How the ELF Ruined Christmas

Total Page:16

File Type:pdf, Size:1020Kb

How the ELF Ruined Christmas How the ELF Ruined Christmas Alessandro Di Federico1,2, Amat Cama1, Yan Shoshitaishvili1, Christopher Kruegel1, and Giovanni Vigna1 1University of California, Santa Barbara, CA, USA amat,yans,chris,vigna @cs.ucsb.edu { 2Politecnico di Milano,} Milan, Italy [email protected] Abstract vulnerabilities has finally begun to decrease in recent years, classic buffer overflows remain the third most common Throughout the last few decades, computer software has form of software vulnerability, and four other memory experienced an arms race between exploitation techniques corruption vulnerabilities pad out the top 25 [13]. leveraging memory corruption and detection/protection One reason behind the decreased prevalence of mem- mechanisms. Effective mitigation techniques, such as ory corruption vulnerabilities is the heavy investment in Address Space Layout Randomization, have significantly research on their prevention and mitigation. Specifically, increased the difficulty of successfully exploiting a vul- many mitigation techniques have been adopted in two nerability. A modern exploit is often two-stage: a first main areas: system-level hardening (such as CGroups [23], information disclosure step to identify the memory layout, AppArmor [4], Capsicum [41], and GRSecurity [18]) and and a second step with the actual exploit. However, be- application-level hardening (such as stack canaries [3], cause of the wide range of conditions under which memory Address Space Layout Randomization (ASLR), and the corruption occurs, retrieving memory layout information No-eXecute (NX) bit [8]). from the program is not always possible. In particular, Address Space Layout Randomization In this paper, we present a technique that uses the (ASLR), by placing the dynamic libraries in a random lo- dynamic loader’s ability to identify the locations of critical cation in memory (unknown to the attacker), lead attackers functions directly and call them, without requiring an to perform exploits in two stages. In the first stage, the information leak. We identified several fundamental weak attacker must use an information disclosure vulnerability, points in the design of ELF standard and dynamic loader in which information about the memory layout of the appli- implementations that can be exploited to resolve and cation (and its libraries) is revealed, to identify the address execute arbitrary library functions. Through these, we of code that represents security-critical functionality (such are able to bypass specific security mitigation techniques, as the system() library function). In the second stage, the including partial and full RELRO, which are specifically attacker uses a control flow redirection vulnerability to designed to protect ELF data-structures from being co- redirect the program’s control flow to this functionality. opted by attackers. We implemented a prototype tool, Leakless, and evaluated it against different dynamic loader However, because of the wide range of conditions under implementations, previous attack techniques, and real- which memory corruptions occur, retrieving this informa- life case studies to determine the impact of our findings. tion from the program is not always possible. For example, Among other implications, Leakless provides attackers memory corruption vulnerabilities in parsing code (e.g., with reliable and non-invasive attacks, less likely to trigger decoding images and video) often take place without a intrusion detection systems. direct line of communication to an attacker, precluding the possibility of an information disclosure. Without this in- formation, performing an exploit against ASLR-protected 1 Introduction binaries using current techniques is often infeasible or unreliable. Since the first widely-exploited buffer overflow used by the As noted in [36], despite the race to harden applications 1998 Morris worm [27], the prevention, exploitation, and and systems, the security of some little-known aspects of mitigation of memory corruption vulnerabilities have oc- application binary formats and the system components cupied the time of security researchers and cybercriminals using them, have not received much scrutiny. In particular alike. Even though the prevalence of memory corruption we focus on the dynamic loader, a userspace component of 1 USENIX Association 24th USENIX Security Symposium 643 the operating system, responsible for loading binaries, and In summary, we make the following contributions: the libraries they depend upon, into memory. Binaries use • We develop a new, architecture- and platform- the dynamic loader to support the resolution of imported agnostic attack, using functionality inherent in ELF- symbols. Interestingly, this is the exact behavior that an based system that supports dynamic loading, to en- attacker of a hardened application attempts to reinvent by able an attacker to execute arbitrary library functions leaking a library’s address and contents. without an information disclosure vulnerability. Our insight is that a technique to eliminate the need for • We detail, and overcome, the challenges of imple- an information disclosure vulnerability could be developed menting our system for different dynamic loader by abusing the functionality of the dynamic loader. Our implementations and in the presence of multiple technique leverages weaknesses in the dynamic loader and mitigation techniques (including RELRO). in the general design of the ELF format to resolve and exe- • Finally, we perform an in-depth evaluation, including cute arbitrary library functions, allowing us to successfully a case study of previously complicated exploits that exploit hardened applications without the need for an infor- are made more manageable with our technique, an as- mation disclosure vulnerability. Any library function can sessment of the security of several different dynamic be executed with this technique, even if it is not otherwise loader implementations, a survey of the applicability used by the exploited binary, as long as the library that it of our technique to different operating system config- resides in is loaded. Since almost every binary depends urations, and a measurement of the improvement in on the C Library, this means our technique allows us to the length of ROP chains produced by Leakless. execute security-critical functions such as system() and execve(), allowing arbitrary command execution. We will also show application-specific library functions can be 2 Related Work: re-used to perform sophisticated and stealthy attacks. The The Memory Corruption Arms Race presented technique is reliable, architecture-agnostic, and does not require the attacker to know the version, layout, The memory corruption arms race (i.e., the process of content, or any other unavailable information about the defenders developing countermeasures against known library and library function in question. exploit techniques, and attackers coming up with new We implemented our ideas in a prototype tool, called exploitation techniques to bypass these countermeasures) Leakless1. To use Leakless, the attacker must possess has been ongoing for several decades. While the history the target application, and have the ability to exploit the of this race has been documented elsewhere [37], this vulnerability (i.e., hijack control flow). Given this infor- section focuses on the sequence of events that has required mation, Leakless can automatically construct an exploit many modern exploits to be two-stage, that is, needing an that, without the requirement of an information disclosure, information disclosure step before an attacker can achieve invokes one or more critical library functions of interest. arbitrary code execution. To evaluate our technique’s impact, we performed a Early buffer overflow exploits relied on the ability to survey of several different distributions of Linux (and inject binary code (termed shellcode) into a buffer, and FreeBSD) and identified that the vast majority of binaries overwrite a return address on the stack to point into this in the default installation of these distributions are suscep- buffer. Subsequently, when the program would return from tible to the attack carried out by Leakless, if a memory its current function, execution would be redirected to the corruption vulnerability is present in the target binary. We attacker’s shellcode, and the attacker would gain control also investigated the dynamic loader implementations of of the program. various C Libraries, and found that most of them are sus- As a result, security researchers introduced another ceptible to Leakless’ techniques. Additionally, we showed mitigation technique: the NX bit. The NX bit has the effect that a popular mitigation technique, RELocation Read- of preventing memory areas not supposed to contain code Only (RELRO), which protects library function calls from (typically, the stack) from being executed. being redirected by an attacker, is completely bypassable The NX bit has pushed attackers to adapt the concept by Leakless. Finally, we compared the length of Leakless’ of code reuse: using functionality already in the program ROP chains against ROP compilers implementing similar (such as system calls and security-critical library functions) functionality. Leakless produces significantly shorter ROP to accomplish their goals. In return-into-libc exploits [30, chains than existing techniques, which, as we show, allows 39], an attacker redirects the control flow directly to a it to be used along with a wider variety of exploits
Recommended publications
  • Download Article (PDF)
    Proceedings of the 2nd International Conference on Computer Science and Electronics Engineering (ICCSEE 2013) SecGOT: Secure Global Offset Tables in ELF Executables Chao Zhang, Lei Duan, Tao Wei, Wei Zou Beijing Key Laboratory of Internet Security Technology Institute of Computer Science and Technology, Peking University Beijing, China {chao.zhang, lei_duan, wei_tao, zou_wei}@pku.edu.cn Abstract—Global Offset Table (GOT) is an important feature library code for these two processes are different). This to support library sharing in Executable and Linkable Format problem also restrains the code sharing feature of libraries. (ELF) applications. The addresses of external modules’ global A solution called PIC (Position Independent Code [3]) is variables and functions are runtime resolved and stored in the proposed for the ELF (Executable and Linkable Format [4]) GOT and then are used by the program. If attackers tamper executable binaries which are common in Linux. with the function pointers in the GOT, they can hijack the In libraries or main modules supporting PIC, the code program’s control flow and execute arbitrary malicious code. section does not reference any absolute addresses in order to Current research pays few attentions on this threat (i.e. GOT support code sharing between processes. However, absolute hijacking attack). In this paper, we proposed and implemented addresses are unavoidable in programs. As a result, a GOT a protection mechanism SecGOT to randomize the GOT at table (Global Offset Table [4]) is introduced in the library. load time, and thus prevent attackers from guessing the GOT’s position and tampering with the function pointers. SecGOT is This table resides in the data section and is not shared evaluated against 101 binaries in the /bin directory for Linux.
    [Show full text]
  • Csc 453 Linking and Loading
    CSc 453 Linking and Loading Saumya Debray The University of Arizona Tucson Tasks in Executing a Program 1. Compilation and assembly. Translate source program to machine language. The result may still not be suitable for execution, because of unresolved references to external and library routines. 2. Linking. Bring together the binaries of separately compiled modules. Search libraries and resolve external references. 3. Loading. Bring an object program into memory for execution. Allocate memory, initialize environment, maybe fix up addresses. CSc 453: Linking and Loading 2 1 Contents of an Object File Header information Overall information about the file and its contents. Object code and data Relocations (may be omitted in executables) Information to help fix up the object code during linking. Symbol table (optional) Information about symbols defined in this module and symbols to be imported from other modules. Debugging information (optional) CSc 453: Linking and Loading 3 Example: ELF Files (x86/Linux) Linkable sections Executable segments ELF Header Program Header (optional, ignored) describes sections Table sections segments Section Header describes sections (optional, ignored) Table CSc 453: Linking and Loading 4 2 ELF Files: contcont’’’’dddd ELF Header structure 16 bytes ELF file identifying information (magic no., addr size, byte order) 2 bytes object file type (relocatable, executable, shared object, etc.) 2 bytes machine info 4 bytes object file version 4 bytes entry point (address where execution begins) 4 bytes offset of program header table 4 bytes offset of section header table 4 bytes processor-specific flags 2 bytes ELF header size (in bytes) 2 bytes size of each entry in program header table 2 bytes no.
    [Show full text]
  • Dynamic Linking Considered Harmful
    DYNAMIC LINKING CONSIDERED HARMFUL 1 WHY WE NEED LINKING ¡ Want to access code/data defined somewhere else (another file in our project, a library, etc) ¡ In compiler-speak, “we want symbols with external linkage” § I only really care about functions here ¡ Need a mechanism by which we can reference symbols whose location we don’t know ¡ A linker solves this problem. Takes symbols annotated by the compiler (unresolved symbols) and patches them 2 DYNAMIC LINKING ¡ We want to: ¡ use code defined somewhere else, but we don’t want to have to recompile/link when it’s updated ¡ be able to link only those symbols used as runtime (deferred/lazy linking) ¡ be more efficient with resources (may get to this later) 3 CAVEATS ¡ Applies to UNIX, particularly Linux, x86 architecture, ELF Relevant files: -glibcX.X/elf/rtld.c -linux-X.X.X/fs/exec.c, binfmt_elf.c -/usr/include/linux/elf.h ¡ (I think) Windows linking operates similarly 4 THE BIRTH OF A PROCESS 5 THE COMPILER ¡ Compiles your code into a relocatable object file (in the ELF format, which we’ll get to see more of later) ¡ One of the chunks in the .o is a symbol table ¡ This table contains the names of symbols referenced and defined in the file ¡ Unresolved symbols will have relocation entries (in a relocation table) 6 THE LINKER ¡ Patches up the unresolved symbols it can. If we’re linking statically, it has to fix all of them. Otherwise, at runtime ¡ Relocation stage. Will not go into detail here. § Basically, prepares program segments and symbol references for load time 7 THE SHELL fork(), exec() 8 THE KERNEL (LOADER) ¡ Loaders are typically kernel modules.
    [Show full text]
  • Linkers and Loaders Do?
    Linkers & Loaders by John R. Levine Table of Contents 1 Table of Contents Chapter 0: Front Matter ........................................................ 1 Dedication .............................................................................................. 1 Introduction ............................................................................................ 1 Who is this book for? ......................................................................... 2 Chapter summaries ............................................................................. 3 The project ......................................................................................... 4 Acknowledgements ............................................................................ 5 Contact us ........................................................................................... 6 Chapter 1: Linking and Loading ........................................... 7 What do linkers and loaders do? ............................................................ 7 Address binding: a historical perspective .............................................. 7 Linking vs. loading .............................................................................. 10 Tw o-pass linking .............................................................................. 12 Object code libraries ........................................................................ 15 Relocation and code modification .................................................... 17 Compiler Drivers .................................................................................
    [Show full text]
  • Dynamic Libraries
    Dynamic Libraries G. Lettieri 14 July 2020 1 Introduction Static libraries are just a collection of object files. In Linux, an .a is only an archive of .o files created using the ar(1) command, an ancient archive- management tool that only survives today because of its use in static libraries1 During linking, the link editor extracts the object files from the archive as needed and adds them to the list of files that must be linked together. The resulting executable keeps no record of the fact that some objects originally came from a library (except maybe in debugging info, if present). Dynamic libraries try to address some (perceived) shortcomings of static libraries: Objects used in several executables (e.g., those extracted from the C li- brary) are copied several times and waste space on disk and in central memory; when a library must be updated to fix a bug, all executables that were built using the old library must be identified and re-built using the new one. Dynamic libraries solve these problems by having \incomplete" executables that are linked to the libraries at load time. The libraries can now be updated with- out updating the executables. Moreover, the libraries are built and linked in a way that allows multiple processes to share almost all of their contents. 2 The price to pay is slower executable start up times (because of the dynamic linking), slightly slower libraries (because of the way they are compiled) and, above all, great management complexity because of possible incompatibilities between library versions. Some people (like the go developers) think that the price to pay is too high while the advantages are either marginal or non exis- tent (space is not a problem today, and library-version incompatibilities often 1Because of this specialized use, modern GNU ar can also add a symbol index to the archive all by itself.
    [Show full text]
  • Mach-O Programming Topics
    Mach-O Programming Topics Tools > Compiling & Debugging 2006-11-28 subsidiaries in the United States and other Apple Inc. countries. © 2003, 2006 Apple Computer, Inc. Java and all Java-based trademarks are All rights reserved. trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other No part of this publication may be countries. reproduced, stored in a retrieval system, or transmitted, in any form or by any means, PowerPC and and the PowerPC logo are mechanical, electronic, photocopying, trademarks of International Business recording, or otherwise, without prior Machines Corporation, used under license written permission of Apple Inc., with the therefrom. following exceptions: Any person is hereby UNIX is a registered trademark of The Open authorized to store documentation on a Group single computer for personal use only and Simultaneously published in the United to print copies of documentation for States and Canada. personal use provided that the documentation contains Apple’s copyright Even though Apple has reviewed this document, APPLE MAKES NO WARRANTY OR notice. REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS The Apple logo is a trademark of Apple Inc. DOCUMENT, ITS QUALITY, ACCURACY, MERCHANTABILITY, OR FITNESS FOR A Use of the “keyboard” Apple logo PARTICULAR PURPOSE. AS A RESULT, THIS (Option-Shift-K) for commercial purposes DOCUMENT IS PROVIDED “AS IS,” AND YOU, THE READER, ARE ASSUMING THE without the prior written consent of Apple ENTIRE RISK AS TO ITS QUALITY AND may constitute trademark infringement and ACCURACY. unfair competition in violation of federal IN NO EVENT WILL APPLE BE LIABLE FOR and state laws.
    [Show full text]
  • 28Library.Pdf
    To speed-up virtual-to-real translation, a special cache is maintained of recent translations — it’s called the translation lookaside buffer (TLB). It resides in the chip, one per core and hyperthread. The TLB shown in the slide is a two-way set associative cache, as discussed in lecture 17. This one assumes a 32-bit virtual address with a 4k page. Things are more complicated when multiple page sizes are supported. For example, is there just one entry for a large page that covers its entire range of addresses, or is a large page dealt with by putting into the cache multiple entries covering the large page, but each for the size of a small page? Both approaches are not only possible, but done. Three issues concerning the mechanism for caching are the following: the fetch policy, which governs when item are fetched to go into the cache, the placement policy, which governs where the fetched items are placed in the cache, and the replacement policy, which governs when and which items are removed from the cache (and perhaps written back to their source). The (kernel) thread that maintains the free page-frame list is typically called the pageout daemon. Its job is to make certain that the free page-frame list has enough page frames on it. If the size of the list drops below some threshold, then the pageout daemon examines those page frames that are being used and selects a number of them to be freed. Before freeing a page, it must make certain that a copy of the current contents of the page exists on secondary storage.
    [Show full text]
  • An Evil Copy: How the Loader Betrays You
    An Evil Copy: How the Loader Betrays You Xinyang Ge Mathias Payer Trent Jaeger Microsoft Research Purdue University The Pennsylvania State University [email protected] [email protected] [email protected] Abstract—Dynamic loading is a core feature used on current the value that is being written. Despite significant investment in systems to (i) enable modularity and reuse, (ii) reduce memory bug finding techniques, memory corruption is still an important footprint by sharing code pages of libraries and executables problem, as 745 individual CVEs for 2015 and 692 CVEs for among processes, and (iii) simplify update procedures by elim- 2016 are reported. While not all these vulnerabilities allow an inating the need to recompile executables when a library is attacker to compromise a system with arbitrary code execution, updated. The Executable and Linkable Format (ELF) is a generic many do. specification that describes how executable programs are stitched together from object files produced from source code to libraries Without any defense, attackers inject and execute code to and executables. Programming languages allow fine-grained con- trol over variables, including access and memory protections, so take control of a system through memory corruption vulner- programmers may write defense mechanisms assuming that the abilities. Over the past decade, a set of defense mechanisms permissions specified at the source and/or compiler level will hold have been deployed on commodity systems. Data execution at runtime. prevention [5] is a common defense that enforces code in- tegrity. Code integrity prohibits an attacker from injecting new Unfortunately, information about memory protection is lost code into a running process and is usually enforced by hard- during compilation.
    [Show full text]
  • Outline Executable/Object File Formats Brief History of Binary File Formats
    Outline CSci 5980/8980 ELF basics Manual and Automated Binary Reverse Engineering Slides 5: The ELF Binary File Format Stephen McCamant Static and dynamic linking University of Minnesota Executable/object file formats Brief history of binary file formats (Unix) Modern systems usually use a common format for Early Unix had a simple a.out format relocatable object files during compilation and final Lasted until early days of free Linux/BSD, now obsolete executables AT&T’s second try was named COFF Mostly binary data representing code and data Still limited, but widely adopted with changes Plus metadata allowing the data to be linked and AT&T’s third try was ELF, now used in almost all Unix loaded systems Brief history of binary file formats (non-Unix) Compile-time and run-time Early DOS and Windows had several limited formats Some file features are used during compilation Since the 32-bit era, Windows uses the PE (Portable Typically first created by assembler, then used/modified Executable) format by the linker Partially derived from COFF Other features are used when the program runs OS X era Apple (including iOS, etc) uses a format By the OS when the program starts named Mach-O And now also by runtime linking First developed for the Mach microkernel used on the NeXT Static and dynamic/shared linking ELF Traditional “static” linking happens all at compile time Executable (or Extensible) and Linking (or Linkable) Libraries become indistinguishable from the rest of the Format program First appeared in System V Release 4 Unix, c. 1989 For efficiency and flexibility, it is now more common to postpone library linking until runtime Linux switched to ELF c.
    [Show full text]
  • Linker and Libraries
    Linker and Libraries 2550 Garcia Avenue Mountain View, CA 94043 U.S.A. A Sun Microsystems, Inc. Business 1994 Sun Microsystems, Inc. 2550 Garcia Avenue, Mountain View, California 94043-1100 U.S.A. All rights reserved. This product and related documentation are protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Portions of this product may be derived from the UNIX® and Berkeley 4.3 BSD systems, licensed from UNIX System Laboratories, Inc., a wholly owned subsidiary of Novell, Inc., and the University of California, respectively. Third-party font software in this product is protected by copyright and licensed from Sun’s font suppliers. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the United States Government is subject to the restrictions set forth in DFARS 252.227-7013 (c)(1)(ii) and FAR 52.227-19. The product described in this manual may be protected by one or more U.S. patents, foreign patents, or pending applications. TRADEMARKS Sun, the Sun logo, Sun Microsystems, Sun Microsystems Computer Corporation, Solaris, are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and certain other countries. UNIX and OPEN LOOK are registered trademarks of UNIX System Laboratories, Inc., a wholly owned subsidiary of Novell, Inc. PostScript and Display PostScript are trademarks of Adobe Systems, Inc. All other product names mentioned herein are the trademarks of their respective owners.
    [Show full text]
  • ELF for the ARM 64-Bit Architecture (Aarch64)
    ELF for the ARM 64-bit architecture (AArch64) ELF for the ARM® 64-bit Architecture (AArch64) Document number: ARM IHI 0056B, current through AArch64 ABI release 1.0 Date of Issue: 22nd May 2013 Abstract This document describes the use of the ELF binary file format in the Application Binary Interface (ABI) for the ARM 64-bit architecture. Keywords ELF, AArch64 ELF, ... How to find the latest release of this specification or report a defect in it Please check the ARM Information Center (http://infocenter.arm.com/) for a later release if your copy is more than 3 months old (navigate to the Software Development Tools section, Application Binary Interface for the ARM Architecture subsection). Please report defects in this specification to arm dot eabi at arm dot com. Licence THE TERMS OF YOUR ROYALTY FREE LIMITED LICENCE TO USE THIS ABI SPECIFICATION ARE GIVEN IN SECTION 1.4, Your licence to use this specification (ARM contract reference LEC-ELA-00081 V2.0). PLEASE READ THEM CAREFULLY. BY DOWNLOADING OR OTHERWISE USING THIS SPECIFICATION, YOU AGREE TO BE BOUND BY ALL OF ITS TERMS. IF YOU DO NOT AGREE TO THIS, DO NOT DOWNLOAD OR USE THIS SPECIFICATION. THIS ABI SPECIFICATION IS PROVIDED “AS IS” WITH NO WARRANTIES (SEE SECTION 1.4 FOR DETAILS). Proprietary notice ARM, Thumb, RealView, ARM7TDMI and ARM9TDMI are registered trademarks of ARM Limited. The ARM logo is a trademark of ARM Limited. ARM9, ARM926EJ-S, ARM946E-S, ARM1136J-S ARM1156T2F-S ARM1176JZ-S Cortex, and Neon are trademarks of ARM Limited. All other products or services mentioned herein may be trademarks of their respective owners.
    [Show full text]
  • System V Application Binary Interface X86-64
    System V Application Binary Interface AMD64 Architecture Processor Supplement Draft Version 0.95 Edited by Jan Hubickaˇ 1, Andreas Jaeger2, Mark Mitchell3 January 24, 2005 [email protected] [email protected] [email protected] AMD64 ABI Draft 0.95 – January 24, 2005 – 12:10 Contents 1 Introduction 8 1.1 Differences from the Intel386 ABI . 8 2 Software Installation 10 3 Low Level System Information 11 3.1 Machine Interface . 11 3.1.1 Processor Architecture . 11 3.1.2 Data Representation . 11 3.2 Function Calling Sequence . 14 3.2.1 Registers and the Stack Frame . 14 3.2.2 The Stack Frame . 15 3.2.3 Parameter Passing . 16 3.3 Operating System Interface . 23 3.3.1 Exception Interface . 23 3.3.2 Virtual Address Space . 23 3.3.3 Page Size . 23 3.3.4 Virtual Address Assignments . 23 3.4 Process Initialization . 26 3.4.1 Initial Stack and Register State . 26 3.4.2 Auxiliary Vector . 29 3.5 Coding Examples . 31 3.5.1 Architectural Constraints . 32 3.5.2 Conventions . 34 3.5.3 Position-Independent Function Prologue . 35 3.5.4 Data Objects . 35 3.5.5 Function Calls . 44 3.5.6 Branching . 46 1 AMD64 ABI Draft 0.95 – January 24, 2005 – 12:10 3.5.7 Variable Argument Lists . 49 3.6 DWARF Definition . 54 3.6.1 DWARF Release Number . 54 3.6.2 DWARF Register Number Mapping . 54 3.7 Stack Unwind Algorithm . 54 4 Object Files 58 4.1 ELF Header . 58 4.1.1 Machine Information .
    [Show full text]