1.10 Introducing SHELF Loading (Part 1)
@eZine
Published in
tmp0ut
ยท 2 years ago
... mplementing any form of ELF binary loading, are primarily based on what's known as User-Land-Exec. User-Land-Exec is a method first documented by @thegrugq, in which an ELF binary can be loaded without using any of the execve family of system calls, and hence its name. For the sake of simplicity, the steps to implement an ordinary User-Land-Exec with support of ET_EXEC and ET_DYN ELF binaries is illustrated in the following diagram, showcasing an implementation of the UPX packer for ELF binaries: As we can observe, this technique has the following requirements (by @thegrugq): Clean out the address space If the binary is dynamically linked, load th ...