Now that we've done one section manually, let's graduate and use the
readelf -S
of the other sections: [Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 2] .text PROGBITS 0000000000000000 00000210
0000000000000027 0000000000000000 AX 0 0 16
.text
is executable but not writable: if we try to write to it Linux segfaults. Let's see if we really have some code there:objdump -d hello_world.o
hello_world.o: file format elf64-x86-64
Disassembly of section .text:
0000000000000000 <_start>:
0: b8 01 00 00 00 mov $0x1,%eax
5: bf 01 00 00 00 mov $0x1,%edi
a: 48 be 00 00 00 00 00 movabs $0x0,%rsi
11: 00 00 00
14: ba 0d 00 00 00 mov $0xd,%edx
19: 0f 05 syscall
1b: b8 3c 00 00 00 mov $0x3c,%eax
20: bf 00 00 00 00 mov $0x0,%edi
25: 0f 05 syscall
If we grep
b8 01 00 00
on the hd
, we see that this only occurs at 00000210
, which is what the section says. And the Size is 27, which matches as well. So we must be talking about the right section.This looks like the right code: a
write
followed by an exit
.The most interesting part is line to pass the address of the string to the system call. Currently, the This modification is possible because of the data of the
a
which does:movabs $0x0,%rsi
0x0
is just a placeholder. After linking happens, it will be modified to contain:4000ba: 48 be d8 00 60 00 00 movabs $0x6000d8,%rsi
.rela.text
section.