问题描述
如何使用ndisasm在Mac上反汇编可执行文件,并使用nasm和ld重新组装并链接它?这是我尝试过的(我正在运行MacOS X btw):
How can I disassemble an executable on my mac using ndisasm and reassemble and link it using nasm and ld?This is what I tried (I'm running MacOS X btw):
*ndisasm a.out | cut -c 29- > main.asm*
这会生成带有main.asm中所有处理器指令的干净汇编代码
this generated clean assembler code with all the processor instructions in main.asm
*nasm -f macho main.asm*
这生成了一个目标文件main.o,然后我尝试将其链接
this generated an object file main.o which I then tried to link
*ld main.o*
...这就是我被困住的地方.我不知道为什么会产生以下错误:
... this is where I'm stuck. I don't know why it generates the following error:
ld:在__TEXT,__ text reloc部分中:0_R_ABS重定位,但对于目标体系结构i386,目标地址文件'main.o'中没有绝对符号.
ld: in section __TEXT,__text reloc 0: R_ABS reloc but no absolute symbol at target adress file 'main.o' for inferred architecture i386.
我还尝试指定体系结构(ld -arch x86_64 main.o),但这也不起作用.
I also tried specifying the architecture (ld -arch x86_64 main.o) but that didn't work either.
我的目标是反汇编所有可执行文件,对其进行修改,然后再次对其进行重新组装.
我在做什么错了?
推荐答案
没有使用常规汇编器语法的可靠方法.请参阅如何反汇编,修改然后重新组装Linux可执行文件?.节信息通常不会如实地反汇编,因此您需要一种特殊的格式,用于修改和重新组装+ 重新链接.
There is no reliable way to do this with normal assembler syntax. See How to disassemble, modify and then reassemble a Linux executable?. Section info is typically not faithfully disassembled, so you'd need a special format designed for modify and reassembling + relinking.
此外,当代码仅在使用较长的编码填充时才有效时,指令长度也是一个问题.(例如,在计算出的goto的跳转目标表中).参见> GNU汇编程序指令在哪里像".s"这样的后缀在x86"mov.s"中,但是请注意,反汇编程序不支持以这种格式进行反汇编.
Also, instruction-lengths are a problem when code only works when padded by using longer encodings. (e.g. in a table of jump targets for a computed goto). See Where are GNU assembler instruction suffixes like ".s" in x86 "mov.s" documented?, but note that disassemblers don't support disassembling into that format.
ndisasm
不了解目标文件格式,因此将标头分解为机器代码!
ndisasm
doesn't understand object file formats, so it disassembles headers as machine code!
要对此有任何希望,请使用反汇编程序,例如 Agner Fog的 objconv
,它将输出汇编后的asm源(NASM,MASM或GAS AT& T).如果任何代码依赖于特定于长度的默认编码,则可能实际上不起作用.
For this to have any hope of working, use a disassembler like Agner Fog's objconv
which will output asm source (NASM, MASM, or GAS AT&T) which does assemble. It might not actually work if any of the code depended on a specific longer-than-default encoding.
我不确定 objconv
在发出 section .bss
, section .rodata
和其他类似指令方面是否忠实将数据放在它在目标文件中找到的位置,但这就是您所需要的.
I'm not sure how faithful objconv
is with respect to emitting section .bss
, section .rodata
and other directives like that to place data where it found it in the object file, but that's what you need.
重新:绝对重定位:确保将 DEFAULT REL
放在文件顶部.我忘记了 objconv
是否默认执行此操作.x86-64 Mach-o仅支持相对于PC的重定位,因此您必须创建与位置无关的代码(例如,使用相对于RIP的寻址模式).
Re: absolute relocations: make sure you put DEFAULT REL
at the top of your file. I forget if objconv
does this by default. x86-64 Mach-o only supports PC-relative relocations, so you have to create position-independent code (e.g. using RIP-relative addressing modes).
ndisasm
不会读取符号表,因此其所有操作数都使用绝对寻址. objconv
组成跳转目标和未出现在符号表中的静态数据的标签名称.
ndisasm
doesn't read the symbol table, so all its operands use absolute addressing. objconv
makes up label names for jump targets and static data that doesn't appear in the symbol table.
这篇关于反汇编,修改和重新组装可执行文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!