Hi friends, In this blog, we gonna see about the file format that we mostly deal in Binary Exploitation, ELF. Let’s get started
What is ELF?
ELF stands for Executable and Linkable Format. At first, it was introduced as the ABI(Application Binary Interface) for “Unix System V” later in 1999 it became a standard binary file format for * NIX-like system and some other devices namely Play Stations, Wii, etc….
ABI(Application Binary Interface)
It leads a way for communication between User-written program and System Library namely Libc library or between operating systems. For example, if you’re writing a program that makes use of the libc library, in this scenario your program needs to communicate with that library so that your program will execute correctly for this purpose ABI was used.
When it comes to ELF, Commonly we use this file format for three types of files. An Executable file, Shared Library, and Object file.
Executable file → It holds a program that is suitable for execution. For example our normal executable files
Shared Library → This is nothing but our Libc like libraries which also follows this kind of file format namely ELF it may seem in various extensions like “.so”, “.lib”, “.a” but this is only for our convenience but they don’t have any major difference
Object file → Object file is a Binary file format that is in the ready to link stage
Before going deeper into those file formats we have to see about some topics.
What is LIBC?
As you may notice, I use the word “libc” in the above sentences, but what does it actually mean?
“The C Standard Library” is commonly named as Libc library, Most of all the functions we used in C is comes from this library file.
Linking is the process of merging our program with the system library like Libc so that it will execute without any error
Let’s make it simple with an example
Here in our first line of code we’ve include Header file<stdio.h> in which the “printf” function is placed but where does <stdio.h> is come from? The answer is from “Libc”, our <stdio.h> header was comes from libc “The C standard Library”. In C language, every function belongs to the respective header file and each header files belong to the LIBC library. Now you may doubt “How many header files does C owns??” The answer is unlimited means you can write your own Header file for your program, but according to C11 standard 29 common header files are placed in the LIBC library.
So in every program that is written by us, it must be linked with that LIBC library to be run without any error. So here we aim to link our program with a system library called libc, We can do that in two ways that are called Statically Linking and Dynamically Linking
We wrap the libc library into our source code and compile it to create a final executable in the statically linking process.
The type of executable made by this kind of linking process is not dependent on any external source at the time of execution. But the size of the output file may be large.
In the dynamically linking process, we link our source code into the system library at only the time of execution, it is also known as runtime linking.
The Linux operating system is mostly written in C. So in Linux programs that are in running state also use the libc library, So in this scenario, we will use the running library by linking our source file into it only at the time of execution.
Inside the ELF
For now, we saw about the things which are required to understand the in-depth mechanism of ELF. So now dive deep into it..!!!
When it comes to an ELF file, we have to consider three main things: ELF Header, Segments, Sections. In this blog, we only going to see about the Segments and Sections basics in the next part of this blog we’ll see about the interior mechanism and the magics that are happening behind the screen of ELF.
Before we going to see it we have to know the difference between the Segments and Sections. So it is valuable to have an ELF Executable file that has Segments alone, Meanwhile, it is also valid to have an Object file that only contains Sections. But it is also valid to have both on an Executable file.
The segment contains data through which our executable file’s data are mapped into main memory(RAM).
At the time of execution, every executable file is mapped into the main memory by following certain Data Structures. So that segment contains data and instructions about the executable file’s and the CPU and Operating system go through it and then all the data are mapped into the main memory. This is the purpose of having a Segment in the ELF executable file.
In a statically linked ELF executable, three common segments take place. Those are Data, Uninitialized data, Code.
Data → In this segment, variables, and constants that we have written in our program are placed
Uninitialized data → If we declare any space for our program that will be placed here, and if we specified and variable that gets input from the user that is also present in this segment
Code → In this segment, our actual executable code takes place
But the above things are only for the statically linked binary for dynamically linked binary an additional segment will take place. That is for the system library in which our program will communicate at the time of execution. Here functions like ASLR(Address Space Layout Randomization) are takes place. Remember that in Dynamically linked binary the address of the binary will change in the time of every single execution, but in statically linked binary it will not change for any launch.
Sections are also like Segments. But the one thing which varies from both of the files is “The place where it is used”. Section files are only used in Object files for the Linking process where Segment files are used by executable files for the execution process.
Sections may be present in ELF executable file but must be present in the ELF object file. Sections contain data, instructions, symbols by which the linking process was done.
So that’s all for today’s blog guys. This blog is Part-1, Part-2 is on the way…
And if you have any queries DM me on Twitter: https://twitter.com/0xCyber_Zombie
I hope this blog gave you some information.
See you guys in the next blog bye, peace!