Tweets

You blocked @fasterthanlime

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @fasterthanlime

  1. Pinned Tweet

    ✨ New series 📦 Making our own executable packer In these articles, we dive into ELF, x86 instructions, memory mapping, gdb, dynamic loaders, and more. The first article simply asks the question: What's in a Linux executable?

    Show this thread
    Undo
  2. Meanwhile, for $10+ Patreon supporters, Part 7 of "Making our own executable packer" just came out - it talks about dynamic symbol resolution, and performs cross-object relocations. By that point, we have a pretty solid understanding of what's going on!

    Show this thread
    Undo
  3. 🙋‍♂️ How do ELF relocations work? Previously, we've found one way a position-independent executable finds its data: RIP-relative addressing. Now, we discuss *another way*: by straight up modifying the executable section, according to the relocation table!

    Show this thread
    Undo
  4. Undo
  5. tl;dr we need a "unfuckingsafe" keyword for the crate

    Show this thread
    Undo
  6. The worst part is that you can't really write a sanitizer for mmap mis-use because remapping regions is 100% legitimate usage and something the dynamic linker does a bunch

    Show this thread
    Undo
  7. There was another subtle bug btw: malloc/free misuse is SO EASY to identify as compared to mmap misuse. The memory manager will happily unmap crucial stuff from under you and it'll blow up way later.

    Show this thread
    Undo
  8. Okay, after some additional bug-hunting, is all fixed up and our codebase should *not* blow up the minute we run it on real-world executables

    Show this thread
    Undo
  9. lessons learned: - don't write articles while extremely tired ☠ - mmap with MAP_FIXED is *way dangerous* 💣 - using LLDB for day-to-day stuff sounds worth it ✨

    Show this thread
    Undo
  10. Show this thread
    Undo
  11. my current working theory is that one of my `mmap` calls is accidentally unmapping a previously-mapped region used as backing memory for a `Vec`, and when dropping the `Vec`, well, all hell breaks loose This only happens with large enough Vecs, so it didn't happen before

    Show this thread
    Undo
  12. ooh, LLDB shows more deets, looks like it crashes when dropping `delf::ProgramHeader`

    Show this thread
    Undo
  13. it's trying to free a bit of memory that belongs to a region mmapped from a file what

    Show this thread
    Undo
  14. running it under valgrind works fine lol

    Show this thread
    Undo
  15. the stack trace isn't even that suspicious!

    Show this thread
    Undo
  16. I just got a free(): invalid pointer in a rust program (while unwinding) so, yeah, I need a quick break

    Show this thread
    Undo
  17. Meanwhile, for $10+ Patreon supporters, Part 7 of "Making our own executable packer" just came out - it talks about dynamic symbol resolution, and performs cross-object relocations. By that point, we have a pretty solid understanding of what's going on!

    Show this thread
    Undo
  18. 🙋‍♂️ How do ELF relocations work? Previously, we've found one way a position-independent executable finds its data: RIP-relative addressing. Now, we discuss *another way*: by straight up modifying the executable section, according to the relocation table!

    Show this thread
    Undo
  19. Seems like even doesn't try for nineteen seconds

    Show this thread
    Undo
  20. Show this thread
    Undo
  21. Btw definitely allows you to do that because knows you have stuff to do (and also doesn't make promises it can't keep)

    Show this thread
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·