1 Index: ELFkickers/sstrip/sstrip.c
2 ===================================================================
3 --- ELFkickers.orig/sstrip/sstrip.c 2001-03-24 07:18:52.000000000 -0500
4 +++ ELFkickers/sstrip/sstrip.c 2004-08-24 01:31:10.000000000 -0400
6 +/* http://www.muppetlabs.com/~breadbox/software/elfkickers.html */
8 /* sstrip: Copyright (C) 1999-2001 by Brian Raiter, under the GNU
9 * General Public License. No warranty. See COPYING for details.
11 + * Aug 23, 2004 Hacked by Manuel Novoa III <mjn3@codepoet.org> to
12 + * handle targets of different endianness and/or elf class, making
13 + * it more useful in a cross-devel environment.
16 +/* ============== original README ===================
18 + * sstrip is a small utility that removes the contents at the end of an
19 + * ELF file that are not part of the program's memory image.
21 + * Most ELF executables are built with both a program header table and a
22 + * section header table. However, only the former is required in order
23 + * for the OS to load, link and execute a program. sstrip attempts to
24 + * extract the ELF header, the program header table, and its contents,
25 + * leaving everything else in the bit bucket. It can only remove parts of
26 + * the file that occur at the end, after the parts to be saved. However,
27 + * this almost always includes the section header table, and occasionally
28 + * a few random sections that are not used when running a program.
30 + * It should be noted that the GNU bfd library is (understandably)
31 + * dependent on the section header table as an index to the file's
32 + * contents. Thus, an executable file that has no section header table
33 + * cannot be used with gdb, objdump, or any other program based upon the
34 + * bfd library, at all. In fact, the program will not even recognize the
35 + * file as a valid executable. (This limitation is noted in the source
36 + * code comments for bfd, and is marked "FIXME", so this may change at
37 + * some future date. However, I would imagine that it is a pretty
38 + * low-priority item, as executables without a section header table are
39 + * rare in the extreme.) This probably also explains why strip doesn't
40 + * offer the option to do this.
42 + * Shared library files may also have their section header table removed.
43 + * Such a library will still function; however, it will no longer be
44 + * possible for a compiler to link a new program against it.
46 + * As an added bonus, sstrip also tries to removes trailing zero bytes
47 + * from the end of the file. (This normally cannot be done with an
48 + * executable that has a section header table.)
50 + * sstrip is a very simplistic program. It depends upon the common
51 + * practice of putting the parts of the file that contribute to the
52 + * memory image at the front, and the remaining material at the end. This
53 + * permits it to discard the latter material without affecting file
54 + * offsets and memory addresses in what remains. Of course, the ELF
55 + * standard permits files to be organized in almost any order, so if a
56 + * pathological linker decided to put its section headers at the top,
57 + * sstrip would be useless on such executables.
67 +#include <byteswap.h>
74 -#if ELF_CLASS == ELFCLASS32
75 -#define Elf_Ehdr Elf32_Ehdr
76 -#define Elf_Phdr Elf32_Phdr
78 -#define Elf_Ehdr Elf64_Ehdr
79 -#define Elf_Phdr Elf64_Phdr
82 /* The name of the program.
84 -static char const *progname;
85 +static char const *progname;
87 /* The name of the current file.
89 -static char const *filename;
90 +static char const *filename;
93 /* A simple error-handling function. FALSE is always returned for the
96 static int err(char const *errmsg)
98 - fprintf(stderr, "%s: %s: %s\n", progname, filename, errmsg);
100 + fprintf(stderr, "%s: %s: %s\n", progname, filename, errmsg);
104 -/* A macro for I/O errors: The given error message is used only when
105 - * errno is not set.
106 +/* A flag to signal the need for endian reversal.
108 -#define ferr(msg) (err(errno ? strerror(errno) : (msg)))
109 +static int do_reverse_endian;
111 -/* readelfheader() reads the ELF header into our global variable, and
112 - * checks to make sure that this is in fact a file that we should be
114 +/* Get a value from the elf header, compensating for endianness.
116 -static int readelfheader(int fd, Elf_Ehdr *ehdr)
119 - if (read(fd, ehdr, sizeof *ehdr) != sizeof *ehdr)
120 - return ferr("missing or incomplete ELF header.");
122 - /* Check the ELF signature.
124 - if (!(ehdr->e_ident[EI_MAG0] == ELFMAG0 &&
125 - ehdr->e_ident[EI_MAG1] == ELFMAG1 &&
126 - ehdr->e_ident[EI_MAG2] == ELFMAG2 &&
127 - ehdr->e_ident[EI_MAG3] == ELFMAG3))
128 - return err("missing ELF signature.");
130 - /* Compare the file's class and endianness with the program's.
132 - if (ehdr->e_ident[EI_DATA] != ELF_DATA)
133 - return err("ELF file has different endianness.");
134 - if (ehdr->e_ident[EI_CLASS] != ELF_CLASS)
135 - return err("ELF file has different word size.");
137 - /* Check the target architecture.
139 - if (ehdr->e_machine != ELF_ARCH)
140 - return err("ELF file created for different architecture.");
142 - /* Verify the sizes of the ELF header and the program segment
143 - * header table entries.
145 - if (ehdr->e_ehsize != sizeof(Elf_Ehdr))
146 - return err("unrecognized ELF header size.");
147 - if (ehdr->e_phentsize != sizeof(Elf_Phdr))
148 - return err("unrecognized program segment header size.");
150 - /* Finally, check the file type.
152 - if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN)
153 - return err("not an executable or shared-object library.");
155 + (__extension__ ({ \
157 + if (!do_reverse_endian) { \
159 + } else if (sizeof(X) == 1) { \
161 + } else if (sizeof(X) == 2) { \
162 + __res = bswap_16((X)); \
163 + } else if (sizeof(X) == 4) { \
164 + __res = bswap_32((X)); \
165 + } else if (sizeof(X) == 8) { \
166 + __res = bswap_64((X)); \
168 + fprintf(stderr, "%s: %s: EGET failed for size %d\n", \
169 + progname, filename, sizeof(X)); \
170 + exit(EXIT_FAILURE); \
175 +/* Set a value 'Y' in the elf header to 'X', compensating for endianness.
178 + do if (!do_reverse_endian) { \
180 + } else if (sizeof(Y) == 1) { \
182 + } else if (sizeof(Y) == 2) { \
183 + Y = bswap_16((uint16_t)(X)); \
184 + } else if (sizeof(Y) == 4) { \
185 + Y = bswap_32((uint32_t)(X)); \
186 + } else if (sizeof(Y) == 8) { \
187 + Y = bswap_64((uint64_t)(X)); \
189 + fprintf(stderr, "%s: %s: ESET failed for size %d\n", \
190 + progname, filename, sizeof(Y)); \
191 + exit(EXIT_FAILURE); \
197 -/* readphdrtable() loads the program segment header table into memory.
198 +/* A macro for I/O errors: The given error message is used only when
199 + * errno is not set.
201 -static int readphdrtable(int fd, Elf_Ehdr const *ehdr, Elf_Phdr **phdrs)
205 - if (!ehdr->e_phoff || !ehdr->e_phnum)
206 - return err("ELF file has no program header table.");
207 +#define ferr(msg) (err(errno ? strerror(errno) : (msg)))
209 - size = ehdr->e_phnum * sizeof **phdrs;
210 - if (!(*phdrs = malloc(size)))
211 - return err("Out of memory!");
214 - if (read(fd, *phdrs, size) != (ssize_t)size)
215 - return ferr("missing or incomplete program segment header table.");
218 +#define HEADER_FUNCTIONS(CLASS) \
220 +/* readelfheader() reads the ELF header into our global variable, and \
221 + * checks to make sure that this is in fact a file that we should be \
224 +static int readelfheader ## CLASS (int fd, Elf ## CLASS ## _Ehdr *ehdr) \
226 + if (read(fd, ((char *)ehdr)+EI_NIDENT, sizeof(*ehdr) - EI_NIDENT) \
227 + != sizeof(*ehdr) - EI_NIDENT) \
228 + return ferr("missing or incomplete ELF header."); \
230 + /* Verify the sizes of the ELF header and the program segment \
231 + * header table entries. \
233 + if (EGET(ehdr->e_ehsize) != sizeof(Elf ## CLASS ## _Ehdr)) \
234 + return err("unrecognized ELF header size."); \
235 + if (EGET(ehdr->e_phentsize) != sizeof(Elf ## CLASS ## _Phdr)) \
236 + return err("unrecognized program segment header size."); \
238 + /* Finally, check the file type. \
240 + if (EGET(ehdr->e_type) != ET_EXEC && EGET(ehdr->e_type) != ET_DYN) \
241 + return err("not an executable or shared-object library."); \
246 +/* readphdrtable() loads the program segment header table into memory. \
248 +static int readphdrtable ## CLASS (int fd, Elf ## CLASS ## _Ehdr const *ehdr, \
249 + Elf ## CLASS ## _Phdr **phdrs) \
253 + if (!EGET(ehdr->e_phoff) || !EGET(ehdr->e_phnum) \
254 +) return err("ELF file has no program header table."); \
256 + size = EGET(ehdr->e_phnum) * sizeof **phdrs; \
257 + if (!(*phdrs = malloc(size))) \
258 + return err("Out of memory!"); \
261 + if (read(fd, *phdrs, size) != (ssize_t)size) \
262 + return ferr("missing or incomplete program segment header table."); \
267 +/* getmemorysize() determines the offset of the last byte of the file \
268 + * that is referenced by an entry in the program segment header table. \
269 + * (Anything in the file after that point is not used when the program \
270 + * is executing, and thus can be safely discarded.) \
272 +static int getmemorysize ## CLASS (Elf ## CLASS ## _Ehdr const *ehdr, \
273 + Elf ## CLASS ## _Phdr const *phdrs, \
274 + unsigned long *newsize) \
276 + Elf ## CLASS ## _Phdr const *phdr; \
277 + unsigned long size, n; \
280 + /* Start by setting the size to include the ELF header and the \
281 + * complete program segment header table. \
283 + size = EGET(ehdr->e_phoff) + EGET(ehdr->e_phnum) * sizeof *phdrs; \
284 + if (size < sizeof *ehdr) \
285 + size = sizeof *ehdr; \
287 + /* Then keep extending the size to include whatever data the \
288 + * program segment header table references. \
290 + for (i = 0, phdr = phdrs ; i < EGET(ehdr->e_phnum) ; ++i, ++phdr) { \
291 + if (EGET(phdr->p_type) != PT_NULL) { \
292 + n = EGET(phdr->p_offset) + EGET(phdr->p_filesz); \
302 +/* modifyheaders() removes references to the section header table if \
303 + * it was stripped, and reduces program header table entries that \
304 + * included truncated bytes at the end of the file. \
306 +static int modifyheaders ## CLASS (Elf ## CLASS ## _Ehdr *ehdr, \
307 + Elf ## CLASS ## _Phdr *phdrs, \
308 + unsigned long newsize) \
310 + Elf ## CLASS ## _Phdr *phdr; \
313 + /* If the section header table is gone, then remove all references \
314 + * to it in the ELF header. \
316 + if (EGET(ehdr->e_shoff) >= newsize) { \
317 + ESET(ehdr->e_shoff,0); \
318 + ESET(ehdr->e_shnum,0); \
319 + ESET(ehdr->e_shentsize,0); \
320 + ESET(ehdr->e_shstrndx,0); \
323 + /* The program adjusts the file size of any segment that was \
324 + * truncated. The case of a segment being completely stripped out \
325 + * is handled separately. \
327 + for (i = 0, phdr = phdrs ; i < EGET(ehdr->e_phnum) ; ++i, ++phdr) { \
328 + if (EGET(phdr->p_offset) >= newsize) { \
329 + ESET(phdr->p_offset,newsize); \
330 + ESET(phdr->p_filesz,0); \
331 + } else if (EGET(phdr->p_offset) + EGET(phdr->p_filesz) > newsize) { \
332 + newsize -= EGET(phdr->p_offset); \
333 + ESET(phdr->p_filesz, newsize); \
340 +/* commitchanges() writes the new headers back to the original file \
341 + * and sets the file to its new size. \
343 +static int commitchanges ## CLASS (int fd, Elf ## CLASS ## _Ehdr const *ehdr, \
344 + Elf ## CLASS ## _Phdr *phdrs, \
345 + unsigned long newsize) \
349 + /* Save the changes to the ELF header, if any. \
351 + if (lseek(fd, 0, SEEK_SET)) \
352 + return ferr("could not rewind file"); \
354 + if (write(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) \
355 + return err("could not modify file"); \
357 + /* Save the changes to the program segment header table, if any. \
359 + if (lseek(fd, EGET(ehdr->e_phoff), SEEK_SET) == (off_t)-1) { \
360 + err("could not seek in file."); \
363 + n = EGET(ehdr->e_phnum) * sizeof *phdrs; \
364 + if (write(fd, phdrs, n) != (ssize_t)n) { \
365 + err("could not write to file"); \
369 + /* Eleventh-hour sanity check: don't truncate before the end of \
370 + * the program segment header table. \
372 + if (newsize < EGET(ehdr->e_phoff) + n) \
373 + newsize = EGET(ehdr->e_phoff) + n; \
375 + /* Chop off the end of the file. \
377 + if (ftruncate(fd, newsize)) { \
378 + err("could not resize file"); \
385 + return err("ELF file may have been corrupted!"); \
388 -/* getmemorysize() determines the offset of the last byte of the file
389 - * that is referenced by an entry in the program segment header table.
390 - * (Anything in the file after that point is not used when the program
391 - * is executing, and thus can be safely discarded.)
393 -static int getmemorysize(Elf_Ehdr const *ehdr, Elf_Phdr const *phdrs,
394 - unsigned long *newsize)
396 - Elf32_Phdr const *phdr;
397 - unsigned long size, n;
400 - /* Start by setting the size to include the ELF header and the
401 - * complete program segment header table.
403 - size = ehdr->e_phoff + ehdr->e_phnum * sizeof *phdrs;
404 - if (size < sizeof *ehdr)
405 - size = sizeof *ehdr;
407 - /* Then keep extending the size to include whatever data the
408 - * program segment header table references.
410 - for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) {
411 - if (phdr->p_type != PT_NULL) {
412 - n = phdr->p_offset + phdr->p_filesz;
422 -/* truncatezeros() examines the bytes at the end of the file's
423 - * size-to-be, and reduces the size to exclude any trailing zero
425 +/* First elements of Elf32_Ehdr and Elf64_Ehdr are common.
427 -static int truncatezeros(int fd, unsigned long *newsize)
428 +static int readelfheaderident(int fd, Elf32_Ehdr *ehdr)
430 - unsigned char contents[1024];
431 - unsigned long size, n;
433 + if (read(fd, ehdr, EI_NIDENT) != EI_NIDENT)
434 + return ferr("missing or incomplete ELF header.");
436 + /* Check the ELF signature.
438 + if (!(ehdr->e_ident[EI_MAG0] == ELFMAG0 &&
439 + ehdr->e_ident[EI_MAG1] == ELFMAG1 &&
440 + ehdr->e_ident[EI_MAG2] == ELFMAG2 &&
441 + ehdr->e_ident[EI_MAG3] == ELFMAG3))
443 + err("missing ELF signature.");
449 - n = sizeof contents;
452 - if (lseek(fd, size - n, SEEK_SET) == (off_t)-1)
453 - return ferr("cannot seek in file.");
454 - if (read(fd, contents, n) != (ssize_t)n)
455 - return ferr("cannot read file contents");
456 - while (n && !contents[--n])
458 - } while (size && !n);
463 - return err("ELF file is completely blank!");
464 + /* Compare the file's class and endianness with the program's.
466 +#if __BYTE_ORDER == __LITTLE_ENDIAN
467 + if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB) {
468 + do_reverse_endian = 0;
469 + } else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB) {
470 +/* fprintf(stderr, "ELF file has different endianness.\n"); */
471 + do_reverse_endian = 1;
473 +#elif __BYTE_ORDER == __BIG_ENDIAN
474 + if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB) {
475 +/* fprintf(stderr, "ELF file has different endianness.\n"); */
476 + do_reverse_endian = 1;
477 + } else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB) {
478 + do_reverse_endian = 0;
481 +#error unkown endianness
484 + err("Unsupported endianness");
490 + /* Check the target architecture.
492 +/* if (EGET(ehdr->e_machine) != ELF_ARCH) { */
493 +/* /\* return err("ELF file created for different architecture."); *\/ */
494 +/* fprintf(stderr, "ELF file created for different architecture.\n"); */
496 + return ehdr->e_ident[EI_CLASS];
499 -/* modifyheaders() removes references to the section header table if
500 - * it was stripped, and reduces program header table entries that
501 - * included truncated bytes at the end of the file.
503 -static int modifyheaders(Elf_Ehdr *ehdr, Elf_Phdr *phdrs,
504 - unsigned long newsize)
509 - /* If the section header table is gone, then remove all references
510 - * to it in the ELF header.
512 - if (ehdr->e_shoff >= newsize) {
515 - ehdr->e_shentsize = 0;
516 - ehdr->e_shstrndx = 0;
519 - /* The program adjusts the file size of any segment that was
520 - * truncated. The case of a segment being completely stripped out
521 - * is handled separately.
523 - for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) {
524 - if (phdr->p_offset >= newsize) {
525 - phdr->p_offset = newsize;
526 - phdr->p_filesz = 0;
527 - } else if (phdr->p_offset + phdr->p_filesz > newsize) {
528 - phdr->p_filesz = newsize - phdr->p_offset;
531 +HEADER_FUNCTIONS(32)
535 +HEADER_FUNCTIONS(64)
537 -/* commitchanges() writes the new headers back to the original file
538 - * and sets the file to its new size.
539 +/* truncatezeros() examines the bytes at the end of the file's
540 + * size-to-be, and reduces the size to exclude any trailing zero
543 -static int commitchanges(int fd, Elf_Ehdr const *ehdr, Elf_Phdr *phdrs,
544 - unsigned long newsize)
545 +static int truncatezeros(int fd, unsigned long *newsize)
549 - /* Save the changes to the ELF header, if any.
551 - if (lseek(fd, 0, SEEK_SET))
552 - return ferr("could not rewind file");
554 - if (write(fd, ehdr, sizeof *ehdr) != sizeof *ehdr)
555 - return err("could not modify file");
557 - /* Save the changes to the program segment header table, if any.
559 - if (lseek(fd, ehdr->e_phoff, SEEK_SET) == (off_t)-1) {
560 - err("could not seek in file.");
563 - n = ehdr->e_phnum * sizeof *phdrs;
564 - if (write(fd, phdrs, n) != (ssize_t)n) {
565 - err("could not write to file");
569 - /* Eleventh-hour sanity check: don't truncate before the end of
570 - * the program segment header table.
572 - if (newsize < ehdr->e_phoff + n)
573 - newsize = ehdr->e_phoff + n;
575 - /* Chop off the end of the file.
577 - if (ftruncate(fd, newsize)) {
578 - err("could not resize file");
581 + unsigned char contents[1024];
582 + unsigned long size, n;
587 + n = sizeof contents;
590 + if (lseek(fd, size - n, SEEK_SET) == (off_t)-1)
591 + return ferr("cannot seek in file.");
592 + if (read(fd, contents, n) != (ssize_t)n)
593 + return ferr("cannot read file contents");
594 + while (n && !contents[--n])
596 + } while (size && !n);
601 + return err("ELF file is completely blank!");
604 - return err("ELF file may have been corrupted!");
609 /* main() loops over the cmdline arguments, leaving all the real work
610 @@ -266,44 +403,66 @@
612 int main(int argc, char *argv[])
617 - unsigned long newsize;
621 - if (argc < 2 || argv[1][0] == '-') {
622 - printf("Usage: sstrip FILE...\n"
623 - "sstrip discards all nonessential bytes from an executable.\n\n"
624 - "Version 2.0 Copyright (C) 2000,2001 Brian Raiter.\n"
625 - "This program is free software, licensed under the GNU\n"
626 - "General Public License. There is absolutely no warranty.\n");
627 - return EXIT_SUCCESS;
630 - progname = argv[0];
632 - for (arg = argv + 1 ; *arg != NULL ; ++arg) {
635 - fd = open(*arg, O_RDWR);
637 - ferr("can't open");
646 + Elf32_Phdr *phdrs32;
647 + Elf64_Phdr *phdrs64;
649 + unsigned long newsize;
653 + if (argc < 2 || argv[1][0] == '-') {
654 + printf("Usage: sstrip FILE...\n"
655 + "sstrip discards all nonessential bytes from an executable.\n\n"
656 + "Version 2.0-X Copyright (C) 2000,2001 Brian Raiter.\n"
657 + "Cross-devel hacks Copyright (C) 2004 Manuel Novoa III.\n"
658 + "This program is free software, licensed under the GNU\n"
659 + "General Public License. There is absolutely no warranty.\n");
660 + return EXIT_SUCCESS;
663 - if (!(readelfheader(fd, &ehdr) &&
664 - readphdrtable(fd, &ehdr, &phdrs) &&
665 - getmemorysize(&ehdr, phdrs, &newsize) &&
666 - truncatezeros(fd, &newsize) &&
667 - modifyheaders(&ehdr, phdrs, newsize) &&
668 - commitchanges(fd, &ehdr, phdrs, newsize)))
670 + progname = argv[0];
674 + for (arg = argv + 1 ; *arg != NULL ; ++arg) {
677 + fd = open(*arg, O_RDWR);
679 + ferr("can't open");
684 + switch (readelfheaderident(fd, &e.ehdr32)) {
686 + if (!(readelfheader32(fd, &e.ehdr32) &&
687 + readphdrtable32(fd, &e.ehdr32, &p.phdrs32) &&
688 + getmemorysize32(&e.ehdr32, p.phdrs32, &newsize) &&
689 + truncatezeros(fd, &newsize) &&
690 + modifyheaders32(&e.ehdr32, p.phdrs32, newsize) &&
691 + commitchanges32(fd, &e.ehdr32, p.phdrs32, newsize)))
695 + if (!(readelfheader64(fd, &e.ehdr64) &&
696 + readphdrtable64(fd, &e.ehdr64, &p.phdrs64) &&
697 + getmemorysize64(&e.ehdr64, p.phdrs64, &newsize) &&
698 + truncatezeros(fd, &newsize) &&
699 + modifyheaders64(&e.ehdr64, p.phdrs64, newsize) &&
700 + commitchanges64(fd, &e.ehdr64, p.phdrs64, newsize)))
710 - return failures ? EXIT_FAILURE : EXIT_SUCCESS;
711 + return failures ? EXIT_FAILURE : EXIT_SUCCESS;