-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Help obtaining bytes of a function in .TEXT #388
Comments
This should probably be Print out the bytes you are getting, and compare with the
Yes, and you'd have to adjust the pointer by Personally, I would disassemble the code instead of executing it. You wouldn't even need a full disassembler, just hard code the instructions that you expect to see. |
Hey there @m4b @philipc !
First off, congrats on the awesome crate, it's super impressive. This issue is not a bug or a feature request, I'd like to request a bit of help with the following:
Given an ELF64
.so
of a Postgres extension, I wish to find out which Postgres version the extension was built for. I know that every extension has a function calledPg_magic_func
that returns a pointer to a struct (in .rodata, I assume) that contains this information.In Rust, a
Pg_magic_func
would look something like:Using goblin, here's what I have to parse the ELF and obtain the relevant symbol:
However, I believe I'm struggling a bit to find the function within .TEXT (I figure it's in .text since that's what
objdump
tells me), since the bytes I get don't mean nothing useful once I disassembly them. Is mytext_section
being defined correctly?This is my code to execute those bytes:
The previous works if I pass in shellcode to write "Hello, world" to stdout, for example, so I'm assuming there's nothing wrong there.
Also, since this function would return me a pointer, I'm assuming I'd also have to fetch the pointer's content in the .so as well, is that correct? I haven't started doing this yet
Any help would be useful, and thanks a lot for the crate!
The text was updated successfully, but these errors were encountered: