Executing an ELF executable

1
Executing an ELF executable

• How to load an executable ELF file for execution
  in extended physical memory

2
What is Extended Memory?
extended memory
4GB
extended memory
16MB
conventional memory
conventional memory
conventional memory
1MB
8086/8088 (20-bit addresses)
80386 (32-bit addresses)
80286 (24-bit addresses)
3
8086/8088 addresses
segment-address
offset-address
0x2345
0x9876
Logical Address

x16
0x23450 0x09876 --------------- 0x2CCC6
0x2CCC6
Physical Address (20-bits)
4
Biggest 8086/8088 address
segment-address
offset-address
0xFFFF
0xFFFF
Logical Address

x16
0xFFFF0 0x0FFFF --------------- 0x10FFEF
0x0FFEF
Physical Address (20-bits)
A20
5
Emulating 8086/8088 on 80286

• Special circuitry provided to disable the 21st
  address-line (named A20) causes addresses to
  wrap at the 1MB boundry
• Original IBM-AT used keyboard controller to
  perform enabling/disabling of A20-line
• Newer machines have faster ways to enable/disable
  A20-line (e.g., port 0x92)

6
Executable versus Linkable
ELF Header
ELF Header
Program-Header Table (optional)
Program-Header Table
Segment 1 Data
Section 1 Data
Section 2 Data
Segment 2 Data
Section 3 Data
Segment 3 Data
Section n Data
Segment n Data
Section-Header Table (optional)
Section-Header Table
Linkable File
Executable File
7
In-Class Exercise

• We want to execute the hello application in our
  own operating system environment
• Boot-disk preparation steps
• as hello.s o hello.o
• ld hello.o o hello
• dd ifhello of/dev/fd0 seek13
• We need modifications to our try32bit.s

8
The two program-segments

• Our Linker utility (ld) relocates the .text
  and .data program-segments for loading at
  memory-addresses 0x08048000 and 0x08049000,
  respectively
• We will need to copy the contents of these two
  portions of our executable image-file to these
  addresses in extended physical memory

9
New segment-descriptors

• We can setup segment-limits of size 4GB using
  Descriptor Privilege Level (DPL) 3
• For our code-segment
• .WORD 0xFFFF, 0x0000, 0xFA00, 0x00CF
• For our data-segment
• .WORD 0xFFFF, 0x0000, 0xF200, 0x00CF
• For our stack-segment
• .WORD 0xFFFF, 0x0000, 0xF200, 0x00CF

10
Loading the .text and .data

• Image-file fits within five Boot-disk sectors
  (14-18), so total size is at most 0x0A00
• So we can copy the entire ELF file-image from
  address 0x00011800 to 0x08048000 to initialize
  our .text program-segment
• And we can copy the entire ELF file-image from
  address 0x00011800 to 0x08049000 to initialize
  our .data program-segment

11
Initial values for ESP and EIP

• The programs entry-point is 0x08048074 (as
  obtained from the files ELF Header)
• The decision about an initial value for ESP is
  largely up to us, taking into account the amount
  of physical memory installed and the regions of
  memory already being used for other system
  purposes

12
Wheres our ring3 stack?
.data
0x08049000
EIP
.text
ESP
0x08048000
ring3 stack
OS630
0x00010000
IVT and BDA
0x00000000
13
In-Class Exercise

• Make a copy of our try32bit.s demo (from our
  CS630 course website), and modify it so it will
  execute the hello ELF file-image
• The code that transfers control to hello would
  look like this
• push dword userSS image for SS
• push dword 0x08048000 image for ESP
• push dword userCS image for CS
• push dword 0x08048074 image for EIP
• retf execute hello

14
Note on avoiding a crash

• The try32bit.s program never modified the upper
  16-bits of the ESP register (these 16 bits always
  remained clear)
• But now ESP will be loaded with a value that does
  modify its upper word
• This will cause a problem when attempting to
  return to the original stack-address, as LSS
  SP, tossave wont clear upper bits

15
First step of the Exercise

• Change the storage-size for tossave from
  32-bits to 48-bits, like this
• tossave .WORD 0, 0, 0
• Then change the two instructions that save the
  stack-pointer, like this
• mov tossave0, esp
• mov tossave4, ss
• And also change the instruction that reloads the
  stack-pointer, like this
• lss esp, tossave