2006年12月15日星期五

被strip -s处理过的程序为什么还可以进行共享库注入

有人问的一个问题,
“被strip -s处理过的程序为什么还可以进行共享库注射?难道符号信息还存在吗?”
,下面是一个简单的回答:

strip删除的只是符号表的一部分,符号表由两个section组成,分别是.dynsym和.symtab,strip删除的只是后者,对于可重定位相关的部分,其并未删除。看下面的例子:
grip2@linux:~> readelf -s foo_strip
Symbol table '.dynsym' contains 7 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 600 FUNC GLOBAL DEFAULT UND sleep@GLIBC_2.0 (2)
2: 00000000 232 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (2)
3: 00000000 54 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.0 (2)
4: 08048554 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used
5: 00000000 49 FUNC GLOBAL DEFAULT UND sprintf@GLIBC_2.0 (2)
6: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__

grip2@linux:~> readelf -s foo
Symbol table '.dynsym' contains 7 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 600 FUNC GLOBAL DEFAULT UND sleep@GLIBC_2.0 (2)
2: 00000000 232 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (2)
3: 00000000 54 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.0 (2)
4: 08048554 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used
5: 00000000 49 FUNC GLOBAL DEFAULT UND sprintf@GLIBC_2.0 (2)
6: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__

Symbol table '.symtab' contains 122 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 08048134 0 SECTION LOCAL DEFAULT 1
2: 08048148 0 SECTION LOCAL DEFAULT 2
3: 08048168 0 SECTION LOCAL DEFAULT 3
4: 08048180 0 SECTION LOCAL DEFAULT 4
5: 080481b0 0 SECTION LOCAL DEFAULT 5
6: 08048220 0 SECTION LOCAL DEFAULT 6
7: 08048274 0 SECTION LOCAL DEFAULT 7
8: 08048284 0 SECTION LOCAL DEFAULT 8
9: 080482a4 0 SECTION LOCAL DEFAULT 9
10: 080482ac 0 SECTION LOCAL DEFAULT 10
11: 080482cc 0 SECTION LOCAL DEFAULT 11
12: 080482e4 0 SECTION LOCAL DEFAULT 12
13: 08048340 0 SECTION LOCAL DEFAULT 13
14: 08048534 0 SECTION LOCAL DEFAULT 14
15: 08048550 0 SECTION LOCAL DEFAULT 15
16: 08049564 0 SECTION LOCAL DEFAULT 16
17: 08049570 0 SECTION LOCAL DEFAULT 17
18: 08049574 0 SECTION LOCAL DEFAULT 18
19: 0804963c 0 SECTION LOCAL DEFAULT 19
20: 08049644 0 SECTION LOCAL DEFAULT 20
21: 0804964c 0 SECTION LOCAL DEFAULT 21
22: 08049650 0 SECTION LOCAL DEFAULT 22
23: 08049670 0 SECTION LOCAL DEFAULT 23
24: 00000000 0 SECTION LOCAL DEFAULT 24
25: 00000000 0 SECTION LOCAL DEFAULT 25
26: 00000000 0 SECTION LOCAL DEFAULT 26
27: 00000000 0 SECTION LOCAL DEFAULT 27
28: 00000000 0 SECTION LOCAL DEFAULT 28
29: 00000000 0 SECTION LOCAL DEFAULT 29
30: 00000000 0 SECTION LOCAL DEFAULT 30
31: 00000000 0 SECTION LOCAL DEFAULT 31
32: 00000000 0 SECTION LOCAL DEFAULT 32
33: 00000000 0 SECTION LOCAL DEFAULT 33
34: 00000000 0 SECTION LOCAL DEFAULT 34
35: 00000000 0 SECTION LOCAL DEFAULT 35
36: 00000000 0 SECTION LOCAL DEFAULT 36
37: 00000000 0 FILE LOCAL DEFAULT ABS
38: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
39: 00000000 0 FILE LOCAL DEFAULT ABS
40: 00000000 0 FILE LOCAL DEFAULT ABS
41: 00000000 0 FILE LOCAL DEFAULT ABS abi-note.S
42: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
43: 00000000 0 FILE LOCAL DEFAULT ABS abi-note.S
44: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
45: 00000000 0 FILE LOCAL DEFAULT ABS abi-note.S
46: 00000000 0 FILE LOCAL DEFAULT ABS
47: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
48: 00000000 0 FILE LOCAL DEFAULT ABS
49: 00000000 0 FILE LOCAL DEFAULT ABS
50: 00000000 0 FILE LOCAL DEFAULT ABS abi-note.S
51: 00000000 0 FILE LOCAL DEFAULT ABS suse-note.S
52: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
53: 00000000 0 FILE LOCAL DEFAULT ABS suse-note.S
54: 00000000 0 FILE LOCAL DEFAULT ABS
55: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
56: 00000000 0 FILE LOCAL DEFAULT ABS
57: 00000000 0 FILE LOCAL DEFAULT ABS
58: 00000000 0 FILE LOCAL DEFAULT ABS suse-note.S
59: 00000000 0 FILE LOCAL DEFAULT ABS init.c
60: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
61: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
62: 00000000 0 FILE LOCAL DEFAULT ABS initfini.c
63: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
64: 00000000 0 FILE LOCAL DEFAULT ABS
65: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
66: 00000000 0 FILE LOCAL DEFAULT ABS
67: 00000000 0 FILE LOCAL DEFAULT ABS
68: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
69: 08048364 0 FUNC LOCAL DEFAULT 13 call_gmon_start
70: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
71: 0804963c 0 OBJECT LOCAL DEFAULT 19 __CTOR_LIST__
72: 08049644 0 OBJECT LOCAL DEFAULT 20 __DTOR_LIST__
73: 0804964c 0 OBJECT LOCAL DEFAULT 21 __JCR_LIST__
74: 0804956c 0 OBJECT LOCAL DEFAULT 16 p.0
75: 08049670 1 OBJECT LOCAL DEFAULT 23 completed.1
76: 08048390 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux
77: 080483d0 0 FUNC LOCAL DEFAULT 13 frame_dummy
78: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
79: 08049640 0 OBJECT LOCAL DEFAULT 19 __CTOR_END__
80: 08049648 0 OBJECT LOCAL DEFAULT 20 __DTOR_END__
81: 08049570 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__
82: 0804964c 0 OBJECT LOCAL DEFAULT 21 __JCR_END__
83: 08048510 0 FUNC LOCAL DEFAULT 13 __do_global_ctors_aux
84: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
85: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
86: 00000000 0 FILE LOCAL DEFAULT ABS initfini.c
87: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
88: 00000000 0 FILE LOCAL DEFAULT ABS
89: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
90: 00000000 0 FILE LOCAL DEFAULT ABS
91: 00000000 0 FILE LOCAL DEFAULT ABS
92: 00000000 0 FILE LOCAL DEFAULT ABS /usr/src/packages/BUILD/g
93: 00000000 0 FILE LOCAL DEFAULT ABS t.c
94: 00000000 0 FILE LOCAL DEFAULT ABS elf-init.c
95: 08049574 0 OBJECT GLOBAL DEFAULT 18 _DYNAMIC
96: 08048550 4 OBJECT GLOBAL DEFAULT 15 _fp_hw
97: 08049564 0 NOTYPE GLOBAL DEFAULT ABS __fini_array_end
98: 08049568 0 OBJECT GLOBAL HIDDEN 16 __dso_handle
99: 08048440 98 FUNC GLOBAL DEFAULT 13 __libc_csu_fini
100: 080482cc 0 FUNC GLOBAL DEFAULT 11 _init
101: 08048340 0 FUNC GLOBAL DEFAULT 13 _start
102: 00000000 600 FUNC GLOBAL DEFAULT UND sleep@@GLIBC_2.0
103: 08049564 0 NOTYPE GLOBAL DEFAULT ABS __fini_array_start
104: 080484b0 88 FUNC GLOBAL DEFAULT 13 __libc_csu_init
105: 08049670 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
106: 080483fc 67 FUNC GLOBAL DEFAULT 13 main
107: 00000000 232 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_
108: 08049564 0 NOTYPE GLOBAL DEFAULT ABS __init_array_end
109: 08049564 0 NOTYPE WEAK DEFAULT 16 data_start
110: 00000000 54 FUNC GLOBAL DEFAULT UND printf@@GLIBC_2.0
111: 08048534 0 FUNC GLOBAL DEFAULT 14 _fini
112: 08049670 0 NOTYPE GLOBAL DEFAULT ABS _edata
113: 08048508 0 FUNC GLOBAL HIDDEN 13 __i686.get_pc_thunk.bx
114: 08049650 0 OBJECT GLOBAL DEFAULT 22 _GLOBAL_OFFSET_TABLE_
115: 08049674 0 NOTYPE GLOBAL DEFAULT ABS _end
116: 08049564 0 NOTYPE GLOBAL DEFAULT ABS __init_array_start
117: 08048554 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used
118: 00000000 49 FUNC GLOBAL DEFAULT UND sprintf@@GLIBC_2.0
119: 08049564 0 NOTYPE GLOBAL DEFAULT 16 __data_start
120: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
121: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
发帖者 时间:

没有评论:

发表评论

订阅: 博文评论 (Atom)