.fini 0x55f0 sz:9
loading map librt.so.1.rodata 0x6000 sz:855
loading map librt.so.1.eh_frame_hdr 0x6358 sz:556
loading map librt.so.1.eh_frame 0x6588 sz:2560
loading map librt.so.1.gcc_except_table 0x6f88 sz:23
loading map librt.so.1.hash 0x6fa0 sz:1244
loading map librt.so.1.init_array 0x8d90 sz:8
loading map librt.so.1.fini_array 0x8d98 sz:8
loading map librt.so.1__libc_subfreeres 0x8da0 sz:8
loading map librt.so.1.dynamic 0x8da8 sz:560
loading map librt.so.1.got 0x8fd8 sz:40
loading map librt.so.1.got.plt 0x9000 sz:464
loading map librt.so.1.data 0x91e0 sz:140
loading map librt.so.1.bss 0x9280 sz:2400
loading map librt.so.1.gnu_debuglink 0x0 sz:52
loading map librt.so.1.shstrtab 0x0 sz:314
dynamic library libpthread.so.0
loading map libpthread.so.0 0x0 sz:0
loading map libpthread.so.0.note.gnu.build-id 0x2a8 sz:36
loading map libpthread.so.0.note.ABI-tag 0x2cc sz:32
loading map libpthread.so.0.gnu.hash 0x2f0 sz:3372
loading map libpthread.so.0.dynsym 0x1020 sz:8664
loading map libpthread.so.0.dynstr 0x31f8 sz:5393
loading map libpthread.so.0.gnu.version 0x470a sz:722
loading map libpthread.so.0.gnu.version_d 0x49e0 sz:488
loading map libpthread.so.0.gnu.version_r 0x4bc8 sz:160
loading map libpthread.so.0.rela.dyn 0x4c68 sz:1416
loading map libpthread.so.0.rela.plt 0x51f0 sz:2040
loading map libpthread.so.0.init 0x6000 sz:14
loading map libpthread.so.0.plt 0x6010 sz:1376
loading map libpthread.so.0.plt.got 0x6570 sz:8
loading map libpthread.so.0.text 0x6580 sz:60193
loading map libpthread.so.0.fini 0x150a4 sz:9
loading map libpthread.so.0.rodata 0x16000 sz:4598
loading map libpthread.so.0.interp 0x17200 sz:28
loading map libpthread.so.0.eh_frame_hdr 0x1721c sz:2388
loading map libpthread.so.0.eh_frame 0x17b70 sz:11248
loading map libpthread.so.0.hash 0x1a760 sz:4212
loading map libpthread.so.0.init_array 0x1cc08 sz:16
loading map libpthread.so.0.fini_array 0x1cc18 sz:8
loading map libpthread.so.0.data.rel.ro 0x1cc20 sz:336
loading map libpthread.so.0.dynamic 0x1cd70 sz:560
loading map libpthread.so.0.got 0x1cfa0 sz:72
loading map libpthread.so.0.got.plt 0x1d000 sz:704
loading map libpthread.so.0.data 0x1d2c0 sz:80
loading map libpthread.so.0.bss 0x1d320 sz:16720
loading map libpthread.so.0.gnu.warning.pthread_attr_getstackaddr 0x0 sz:82
loading map libpthread.so.0.gnu.warning.pthread_attr_setstackaddr 0x0 sz:82
loading map libpthread.so.0.gnu_debuglink 0x0 sz:52
loading map libpthread.so.0.symtab 0x0 sz:17952
loading map libpthread.so.0.strtab 0x0 sz:13229
loading map libpthread.so.0.shstrtab 0x0 sz:375
dynamic library libc.so.6
loading map libc.so.6 0x0 sz:0
loading map libc.so.6.note.gnu.build-id 0x2e0 sz:36
loading map libc.so.6.note.ABI-tag 0x304 sz:32
loading map libc.so.6.gnu.hash 0x328 sz:15540
loading map libc.so.6.dynsym 0x3fe0 sz:56880
loading map libc.so.6.dynstr 0x11e10 sz:24769
loading map libc.so.6.gnu.version 0x17ed2 sz:4740
loading map libc.so.6.gnu.version_d 0x19158 sz:1136
loading map libc.so.6.gnu.version_r 0x195c8 sz:48
loading map libc.so.6.rela.dyn 0x195f8 sz:31272
loading map libc.so.6.rela.plt 0x21020 sz:1128
loading map libc.so.6.plt 0x22000 sz:768
loading map libc.so.6.plt.got 0x22300 sz:32
loading map libc.so.6.text 0x22320 sz:1408281
loading map libc.so.6__libc_freeres_fn 0x17a040 sz:3660
loading map libc.so.6.rodata 0x17b000 sz:149064
loading map libc.so.6.interp 0x19f650 sz:28
loading map libc.so.6.eh_frame_hdr 0x19f66c sz:25676
loading map libc.so.6.eh_frame 0x1a5ab8 sz:131624
loading map libc.so.6.gcc_except_table 0x1c5ce0 sz:1051
loading map libc.so.6.hash 0x1c6100 sz:13556
loading map libc.so.6.tdata 0x1ca768 sz:16
loading map libc.so.6.tbss 0x1ca778 sz:128
loading map libc.so.6.init_array 0x1ca778 sz:16
loading map libc.so.6__libc_subfreeres 0x1ca788 sz:240
loading map libc.so.6__libc_atexit 0x1ca878 sz:8
loading map libc.so.6__libc_IO_vtables 0x1ca880 sz:3432
loading map libc.so.6.data.rel.ro 0x1cb600 sz:9600
loading map libc.so.6.dynamic 0x1cdb80 sz:480
loading map libc.so.6.got 0x1cdd60 sz:664
loading map libc.so.6.got.plt 0x1ce000 sz:400
loading map libc.so.6.data 0x1ce1a0 sz:5632
loading map libc.so.6.bss 0x1cf7a0 sz:16096
loading map libc.so.6.gnu.warning.sigstack 0x0 sz:77
loading map libc.so.6.gnu.warning.sigreturn 0x0 sz:50
loading map libc.so.6.gnu.warning.siggetmask 0x0 sz:57
loading map libc.so.6.gnu.warning.tmpnam 0x0 sz:55
loading map libc.so.6.gnu.warning.tmpnam_r 0x0 sz:57
loading map libc.so.6.gnu.warning.tempnam 0x0 sz:56
loading map libc.so.6.gnu.warning.sys_errlist 0x0 sz:68
loading map libc.so.6.gnu.warning.sys_nerr 0x0 sz:65
loading map libc.so.6.gnu.warning.gets 0x0 sz:57
loading map libc.so.6.gnu.warning.getpw 0x0 sz:58
loading map libc.so.6.gnu.warning.re_max_failures 0x0 sz:61
loading map libc.so.6.gnu.warning.lchmod 0x0 sz:47
loading map libc.so.6.gnu.warning.getwd 0x0 sz:122
loading map libc.so.6.gnu.warning.sstk 0x0 sz:45
loading map libc.so.6.gnu.warning.revoke 0x0 sz:47
loading map libc.so.6.gnu.warning.mktemp 0x0 sz:68
loading map libc.so.6.gnu.warning.gtty 0x0 sz:45
loading map libc.so.6.gnu.warning.stty 0x0 sz:45
loading map libc.so.6.gnu.warning.chflags 0x0 sz:48
loading map libc.so.6.gnu.warning.fchflags 0x0 sz:49
loading map libc.so.6.gnu.warning.__compat_bdflush 0x0 sz:57
loading map libc.so.6.gnu.warning.__gets_chk 0x0 sz:57
loading map libc.so.6.gnu.warning.inet6_option_space 0x0 sz:60
loading map libc.so.6.gnu.warning.inet6_option_init 0x0 sz:59
loading map libc.so.6.gnu.warning.inet6_option_append 0x0 sz:61
loading map libc.so.6.gnu.warning.inet6_option_alloc 0x0 sz:60
loading map libc.so.6.gnu.warning.inet6_option_next 0x0 sz:59
loading map libc.so.6.gnu.warning.inet6_option_find 0x0 sz:59
loading map libc.so.6.gnu.warning.setlogin 0x0 sz:49
loading map libc.so.6.gnu_debuglink 0x0 sz:52
loading map libc.so.6.shstrtab 0x0 sz:1043
----- emulation -----
1 0x6001dff0: xor ebp,ebp
2 0x6001dff2: mov r9,rdx
3 0x6001dff5: pop rsi ;0x1
4 0x6001dff6: mov rdx,rsp
5 0x6001dff9: and rsp,0FFFFFFFFFFFFFFF0h
6 0x6001dffd: push rax ;0x0
7 0x6001dffe: push rsp ;0x7fffffffe268
8 0x6001dfff: mov r8,6036F8B0h
9 0x6001e006: mov rcx,6036F850h
10 0x6001e00d: mov rdi,60004436h
-------
11 0x6001e014: call qword ptr [605A3988h]
--- console ---
=>mn
address=>0x605A3988
map: elf64.got 0x605a3510-0x605a3990 (1152)GOT is not yet crafted, i have to learn more to implement it.
@sha0coder and I have weird, silly, sick, twisted idea from aarch64 Apple M1/M2 Mac to be able to "cross compile" to
x86_64-apple-darwinRust triple and then see how far we can get running Linux User Mode kernel ELFhttps://en.wikipedia.org/wiki/User-mode_Linux
https://www.kernel.org/doc/html/v5.9/virt/uml/user_mode_linux.html
Obviously we don't expect this to actually work very far but... it'll be interesting to see how close we can get/where it will fail.