1/* http://www.muppetlabs.com/~breadbox/software/elfkickers.html */ 2 3/* sstrip: Copyright (C) 1999-2001 by Brian Raiter, under the GNU 4 * General Public License. No warranty. See COPYING for details. 5 * 6 * Aug 23, 2004 Hacked by Manuel Novoa III <mjn3@codepoet.org> to 7 * handle targets of different endianness and/or elf class, making 8 * it more useful in a cross-devel environment. 9 */ 10 11/* ============== original README =================== 12 * 13 * sstrip is a small utility that removes the contents at the end of an 14 * ELF file that are not part of the program's memory image. 15 * 16 * Most ELF executables are built with both a program header table and a 17 * section header table. However, only the former is required in order 18 * for the OS to load, link and execute a program. sstrip attempts to 19 * extract the ELF header, the program header table, and its contents, 20 * leaving everything else in the bit bucket. It can only remove parts of 21 * the file that occur at the end, after the parts to be saved. However, 22 * this almost always includes the section header table, and occasionally 23 * a few random sections that are not used when running a program. 24 * 25 * It should be noted that the GNU bfd library is (understandably) 26 * dependent on the section header table as an index to the file's 27 * contents. Thus, an executable file that has no section header table 28 * cannot be used with gdb, objdump, or any other program based upon the 29 * bfd library, at all. In fact, the program will not even recognize the 30 * file as a valid executable. (This limitation is noted in the source 31 * code comments for bfd, and is marked "FIXME", so this may change at 32 * some future date. However, I would imagine that it is a pretty 33 * low-priority item, as executables without a section header table are 34 * rare in the extreme.) This probably also explains why strip doesn't 35 * offer the option to do this. 36 * 37 * Shared library files may also have their section header table removed. 38 * Such a library will still function; however, it will no longer be 39 * possible for a compiler to link a new program against it. 40 * 41 * As an added bonus, sstrip also tries to removes trailing zero bytes 42 * from the end of the file. (This normally cannot be done with an 43 * executable that has a section header table.) 44 * 45 * sstrip is a very simplistic program. It depends upon the common 46 * practice of putting the parts of the file that contribute to the 47 * memory image at the front, and the remaining material at the end. This 48 * permits it to discard the latter material without affecting file 49 * offsets and memory addresses in what remains. Of course, the ELF 50 * standard permits files to be organized in almost any order, so if a 51 * pathological linker decided to put its section headers at the top, 52 * sstrip would be useless on such executables. 53 */ 54 55#include <stdio.h> 56#include <stdlib.h> 57#include <string.h> 58#include <errno.h> 59#include <unistd.h> 60#include <fcntl.h> 61#include <elf.h> 62 63#ifndef TRUE 64#define TRUE 1 65#define FALSE 0 66#endif 67 68/* The name of the program. 69 */ 70static char const *progname; 71 72/* The name of the current file. 73 */ 74static char const *filename; 75 76 77/* A simple error-handling function. FALSE is always returned for the 78 * convenience of the caller. 79 */ 80static int err(char const *errmsg) 81{ 82 fprintf(stderr, "%s: %s: %s\n", progname, filename, errmsg); 83 return FALSE; 84} 85 86/* A flag to signal the need for endian reversal. 87 */ 88static int do_reverse_endian; 89 90/* Get a value from the elf header, compensating for endianness. 91 */ 92#define EGET(X) \ 93 (__extension__ ({ \ 94 uint64_t __res; \ 95 if (!do_reverse_endian) { \ 96 __res = (X); \ 97 } else if (sizeof(X) == 1) { \ 98 __res = (X); \ 99 } else if (sizeof(X) == 2) { \ 100 __res = bswap_16((X)); \ 101 } else if (sizeof(X) == 4) { \ 102 __res = bswap_32((X)); \ 103 } else if (sizeof(X) == 8) { \ 104 __res = bswap_64((X)); \ 105 } else { \ 106 fprintf(stderr, "%s: %s: EGET failed for size %d\n", \ 107 progname, filename, sizeof(X)); \ 108 exit(EXIT_FAILURE); \ 109 } \ 110 __res; \ 111 })) 112 113/* Set a value 'Y' in the elf header to 'X', compensating for endianness. 114 */ 115#define ESET(Y,X) \ 116 do if (!do_reverse_endian) { \ 117 Y = (X); \ 118 } else if (sizeof(Y) == 1) { \ 119 Y = (X); \ 120 } else if (sizeof(Y) == 2) { \ 121 Y = bswap_16((uint16_t)(X)); \ 122 } else if (sizeof(Y) == 4) { \ 123 Y = bswap_32((uint32_t)(X)); \ 124 } else if (sizeof(Y) == 8) { \ 125 Y = bswap_64((uint64_t)(X)); \ 126 } else { \ 127 fprintf(stderr, "%s: %s: ESET failed for size %d\n", \ 128 progname, filename, sizeof(Y)); \ 129 exit(EXIT_FAILURE); \ 130 } while (0) 131 132 133/* A macro for I/O errors: The given error message is used only when 134 * errno is not set. 135 */ 136#define ferr(msg) (err(errno ? strerror(errno) : (msg))) 137 138 139 140#define HEADER_FUNCTIONS(CLASS) \ 141 \ 142/* readelfheader() reads the ELF header into our global variable, and \ 143 * checks to make sure that this is in fact a file that we should be \ 144 * munging. \ 145 */ \ 146static int readelfheader ## CLASS (int fd, Elf ## CLASS ## _Ehdr *ehdr) \ 147{ \ 148 if (read(fd, ((char *)ehdr)+EI_NIDENT, sizeof(*ehdr) - EI_NIDENT) \ 149 != sizeof(*ehdr) - EI_NIDENT) \ 150 return ferr("missing or incomplete ELF header."); \ 151 \ 152 /* Verify the sizes of the ELF header and the program segment \ 153 * header table entries. \ 154 */ \ 155 if (EGET(ehdr->e_ehsize) != sizeof(Elf ## CLASS ## _Ehdr)) \ 156 return err("unrecognized ELF header size."); \ 157 if (EGET(ehdr->e_phentsize) != sizeof(Elf ## CLASS ## _Phdr)) \ 158 return err("unrecognized program segment header size."); \ 159 \ 160 /* Finally, check the file type. \ 161 */ \ 162 if (EGET(ehdr->e_type) != ET_EXEC && EGET(ehdr->e_type) != ET_DYN) \ 163 return err("not an executable or shared-object library."); \ 164 \ 165 return TRUE; \ 166} \ 167 \ 168/* readphdrtable() loads the program segment header table into memory. \ 169 */ \ 170static int readphdrtable ## CLASS (int fd, Elf ## CLASS ## _Ehdr const *ehdr, \ 171 Elf ## CLASS ## _Phdr **phdrs) \ 172{ \ 173 size_t size; \ 174 \ 175 if (!EGET(ehdr->e_phoff) || !EGET(ehdr->e_phnum) \ 176) return err("ELF file has no program header table."); \ 177 \ 178 size = EGET(ehdr->e_phnum) * sizeof **phdrs; \ 179 if (!(*phdrs = malloc(size))) \ 180 return err("Out of memory!"); \ 181 \ 182 errno = 0; \ 183 if (read(fd, *phdrs, size) != (ssize_t)size) \ 184 return ferr("missing or incomplete program segment header table."); \ 185 \ 186 return TRUE; \ 187} \ 188 \ 189/* getmemorysize() determines the offset of the last byte of the file \ 190 * that is referenced by an entry in the program segment header table. \ 191 * (Anything in the file after that point is not used when the program \ 192 * is executing, and thus can be safely discarded.) \ 193 */ \ 194static int getmemorysize ## CLASS (Elf ## CLASS ## _Ehdr const *ehdr, \ 195 Elf ## CLASS ## _Phdr const *phdrs, \ 196 unsigned long *newsize) \ 197{ \ 198 Elf ## CLASS ## _Phdr const *phdr; \ 199 unsigned long size, n; \ 200 int i; \ 201 \ 202 /* Start by setting the size to include the ELF header and the \ 203 * complete program segment header table. \ 204 */ \ 205 size = EGET(ehdr->e_phoff) + EGET(ehdr->e_phnum) * sizeof *phdrs; \ 206 if (size < sizeof *ehdr) \ 207 size = sizeof *ehdr; \ 208 \ 209 /* Then keep extending the size to include whatever data the \ 210 * program segment header table references. \ 211 */ \ 212 for (i = 0, phdr = phdrs ; i < EGET(ehdr->e_phnum) ; ++i, ++phdr) { \ 213 if (EGET(phdr->p_type) != PT_NULL) { \ 214 n = EGET(phdr->p_offset) + EGET(phdr->p_filesz); \ 215 if (n > size) \ 216 size = n; \ 217 } \ 218 } \ 219 \ 220 *newsize = size; \ 221 return TRUE; \ 222} \ 223 \ 224/* modifyheaders() removes references to the section header table if \ 225 * it was stripped, and reduces program header table entries that \ 226 * included truncated bytes at the end of the file. \ 227 */ \ 228static int modifyheaders ## CLASS (Elf ## CLASS ## _Ehdr *ehdr, \ 229 Elf ## CLASS ## _Phdr *phdrs, \ 230 unsigned long newsize) \ 231{ \ 232 Elf ## CLASS ## _Phdr *phdr; \ 233 int i; \ 234 \ 235 /* If the section header table is gone, then remove all references \ 236 * to it in the ELF header. \ 237 */ \ 238 if (EGET(ehdr->e_shoff) >= newsize) { \ 239 ESET(ehdr->e_shoff,0); \ 240 ESET(ehdr->e_shnum,0); \ 241 ESET(ehdr->e_shentsize,0); \ 242 ESET(ehdr->e_shstrndx,0); \ 243 } \ 244 \ 245 /* The program adjusts the file size of any segment that was \ 246 * truncated. The case of a segment being completely stripped out \ 247 * is handled separately. \ 248 */ \ 249 for (i = 0, phdr = phdrs ; i < EGET(ehdr->e_phnum) ; ++i, ++phdr) { \ 250 if (EGET(phdr->p_offset) >= newsize) { \ 251 ESET(phdr->p_offset,newsize); \ 252 ESET(phdr->p_filesz,0); \ 253 } else if (EGET(phdr->p_offset) + EGET(phdr->p_filesz) > newsize) { \ 254 newsize -= EGET(phdr->p_offset); \ 255 ESET(phdr->p_filesz, newsize); \ 256 } \ 257 } \ 258 \ 259 return TRUE; \ 260} \ 261 \ 262/* commitchanges() writes the new headers back to the original file \ 263 * and sets the file to its new size. \ 264 */ \ 265static int commitchanges ## CLASS (int fd, Elf ## CLASS ## _Ehdr const *ehdr, \ 266 Elf ## CLASS ## _Phdr *phdrs, \ 267 unsigned long newsize) \ 268{ \ 269 size_t n; \ 270 \ 271 /* Save the changes to the ELF header, if any. \ 272 */ \ 273 if (lseek(fd, 0, SEEK_SET)) \ 274 return ferr("could not rewind file"); \ 275 errno = 0; \ 276 if (write(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) \ 277 return err("could not modify file"); \ 278 \ 279 /* Save the changes to the program segment header table, if any. \ 280 */ \ 281 if (lseek(fd, EGET(ehdr->e_phoff), SEEK_SET) == (off_t)-1) { \ 282 err("could not seek in file."); \ 283 goto warning; \ 284 } \ 285 n = EGET(ehdr->e_phnum) * sizeof *phdrs; \ 286 if (write(fd, phdrs, n) != (ssize_t)n) { \ 287 err("could not write to file"); \ 288 goto warning; \ 289 } \ 290 \ 291 /* Eleventh-hour sanity check: don't truncate before the end of \ 292 * the program segment header table. \ 293 */ \ 294 if (newsize < EGET(ehdr->e_phoff) + n) \ 295 newsize = EGET(ehdr->e_phoff) + n; \ 296 \ 297 /* Chop off the end of the file. \ 298 */ \ 299 if (ftruncate(fd, newsize)) { \ 300 err("could not resize file"); \ 301 goto warning; \ 302 } \ 303 \ 304 return TRUE; \ 305 \ 306 warning: \ 307 return err("ELF file may have been corrupted!"); \ 308} 309 310 311/* First elements of Elf32_Ehdr and Elf64_Ehdr are common. 312 */ 313static int readelfheaderident(int fd, Elf32_Ehdr *ehdr) 314{ 315 errno = 0; 316 if (read(fd, ehdr, EI_NIDENT) != EI_NIDENT) 317 return ferr("missing or incomplete ELF header."); 318 319 /* Check the ELF signature. 320 */ 321 if (!(ehdr->e_ident[EI_MAG0] == ELFMAG0 && 322 ehdr->e_ident[EI_MAG1] == ELFMAG1 && 323 ehdr->e_ident[EI_MAG2] == ELFMAG2 && 324 ehdr->e_ident[EI_MAG3] == ELFMAG3)) 325 { 326 err("missing ELF signature."); 327 return -1; 328 } 329 330 /* Compare the file's class and endianness with the program's. 331 */ 332#if __BYTE_ORDER == __LITTLE_ENDIAN 333 if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB) { 334 do_reverse_endian = 0; 335 } else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB) { 336/* fprintf(stderr, "ELF file has different endianness.\n"); */ 337 do_reverse_endian = 1; 338 } 339#elif __BYTE_ORDER == __BIG_ENDIAN 340 if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB) { 341/* fprintf(stderr, "ELF file has different endianness.\n"); */ 342 do_reverse_endian = 1; 343 } else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB) { 344 do_reverse_endian = 0; 345 } 346#else 347#error unkown endianness 348#endif 349 else { 350 err("Unsupported endianness"); 351 return -1; 352 } 353 354 /* Check the target architecture. 355 */ 356/* if (EGET(ehdr->e_machine) != ELF_ARCH) { */ 357/* /\* return err("ELF file created for different architecture."); *\/ */ 358/* fprintf(stderr, "ELF file created for different architecture.\n"); */ 359/* } */ 360 return ehdr->e_ident[EI_CLASS]; 361} 362 363 364HEADER_FUNCTIONS(32) 365 366HEADER_FUNCTIONS(64) 367 368/* truncatezeros() examines the bytes at the end of the file's 369 * size-to-be, and reduces the size to exclude any trailing zero 370 * bytes. 371 */ 372static int truncatezeros(int fd, unsigned long *newsize) 373{ 374 unsigned char contents[1024]; 375 unsigned long size, n; 376 377 size = *newsize; 378 do { 379 n = sizeof contents; 380 if (n > size) 381 n = size; 382 if (lseek(fd, size - n, SEEK_SET) == (off_t)-1) 383 return ferr("cannot seek in file."); 384 if (read(fd, contents, n) != (ssize_t)n) 385 return ferr("cannot read file contents"); 386 while (n && !contents[--n]) 387 --size; 388 } while (size && !n); 389 390 /* Sanity check. 391 */ 392 if (!size) 393 return err("ELF file is completely blank!"); 394 395 *newsize = size; 396 return TRUE; 397} 398 399/* main() loops over the cmdline arguments, leaving all the real work 400 * to the other functions. 401 */ 402int main(int argc, char *argv[]) 403{ 404 int fd; 405 union { 406 Elf32_Ehdr ehdr32; 407 Elf64_Ehdr ehdr64; 408 } e; 409 union { 410 Elf32_Phdr *phdrs32; 411 Elf64_Phdr *phdrs64; 412 } p; 413 unsigned long newsize; 414 char **arg; 415 int failures = 0; 416 417 if (argc < 2 || argv[1][0] == '-') { 418 printf("Usage: sstrip FILE...\n" 419 "sstrip discards all nonessential bytes from an executable.\n\n" 420 "Version 2.0-X Copyright (C) 2000,2001 Brian Raiter.\n" 421 "Cross-devel hacks Copyright (C) 2004 Manuel Novoa III.\n" 422 "This program is free software, licensed under the GNU\n" 423 "General Public License. There is absolutely no warranty.\n"); 424 return EXIT_SUCCESS; 425 } 426 427 progname = argv[0]; 428 429 for (arg = argv + 1 ; *arg != NULL ; ++arg) { 430 filename = *arg; 431 432 fd = open(*arg, O_RDWR); 433 if (fd < 0) { 434 ferr("can't open"); 435 ++failures; 436 continue; 437 } 438 439 switch (readelfheaderident(fd, &e.ehdr32)) { 440 case ELFCLASS32: 441 if (!(readelfheader32(fd, &e.ehdr32) && 442 readphdrtable32(fd, &e.ehdr32, &p.phdrs32) && 443 getmemorysize32(&e.ehdr32, p.phdrs32, &newsize) && 444 truncatezeros(fd, &newsize) && 445 modifyheaders32(&e.ehdr32, p.phdrs32, newsize) && 446 commitchanges32(fd, &e.ehdr32, p.phdrs32, newsize))) 447 ++failures; 448 break; 449 case ELFCLASS64: 450 if (!(readelfheader64(fd, &e.ehdr64) && 451 readphdrtable64(fd, &e.ehdr64, &p.phdrs64) && 452 getmemorysize64(&e.ehdr64, p.phdrs64, &newsize) && 453 truncatezeros(fd, &newsize) && 454 modifyheaders64(&e.ehdr64, p.phdrs64, newsize) && 455 commitchanges64(fd, &e.ehdr64, p.phdrs64, newsize))) 456 ++failures; 457 break; 458 default: 459 ++failures; 460 break; 461 } 462 close(fd); 463 } 464 465 return failures ? EXIT_FAILURE : EXIT_SUCCESS; 466} 467