Alternative dso firmware [Application Software Design Entry]

End-Of-Life Products & Services DSO
67

Oh my god!! Thank you very much Tormod, this explains many things that were unclear for me.

Now I am facing another problem, I am trying to match imported ELF functions with real addresses. This document shows how does this resolving works (The Procedure Linkage Table paragraph) there is a picture showing the code flow when an imported function is called.



<LINK_TEXT text=“http://eli.thegreenplace.net/2011/11/03 … libraries/”>http://eli.thegreenplace.net/2011/11/03/position-independent-code-pic-in-shared-libraries/</LINK_TEXT>







The import process is called “lazy binding” and works like this: the function call “func@plc” refers to a function stub in PLT section. When this function is called for the first time, the GOT[n] is uninitialized and points to next instruction in PLT section, this calls resolver that will update the GOT[n] address to real function address. Next time when the cpu will jump to address specified at GOT[n], it will jump to the real function instead of resolver routine.



For me it seems, that the resolver just updates the entry in GOT table, so during loading of the ELF image, I walk through all the imported entries and write a real function address to GOT table for each function:



<LINK_TEXT text=“https://github.com/gabonator/DS203/blob … te.cpp#L82”>https://github.com/gabonator/DS203/blob/master/Source/User/Execute.cpp#L82</LINK_TEXT>



when I load the ELF file it shows this:

Relocation 20000e84 <- 0804c277 ‘GetKeys’

Relocation 20000e88 <- 0804d683 ‘Print’

Relocation 20000e8c <- 0804d6c7 ‘Printf’



this means, that the GOT entry at address 2000e81 will be rewritten by the address 0804c277 pointing to real ‘GetKeys’ function, and so on… But for some reason the device freezes after calling of any imported function… :frowning:



Here is the assembly listing:

http://pub.valky.eu/elf_reloc1.html



could anyone explain to me this two lines of code (it is the actual PLT stub for GetKeys function)?

</s><i> </i>.plt:20000DC0 GetKeys .plt:20000DC0 ADRL R12, 0x20000DC8 .plt:20000DC8 LDR PC, [R12,#(GetKeys_ptr - 0x20000DC8)]! ; __imp_GetKeys .plt:20000DC8 ; End of function GetKeys <e>

and here is a readelf report of that file:

http://pub.valky.eu/elf_reloc1.txt