Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Add support for Android's packed relocation format
See original GitHub issueIs your feature request related to a problem? Please describe.
Android native binaries often have their dynamic relocation sections packed in order to minimize file size. This process is handled by LLVM, as can be seen in these diffs for the packer and unpacker.
These relocations are identified by a custom ELF section header type value, which Ghidra currently ignores. As such, the relocations are not applied to these binaries when opened in Ghidra.
Examples of files before and after packing can be found here.
Describe the solution you’d like
Update the ELF parsing code to support the Android packed format. I believe this would involve making changes to the following classes:
- ElfHeader: Update
parseSectionBasedRelocationTable()to recognize the custom section header type values. - ElfRelocationTable: Add a new method
createAndroidElfRelocationTable()to read and unpack the Android format relocations, and to populate theElfRelocationentries. - ElfRelocation: Currently this class is populated directly from the input data buffer. This is not possible when reading the Android packed format, as groups of relocations must be unpacked together. As such, it will be necessary to instantiate and populate this class using values which have already been read. A new
createElfRelocation()method with parameters for offset, info and addend would be necessary.
These changes would result in a populated list of ElfRelocations, which will then be applied correctly in the usual way.
Issue Analytics
- State:
- Created 4 years ago
- Comments:6 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Changes have been merged (NOTE: push to Github may be delayed until after the weekend)
The AndroidPackedRelocationTableDataType implementation violates the DataType pattern which disallows the use of custom constructors which can prevent proper re-construction when opening an existing program file. A Dynamic datatype must be able to obtain any required data from the supplied memory buffer and optional data type instance length.
The ElfRelocationTable.getDataType.getDataType use was not designed with Dynamic datatypes in mind. Unfortunately, the StructConverter.toDataType interface does not work well for this situation. I suggest just returning a byte array for the relocation table until we can improve the datatype mechanism.
If you would like to submit a pull request I can pull in your changes and refactor the datatype mechanism. I can than wire-in the use of your AndroidPackedRelocationTableDataType, although it will need to driven by the datatype instance length and not the constructor as you have it.