cle icon indicating copy to clipboard operation
cle copied to clipboard

Published 20 hours ago verified publisher icon angr

Alternate implementation of R_PPC_JMP_SLOT for older ABI

Open rhelmot opened this issue 7 years ago • 5 comments

Older PPC ABIs need their relocations, specifically R_PPC_JMP_SLOT implemented differently. The change to the current ABI, which we support well, is described here. You can detect the presence of the new ABI by the presence of the DT_PPC_GOT dynamic section tag, as indicated here. We can detect this right now (commit incoming), but the affect we need to implement based on this relocation in the old case is highly nontrivial, you can find a reference implementation in the ppc_fixup_plt function in the last link. It involves actually writing code into the PLT.

One cookie will be awarded to whoever implements this in CLE.

rhelmot avatar Jul 20 '18 22:07 rhelmot

Super dumb workaround if you just want to get SimProcs working is to just hook the symbol address directly instead of inserting the code that would jump the address that is already hooked by CLE. Ugly code I used with binary ninja:

for sym in [ sym[1] for sym in bv.symbols.iteritems() if 'GOT' in sym[0] and "__" not in sym[0]]:
    simproc = angr.SIM_PROCEDURES['libc'][sym.name[:-4]]
    proj.hook(sym.address, hook=simproc())

fmagin avatar Jul 21 '18 08:07 fmagin

To celebrate the one year anniversary of this issue, here is the expression to hook when using ghidra for symbols:

[ proj.hook(f.symbol.address.unsignedOffset, angr.SIM_PROCEDURES['libc'][f.name]()) for f in currentProgram.functionManager.getFunctions(True) if f.thunk and not f.name.startswith("__")]

The lingering thought that I could at least do this with CLE instead of some external tool will now distract me from what I actually want to do.

fmagin avatar Jul 21 '19 15:07 fmagin

This issue has been marked as stale because it has no recent activity. Please comment or add the pinned tag to prevent this issue from being closed.

github-actions[bot] avatar May 21 '22 02:05 github-actions[bot]

@rhelmot Can you provide an update to this issue?

zwimer avatar Oct 26 '22 22:10 zwimer

This is still an issue exactly as described in the first post. This is a low priority issue, but it is a real missing feature that does prevent us from loading a certain class of binaries.

rhelmot avatar Oct 27 '22 20:10 rhelmot

@rhelmot Does this PR solve this issue? https://github.com/angr/cle/pull/481

ltfish avatar May 16 '24 09:05 ltfish