Open in app

Sign in

Write

Sign in

Let’s Dig Deeper ELF in brief part-1 | 0x05 | Binary Exploitation#6

0xCyberzombie xdev
5 min readJun 8, 2021

Hi friends, in the last blog we have seen about the basics of the x86_64assembly.In this blog, we gonna dig deep inside the file format called ELF. Let’s get started!

What is ELF?

ELF stands for Executable and Linkable Format. At first, it was introduced as the ABI(Application Binary Interface) for “Unix System V” later in 1999 it became a standard binary file format for * NIX-like system and some other devices namely Play Stations, Wii, etc….

ABI(Application Binary Interface)

It lead a way for communication between User-written program and System Library namely Libc library or between operating system. For example, if you're writing a program that makes use of the libc library, in this scenario your program needs to communicate with that library so that your program will execute correctly for this purpose ABI was used.

An ELF

When it comes to ELF, Commonly we use this file format for three types of files. An executable file, Shared Library, and Object file.

Executable file → It holds a program that is suitable for execution. For example our normal executable files

Shared Library → This is nothing but our Libc like libraries which also follows this kind of Binary file format namely ELF it may seems in various extensions like “.so”, “.lib”, “.a” but this only for our convience but they don’t have any major difference

Object file → Object file is a Binary file format that is in the ready to link stage

Before going deeper into those file formats we have to see about some topics.

What is LIBC?

As you may notice, I use the word “libc” in the above sentences, but what does it actually mean?

“The C Standard Library” is commonly named as Libc library, Most of all the functions we used in C is comes from this library file.

Linking

If you don’t have any idea about linking then go and check out my C compilation blog

Linking is the process of merging our program with the system library like Libc, so that it will execute without any error

Let’s make it simple with an example

Here in our first line of code we’ve include Header file<stdio.h> in which the “printf” function is placed but where does <stdio.h> is come from? The answer is from “Libc”, our <stdio.h> header was comes from libc “The C standard Library”. In C language, every function belongs to the respective header file and each header files belong to the LIBC library. Now you may doubt “How many header files does C owns??” The answer is unlimited means you can write your own Header file for your program, but according to C11 standard 29 common header files are placed in the LIBC library.

So in every program that is written by us must be linked with that LIBC library so that it can be run without any error. So here we aim to link our program with a system library called libc, We can do that in two ways that are called Statically Linking and Dynamically Linking

Statically Linking

In the statically linking process, we wrap the libc library into our source code and compile it to create a final executable.

The type of executable made by this kind of linking process is not dependent on any external source at the time of execution. But the size of the output file may be large.

Dynamically Linking

In the dynamically linking process, we link our source code into the system library at only the time of execution, it is also known as runtime linking

The Linux operating system is mostly written in C. So in Linux programs that are in running state also use the libc library, So in this scenario, we will use the running library by linking our source file into it only at the time of execution.

Inside the ELF

For now, we saw about the things which are required to understand the in-depth mechanism of ELF. So now dive deep into it..!!!

When it comes to an ELF file we have to consider three main things that are ELF Header, Segments, Sections. In this blog, we only going to see about the Segments and Sections basics in the next part of this blog we’ll see about the interior mechanism and the magics that are happening behind the screen of ELF.

Segments

Before we going to see it we have to know the difference between the Segments and Sections. So it is valuable to have an ELF Executable file that has Segments alone, Meanwhile, it is also valid to have an Object file that only contains Sections. But it is also valid to have both on an Executable file.

The segment contains data through which our executable file’s data are mapped into main memory(RAM).

At the time of execution, every executable file is mapped into the main memory by following certain Data Structures. So that segment contains data and instructions about the executable file’s and the CPU and Operating system go through it and then all the data are mapped into the main memory. This is the purpose of having a Segment in the ELF executable file.

In a statically linked ELF executable, three common segments take place. Those are Data, Uninitialized data, Code.

Data → In this segment, variables, and constants that we have written in our program are placed

Uninitialized data → If we declare any space for our program that will be placed here, and if we specified and variable that gets input from the user that also present in this segment

Code → In this segment, our actual executable code takes place

But the above things are only for the statically linked binary for dynamically linked binary an additional segment will take place. That is for the system library in which our program will communicate at the time of execution. Here functions like ASLR(Address Space Layout Randomization) are takes place. Remember that in Dynamically linked binary the address of the binary will change in the time of every single execution, but in statically linked binary it will not change for any launch.

Sections

Sections are also like Segments. But the one thing which varies from both of the files is “The place where it is used”. Section files are only used in Object files for the Linking process where Segment files are used by executable files for the execution process.

Sections may present in ELF executable file but must present in the ELF object file. Sections contain data, instructions, symbols by which the linking process was done.

So that's all for today's blog guys. This blog is Part-1, Part-2 is on the way…

Hope you guys enjoy this blog.

And if you have any doubt’s DM me on Twitter: https://twitter.com/0xCyber_Zombie

Join our Discord Server: https://discord.com/invite/UA8mSkSNhV

And don’t forget to Subscribe to my YouTube Channel.

CyberZombie

Hey Hacker's, I'm here with you to share a knowledge about Hacking and IT Security In our Channel we post: 1.Binary…

www.youtube.com

Hacking
Binary Exploitation
Offensive Security
Reverse Engineering
Linux

--

--

0xCyberzombie xdev

Written by 0xCyberzombie xdev

15 Followers

Red Teamer Exploit Development Student

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams