elf magic : elf auxiliary vectors
i’ve always wondered what the last line is for… note the [vdso] line in the maps file below:
misha@heaven ~/git/null/asm/vsyscall $ cat /proc/`pidof old`/maps 08048000-08049000 r-xp 00000000 03:01 21633 /home/misha/git/null/asm/vsyscall/old 08049000-0804a000 rwxp 00000000 03:01 21633 /home/misha/git/null/asm/vsyscall/old bf7f5000-bf80a000 rwxp bf7f5000 00:00 0 [stack] ffffe000-fffff000 —p 00000000 00:00 0 [vdso]
tonight, i finally stumbled upon something that sheds some light on the subject matter at hand. vdso is short for “virtual dynamic shared object“, and this page is being set up by the kernel as system call entry/exit points for user processes. a sysenter based system call mechanism.
; /usr/include/elf.h
%define AT_NULL 0 ; /* End of vector */
%define AT_SYSINFO 32
global _start
section .text
_start
lea edi, [esp+4] ; argv[0]
mov eax, [esp] ; int argc
lea eax, [eax*4+4]
add edi, eax ; envp[0]
stage1
mov eax, [edi]
test eax, eax
jz stage2
add edi, 4
jmp stage1
stage2
add edi, 4
mov eax, [edi] ; Elf32_auxv_t -> a_type
cmp eax, AT_SYSINFO
je SYSINFO_FOUND
add edi, 4
test eax, eax
jnz stage2
mov eax, 1
xor ebx, ebx
int 0x80
SYSINFO_FOUND
mov eax, [edi+4] ; Elf32_auxv_t -> a_un
push eax
xor eax, eax
inc al
inc bl
shl eax, 2
mov ecx, banner
mov edx, (ebanner-banner)
call [esp]
xor eax, eax
xor ebx, ebx
inc eax
call [esp]
section .data
banner db "Merry Christmas!", 0xa, 0x0
ebanner
or you can just cut all that overhead of searching past the stack for the aux vectors and look at System.map
misha@heaven ~ $ grep -i kernel_vsyscall /boot/System.map
ffffe400 A __kernel_vsyscall
references:
[1] http://manugarg.googlepages.com/systemcallinlinux2_6.html
[2] http://manugarg.googlepages.com/aboutelfauxiliaryvectors
[3] http://www.win.tue.nl/%7Eaeb/linux/lk/lk-4.html
