This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

PPC32 Secure-PLT Stub Symbols


Hello,

I'm having difficulty finding the targets of function calls in ppc32
-fPIC binaries.  All the calls in these binaries jump through
unlabeled PLT function stubs at the end of the .text section.

Apparently this was discussed back in May of 2006.  The reason these
stubs don't have symbols is because a single PLT entry may have
multiple stubs associated with it, depending on the caller's GOT2
value.  This means there is no way to infer what PLT index a stub
references by simply looking at the stub.  So, the only way to find
the true target of a call is the following:

- Find a call to an address after "call___do_global_ctors_aux".
- Search backwards from the call-site for the following assembly sequence:
    bcl- 20,4*cr7+so // Put the PC into LR
    mflr r30
    addis r30,r30,hi_got2_off
    addi r30,r30,lo_got2_off

- Parse the call-target for one of these two assembly sequences:
    lwz r11,off(r30)
    mtctr r11
    bctr
    nop
OR
    addis r11,r30,hi_off(r30)
    lwz r11,lo_off(r11)
    mtctr r11
    bctr

- Then you have a value (got2 + off) that is translatable into a PLT
index, which can be looked up in the .rela.plt section.

But, it seems like this would be easier if there was simply a symbol
for the stub.  And the comment before add_stub_sym() in
bfd/elf32-ppc.c implies that somebody else thought this was a good
idea too.

So is there a reason it wasn't implemented?  I apologize if I have
overlooked something that obviates this question.  I've been trying to
find a way around this for a while now.

Thanks,
Ray Chen


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]