JRR Tolkien fan alert: ELF's companion debugging format, an intimate friend, is called DWARF. Executable and Linkable Format (ELF)http://www./~breadbox/software/ELF.txt The spec. Same thing in PDF for bedside reading: 1 or 2 A simple guided tour to the "mess" behind a Hello World program: http://www.lisha./teaching/os/exercise/hello.html Cheating the ELF, the grugqhttp://althing.cs./local/subversiveld.pdf A useful and less painful introduction to dynamic linking and subverting thereof for exploitation purposes. Shared library redirection via ELF PLT Infection, Silvio CesareA classic article that explains the Procedure Linkage Table design and manipulation A Whirlwind Tutorial on Creating Really Teensy ELF Executables for Linuxhttp://www./~breadbox/software/tiny/teensy.html This tutorial explains how to make the smallest possible ELF executable by manipulating the standard ELF headers, which it explains in detail. Reverse Engineering Linux x86 Binaries, Sean Burfordhttp://www./meetings/reveng-0.2.pdf A nice summary of basic reverse engineering techniques, both static an dynamic. Explains Gnu/Linux tools for process observation and debugging. Playing with binary formats, Alessandro Rubinihttp://www./~rubini/docs/binfmt/binfmt.html An explanation of how files get loaded and executed, and the role of the Linux kernel in it. This goes well with Phrack papers on kernel hijacking and redirection, or the advanced buffer overflow techniques that use ELF structures. Modern Day ELF Runtime infection via GOT poisoning, Ryan O'NeillAn in-depth up-to-date summary of the above and more, with sample code and many details filled in. The ELF Virus Writing HOWTO, Alexander BartolichLinux-specific: http://virus./virus-writing-HOWTO/_html/i386-redhat8.0-linux/index.html In order to infect it and hide in it, and yet not break it, we must understand how it works really well. This article covers a number of practical finer points of ELF. This document has changed a lot between revisions, as to be practically unrecognizable. The older version is more suitable for a start, and generally more fun. Advanced FareThe ERESI project developed advanced ELF tools for inspecting and modifying ELF executables and processes created from ELF executables. These tools can be used for in-process debugging. Phrack articles: Phrack 61:8 — The Cerberus ELF Interface The project page can be a little overwhelming. |
|
来自: astrotycoon > 《链接加载》