1/* http://www.muppetlabs.com/~breadbox/software/elfkickers.html */
2
3/* sstrip: Copyright (C) 1999-2001 by Brian Raiter, under the GNU
4 * General Public License. No warranty. See COPYING for details.
5 *
6 * Aug 23, 2004 Hacked by Manuel Novoa III <mjn3@codepoet.org> to
7 * handle targets of different endianness and/or elf class, making
8 * it more useful in a cross-devel environment.
9 */
10
11/* ============== original README ===================
12 *
13 * sstrip is a small utility that removes the contents at the end of an
14 * ELF file that are not part of the program's memory image.
15 *
16 * Most ELF executables are built with both a program header table and a
17 * section header table. However, only the former is required in order
18 * for the OS to load, link and execute a program. sstrip attempts to
19 * extract the ELF header, the program header table, and its contents,
20 * leaving everything else in the bit bucket. It can only remove parts of
21 * the file that occur at the end, after the parts to be saved. However,
22 * this almost always includes the section header table, and occasionally
23 * a few random sections that are not used when running a program.
24 *
25 * It should be noted that the GNU bfd library is (understandably)
26 * dependent on the section header table as an index to the file's
27 * contents. Thus, an executable file that has no section header table
28 * cannot be used with gdb, objdump, or any other program based upon the
29 * bfd library, at all. In fact, the program will not even recognize the
30 * file as a valid executable. (This limitation is noted in the source
31 * code comments for bfd, and is marked "FIXME", so this may change at
32 * some future date. However, I would imagine that it is a pretty
33 * low-priority item, as executables without a section header table are
34 * rare in the extreme.) This probably also explains why strip doesn't
35 * offer the option to do this.
36 *
37 * Shared library files may also have their section header table removed.
38 * Such a library will still function; however, it will no longer be
39 * possible for a compiler to link a new program against it.
40 *
41 * As an added bonus, sstrip also tries to removes trailing zero bytes
42 * from the end of the file. (This normally cannot be done with an
43 * executable that has a section header table.)
44 *
45 * sstrip is a very simplistic program. It depends upon the common
46 * practice of putting the parts of the file that contribute to the
47 * memory image at the front, and the remaining material at the end. This
48 * permits it to discard the latter material without affecting file
49 * offsets and memory addresses in what remains. Of course, the ELF
50 * standard permits files to be organized in almost any order, so if a
51 * pathological linker decided to put its section headers at the top,
52 * sstrip would be useless on such executables.
53 */
54
55#include	<stdio.h>
56#include	<stdlib.h>
57#include	<string.h>
58#include	<errno.h>
59#include	<unistd.h>
60#include	<fcntl.h>
61#include	<elf.h>
62
63#ifndef TRUE
64#define	TRUE		1
65#define	FALSE		0
66#endif
67
68/* The name of the program.
69 */
70static char const	*progname;
71
72/* The name of the current file.
73 */
74static char const	*filename;
75
76
77/* A simple error-handling function. FALSE is always returned for the
78 * convenience of the caller.
79 */
80static int err(char const *errmsg)
81{
82	fprintf(stderr, "%s: %s: %s\n", progname, filename, errmsg);
83	return FALSE;
84}
85
86/* A flag to signal the need for endian reversal.
87 */
88static int do_reverse_endian;
89
90/* Get a value from the elf header, compensating for endianness.
91 */
92#define EGET(X) \
93	(__extension__ ({ \
94		uint64_t __res; \
95		if (!do_reverse_endian) { \
96			__res = (X); \
97		} else if (sizeof(X) == 1) { \
98			__res = (X); \
99		} else if (sizeof(X) == 2) { \
100			__res = bswap_16((X)); \
101		} else if (sizeof(X) == 4) { \
102			__res = bswap_32((X)); \
103		} else if (sizeof(X) == 8) { \
104			__res = bswap_64((X)); \
105		} else { \
106			fprintf(stderr, "%s: %s: EGET failed for size %d\n", \
107					progname, filename, sizeof(X)); \
108			exit(EXIT_FAILURE); \
109		} \
110		__res; \
111	}))
112
113/* Set a value 'Y' in the elf header to 'X', compensating for endianness.
114 */
115#define ESET(Y,X) \
116		do if (!do_reverse_endian) { \
117			Y = (X); \
118		} else if (sizeof(Y) == 1) { \
119			Y = (X); \
120		} else if (sizeof(Y) == 2) { \
121			Y = bswap_16((uint16_t)(X)); \
122		} else if (sizeof(Y) == 4) { \
123			Y = bswap_32((uint32_t)(X)); \
124		} else if (sizeof(Y) == 8) { \
125			Y = bswap_64((uint64_t)(X)); \
126		} else { \
127			fprintf(stderr, "%s: %s: ESET failed for size %d\n", \
128					progname, filename, sizeof(Y)); \
129			exit(EXIT_FAILURE); \
130		} while (0)
131
132
133/* A macro for I/O errors: The given error message is used only when
134 * errno is not set.
135 */
136#define	ferr(msg)	(err(errno ? strerror(errno) : (msg)))
137
138
139
140#define HEADER_FUNCTIONS(CLASS) \
141 \
142/* readelfheader() reads the ELF header into our global variable, and \
143 * checks to make sure that this is in fact a file that we should be \
144 * munging. \
145 */ \
146static int readelfheader ## CLASS (int fd, Elf ## CLASS ## _Ehdr *ehdr) \
147{ \
148	 if (read(fd, ((char *)ehdr)+EI_NIDENT, sizeof(*ehdr) - EI_NIDENT) \
149		!= sizeof(*ehdr) - EI_NIDENT) \
150		return ferr("missing or incomplete ELF header."); \
151 \
152	/* Verify the sizes of the ELF header and the program segment \
153	 * header table entries. \
154	 */ \
155	if (EGET(ehdr->e_ehsize) != sizeof(Elf ## CLASS ## _Ehdr)) \
156		return err("unrecognized ELF header size."); \
157	if (EGET(ehdr->e_phentsize) != sizeof(Elf ## CLASS ## _Phdr)) \
158		return err("unrecognized program segment header size."); \
159 \
160	/* Finally, check the file type. \
161	 */ \
162	if (EGET(ehdr->e_type) != ET_EXEC && EGET(ehdr->e_type) != ET_DYN) \
163		return err("not an executable or shared-object library."); \
164 \
165	return TRUE; \
166} \
167 \
168/* readphdrtable() loads the program segment header table into memory. \
169 */ \
170static int readphdrtable ## CLASS (int fd, Elf ## CLASS ## _Ehdr const *ehdr, \
171								   Elf ## CLASS ## _Phdr **phdrs) \
172{ \
173	size_t	size; \
174 \
175	if (!EGET(ehdr->e_phoff) || !EGET(ehdr->e_phnum) \
176)		return err("ELF file has no program header table."); \
177 \
178	size = EGET(ehdr->e_phnum) * sizeof **phdrs; \
179	if (!(*phdrs = malloc(size))) \
180		return err("Out of memory!"); \
181 \
182	errno = 0; \
183	if (read(fd, *phdrs, size) != (ssize_t)size) \
184		return ferr("missing or incomplete program segment header table."); \
185 \
186	return TRUE; \
187} \
188 \
189/* getmemorysize() determines the offset of the last byte of the file \
190 * that is referenced by an entry in the program segment header table. \
191 * (Anything in the file after that point is not used when the program \
192 * is executing, and thus can be safely discarded.) \
193 */ \
194static int getmemorysize ## CLASS (Elf ## CLASS ## _Ehdr const *ehdr, \
195								   Elf ## CLASS ## _Phdr const *phdrs, \
196						 unsigned long *newsize) \
197{ \
198	Elf ## CLASS ## _Phdr const   *phdr; \
199	unsigned long	size, n; \
200	int			i; \
201 \
202	/* Start by setting the size to include the ELF header and the \
203	 * complete program segment header table. \
204	 */ \
205	size = EGET(ehdr->e_phoff) + EGET(ehdr->e_phnum) * sizeof *phdrs; \
206	if (size < sizeof *ehdr) \
207		size = sizeof *ehdr; \
208 \
209	/* Then keep extending the size to include whatever data the \
210	 * program segment header table references. \
211	 */ \
212	for (i = 0, phdr = phdrs ; i < EGET(ehdr->e_phnum) ; ++i, ++phdr) { \
213		if (EGET(phdr->p_type) != PT_NULL) { \
214			n = EGET(phdr->p_offset) + EGET(phdr->p_filesz); \
215			if (n > size) \
216				size = n; \
217		} \
218	} \
219 \
220	*newsize = size; \
221	return TRUE; \
222} \
223 \
224/* modifyheaders() removes references to the section header table if \
225 * it was stripped, and reduces program header table entries that \
226 * included truncated bytes at the end of the file. \
227 */ \
228static int modifyheaders ## CLASS (Elf ## CLASS ## _Ehdr *ehdr, \
229								   Elf ## CLASS ## _Phdr *phdrs, \
230								   unsigned long newsize) \
231{ \
232	Elf ## CLASS ## _Phdr *phdr; \
233	int		i; \
234 \
235	/* If the section header table is gone, then remove all references \
236	 * to it in the ELF header. \
237	 */ \
238	if (EGET(ehdr->e_shoff) >= newsize) { \
239		ESET(ehdr->e_shoff,0); \
240		ESET(ehdr->e_shnum,0); \
241		ESET(ehdr->e_shentsize,0); \
242		ESET(ehdr->e_shstrndx,0); \
243	} \
244 \
245	/* The program adjusts the file size of any segment that was \
246	 * truncated. The case of a segment being completely stripped out \
247	 * is handled separately. \
248	 */ \
249	for (i = 0, phdr = phdrs ; i < EGET(ehdr->e_phnum) ; ++i, ++phdr) { \
250		if (EGET(phdr->p_offset) >= newsize) { \
251			ESET(phdr->p_offset,newsize); \
252			ESET(phdr->p_filesz,0); \
253		} else if (EGET(phdr->p_offset) + EGET(phdr->p_filesz) > newsize) { \
254			newsize -= EGET(phdr->p_offset); \
255			ESET(phdr->p_filesz, newsize); \
256		} \
257	} \
258 \
259	return TRUE; \
260} \
261 \
262/* commitchanges() writes the new headers back to the original file \
263 * and sets the file to its new size. \
264 */ \
265static int commitchanges ## CLASS (int fd, Elf ## CLASS ## _Ehdr const *ehdr, \
266								   Elf ## CLASS ## _Phdr *phdrs, \
267								   unsigned long newsize) \
268{ \
269	size_t	n; \
270 \
271	/* Save the changes to the ELF header, if any. \
272	 */ \
273	if (lseek(fd, 0, SEEK_SET)) \
274		return ferr("could not rewind file"); \
275	errno = 0; \
276	if (write(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) \
277		return err("could not modify file"); \
278 \
279	/* Save the changes to the program segment header table, if any. \
280	 */ \
281	if (lseek(fd, EGET(ehdr->e_phoff), SEEK_SET) == (off_t)-1) { \
282		err("could not seek in file."); \
283		goto warning; \
284	} \
285	n = EGET(ehdr->e_phnum) * sizeof *phdrs; \
286	if (write(fd, phdrs, n) != (ssize_t)n) { \
287		err("could not write to file"); \
288		goto warning; \
289	} \
290 \
291	/* Eleventh-hour sanity check: don't truncate before the end of \
292	 * the program segment header table. \
293	 */ \
294	if (newsize < EGET(ehdr->e_phoff) + n) \
295		newsize = EGET(ehdr->e_phoff) + n; \
296 \
297	/* Chop off the end of the file. \
298	 */ \
299	if (ftruncate(fd, newsize)) { \
300		err("could not resize file"); \
301		goto warning; \
302	} \
303 \
304	return TRUE; \
305 \
306 warning: \
307	return err("ELF file may have been corrupted!"); \
308}
309
310
311/* First elements of Elf32_Ehdr and Elf64_Ehdr are common.
312 */
313static int readelfheaderident(int fd, Elf32_Ehdr *ehdr)
314{
315	errno = 0;
316	if (read(fd, ehdr, EI_NIDENT) != EI_NIDENT)
317		return ferr("missing or incomplete ELF header.");
318
319	/* Check the ELF signature.
320	 */
321	if (!(ehdr->e_ident[EI_MAG0] == ELFMAG0 &&
322		  ehdr->e_ident[EI_MAG1] == ELFMAG1 &&
323		  ehdr->e_ident[EI_MAG2] == ELFMAG2 &&
324		  ehdr->e_ident[EI_MAG3] == ELFMAG3))
325	{
326		err("missing ELF signature.");
327		return -1;
328	}
329
330	/* Compare the file's class and endianness with the program's.
331	 */
332#if __BYTE_ORDER == __LITTLE_ENDIAN
333	if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB) {
334		do_reverse_endian = 0;
335	} else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB) {
336/* 		fprintf(stderr, "ELF file has different endianness.\n"); */
337		do_reverse_endian = 1;
338	}
339#elif __BYTE_ORDER == __BIG_ENDIAN
340	if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB) {
341/* 		fprintf(stderr, "ELF file has different endianness.\n"); */
342		do_reverse_endian = 1;
343	} else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB) {
344		do_reverse_endian = 0;
345	}
346#else
347#error unkown endianness
348#endif
349	else {
350		err("Unsupported endianness");
351		return -1;
352	}
353
354	/* Check the target architecture.
355	 */
356/*	 if (EGET(ehdr->e_machine) != ELF_ARCH) { */
357/* 		/\* return err("ELF file created for different architecture."); *\/ */
358/* 		fprintf(stderr, "ELF file created for different architecture.\n"); */
359/* 	} */
360	return ehdr->e_ident[EI_CLASS];
361}
362
363
364HEADER_FUNCTIONS(32)
365
366HEADER_FUNCTIONS(64)
367
368/* truncatezeros() examines the bytes at the end of the file's
369 * size-to-be, and reduces the size to exclude any trailing zero
370 * bytes.
371 */
372static int truncatezeros(int fd, unsigned long *newsize)
373{
374	unsigned char	contents[1024];
375	unsigned long	size, n;
376
377	size = *newsize;
378	do {
379		n = sizeof contents;
380		if (n > size)
381			n = size;
382		if (lseek(fd, size - n, SEEK_SET) == (off_t)-1)
383			return ferr("cannot seek in file.");
384		if (read(fd, contents, n) != (ssize_t)n)
385			return ferr("cannot read file contents");
386		while (n && !contents[--n])
387			--size;
388	} while (size && !n);
389
390	/* Sanity check.
391	 */
392	if (!size)
393		return err("ELF file is completely blank!");
394
395	*newsize = size;
396	return TRUE;
397}
398
399/* main() loops over the cmdline arguments, leaving all the real work
400 * to the other functions.
401 */
402int main(int argc, char *argv[])
403{
404	int				fd;
405	union {
406		Elf32_Ehdr	ehdr32;
407		Elf64_Ehdr	ehdr64;
408	} e;
409	union {
410		Elf32_Phdr	*phdrs32;
411		Elf64_Phdr	*phdrs64;
412	} p;
413	unsigned long	newsize;
414	char			**arg;
415	int				failures = 0;
416
417	if (argc < 2 || argv[1][0] == '-') {
418		printf("Usage: sstrip FILE...\n"
419			   "sstrip discards all nonessential bytes from an executable.\n\n"
420			   "Version 2.0-X Copyright (C) 2000,2001 Brian Raiter.\n"
421			   "Cross-devel hacks Copyright (C) 2004 Manuel Novoa III.\n"
422			   "This program is free software, licensed under the GNU\n"
423			   "General Public License. There is absolutely no warranty.\n");
424		return EXIT_SUCCESS;
425	}
426
427	progname = argv[0];
428
429	for (arg = argv + 1 ; *arg != NULL ; ++arg) {
430		filename = *arg;
431
432		fd = open(*arg, O_RDWR);
433		if (fd < 0) {
434			ferr("can't open");
435			++failures;
436			continue;
437		}
438
439		switch (readelfheaderident(fd, &e.ehdr32)) {
440			case ELFCLASS32:
441				if (!(readelfheader32(fd, &e.ehdr32)					&&
442					  readphdrtable32(fd, &e.ehdr32, &p.phdrs32)		&&
443					  getmemorysize32(&e.ehdr32, p.phdrs32, &newsize)	&&
444					  truncatezeros(fd, &newsize)						&&
445					  modifyheaders32(&e.ehdr32, p.phdrs32, newsize)	&&
446					  commitchanges32(fd, &e.ehdr32, p.phdrs32, newsize)))
447					++failures;
448				break;
449			case ELFCLASS64:
450				if (!(readelfheader64(fd, &e.ehdr64)					&&
451					  readphdrtable64(fd, &e.ehdr64, &p.phdrs64)		&&
452					  getmemorysize64(&e.ehdr64, p.phdrs64, &newsize)	&&
453					  truncatezeros(fd, &newsize)						&&
454					  modifyheaders64(&e.ehdr64, p.phdrs64, newsize)	&&
455					  commitchanges64(fd, &e.ehdr64, p.phdrs64, newsize)))
456					++failures;
457				break;
458			default:
459				++failures;
460				break;
461		}
462		close(fd);
463	}
464
465	return failures ? EXIT_FAILURE : EXIT_SUCCESS;
466}
467