Develop Reference

ELF section identification

In an ELF executable file, I over-wrote all the section names by zero-valued bytes. Even then, the file can be linked and executed correctly. How does the OS identify various sections like the symbols-table, etc. in the file? I was under the impression that the section names serve this purpose. A related question is that what is the use of section names then?

I over-wrote all the section names ...
... the file can be linked ... correctly.
Unlike the object files used in 32-bit Windows, the section names in ELF object files are ignored if no linker script is used.
Each "PROGBITS" section contains flags that specify if the section is writeable, executable and/or not even part of the image (debug information).
(Actually, the object files used by Windows also have such flags, but they are typically set to 0 and the section name is used to distinguish between code and data sections.)
For other section types (such as symbol tables) it is clear how they have to be handled anyway.
... the file can be ... executed correctly.
For executable files and shared libraries, the sections are ignored anyway. Instead, the "program headers" of the file are used.
A "program header" tells the OS that a certain address range in the file must be loaded to memory. A "program header" may cover multiple sections. And "program headers" don't have names.
Example:
Sections:
Name Address Offset in file Length
.text 0x10100 0x100 0x30 read-only
.rodata 0x10130 0x130 0x20 read-only
.data 0x20250 0x150 0x10 read-write
.sdata 0x20260 0x160 0x10 read-write
Program headers:
Address Offset in file Length
0x10100 0x100 0x50 read-only
0x20250 0x150 0x20 read-write

what's the meaning of ENTRY statement in entry.S in Linux kernel for i386

for example in entry.S
ENTRY(ret_from_fork)
pushl %eax
call schedule_tail
GET_THREAD_INFO(%ebp)
popl %eax
jmp syscall_exit
so what's the syntax of ENTRY in as language?
I think all the directive of as is start with . and the ENTRY also doesn't look like a macro
can anyone tell me about the ENTRY is what? if it is defined in Linux source code could anyone indicate the location or if it is a syntax in as can someone tell me where i can find the specific description of this use!
Thanks!

Not sure why you say it doesn't look like a macro, because that's exactly how macros look like. And indeed it is a macro defined in include/linux/linkage.h as follows:
#ifndef ENTRY
#define ENTRY(name) \
.globl name ASM_NL \
ALIGN ASM_NL \
name:
#endif

I think that's an assembler directive .
As per my knowledge ENTRY assembler directive is used when we use Keil assembler.
That's actually the entry point of a application.
The way we have _start or _main entry point in assembly code when we use GNU assembler.

How to change the entry point of gcc generated asm code?

This experiment is on the 32 bit Linux.
I want to do a transformation on the asm level, and I am trying to implement
my transformation before the function main is called.
Currently I am trying to program a new entry point, implement my transformation code,
and hope this new entry point can successfully call main
Basically the default entry point of gcc generated assembly code is main, which I give an example as follow:
c code:
int main()
{
return 0;
}
I use this command to generate asm code:
gcc -masm=intel -fno-asynchronous-unwind-tables -S main.c
and this is what I got:
.file "main.c"
.intel_syntax noprefix
.text
.globl main
.type main, #function
main:
push ebp
mov ebp, esp
mov eax, 0
pop ebp
ret
.size main, .-main
.ident "GCC: (Ubuntu/Linaro 4.6.3-1ubuntu5) 4.6.3"
.section .note.GNU-stack,"",#progbits
Could anyone tell me how to implement a new entry point(probably a function similiar like _start) and call main at the end of this new entry point?
Thank you!

I doubt you should replace _start() because it's very platform- and libc-specific. Either you write all code in assembler and so you don't need libc-specific initialization, or you should copy all _start() activity including things you aren't aware. The latter looks simply bogus.
If you agree not to replace start() but use a mechanism to run some code before main(), declare a function with __attribute__((constructor)). This is documented GCC extension and it's actively used e.g. for static object initializing in C++. Such function can't get arguments or return a real value, nor shall it override control flow in another way. I can't catch what you mean for "transformation" so it can contradict to your intention; if so, you would have explained this more detailedly.

ASM to push function arguments to the stack

I'm trying to port a program to x64 using vs2008. The problem is, however, that the is some inline asm code that is not supported on x64. This asm code is used to push arguments with unknown type or number to functions from dll. It is an interpeter based program in which you can specify a function to use from a certain dll and the program pushes the arguments and calles the function at compile time.
Using various sources I've concluded that generating seperate .asm files that contain asm functions which can be compiled unsing masm and their obj files linked to vs2008. Using different files for x86 and x64 the program builds for both problems. The problem is however, that the functions do not replicate what the inline asm is doing.
I converted the following inline code, for example:
double a = Evaluate(arg[i]).num;
_asm push a + 4
_asm push a
j += 8;
To:
double a = Evaluate(arg[i]).num;
EvaluateFuncArgFloat(a);
j += 8;
With the follwoing .asm file:
TITLE EvaluateFuncArgFloat (evaluate_asm.asm)
.386
.model flat, C
.code
EvaluateFuncArgFloat PROC a:DWORD
push a + 4
push a
ret
EvaluateFuncArgFloat ENDP
END
This does not do what I'm expecting. The double simply does not end up in the function as it did when using inline asm.
My guess is that there is a small error or something I've left out, but after many tries I can't seem to get it to work. Hopefully someone can help me with this problem, it is very much appriciated.

A sneaky way to do this could be
EvaluateFuncArgFloat PROC a:DWORD
pop eax ;ret address popped to a safe register (if not ax/eax)
push a + 4
push a
push eax ;ret address back at top of stack
ret
EvaluateFuncArgFloat ENDP
The problem is you've pushed 2 numbers onto the stack and not removed them a+4 and a
Presumably another part of your original code deals with this in the original program

GNU linker script: Selective Run address(VMA) allocation

Iam writing a GNU linker script file and need a nudge in the right direction for the following problem.
The device for which the linker script is being created has flash for hosting text and rodata. It has also SRAM for hosting Data and BSS.
I have created variants of linker script which has:
- CODE and RODATA loaded into flash while DATA and BSS are in SRAM
- CODE, RODATA, DATA and BSS in SRAM
These work fine.
I must now create a variant of the linker script which has a majority of TEXT in flash. But certain routines with names ending with a well known suffix are to be loaded into SRAM.
For example, I would like Func1IRAMCode() and Func2__IRAMCode() to be loaded into SRAM section while every other function that does not have a IRAMCode suffix must be loaded into flash.
For portability reasons, I wont attach attribute(section) to these SRAM functions.
Here is where am stumbling.
The text section has the following rule:
.text :
{
*(.text .text.* .gnu.linkonce.t.*);
} > FLASH
.Misc :
{
* (.text.*IRAMCode);
} > SRAM
.data and .bss sections are defined seperately.
Problem is that *IRAMCode() are getting assigned flash addresses.
What is the syntax to exclude *IRAMCode from text section?
How have you solved this problem in your projects?

A way to do this, is to put your functions in another section (for example .sram.text ), to do this, use the section attribute of gcc for each specific function ( ex : __attribute__ (( section ".sram.text")) .
Thus, it will be very easy to wildcard the desired section to the SRAM.