Parsing ELF Executable

[HitmanYesman]

So I'm using GCC and am having trouble parsing an ELF file (kernel) from my stage2 boot loader. Here is what I have so far for the parsing part:

Code: Select all

ParseELFImage:
		; Check for ELF Magic signature
		mov ebx, dword [KERNELADDR]
		mov eax, dword [ELFSignature]
		cmp eax, ebx
		jne FailureMagic
		
		; Check for null data encoding
		mov ebx, dword [KERNELADDR + 5]
		cmp ebx, 0
		je FailureData
		
		; Check file size
		;  -- Needs work!!!!
		xor eax, eax
		xor ebx, ebx
		mov bx, word [KERNELADDR + 40]
		mov word [ImageSizeTest], bx
		mov bx, word [KERNELADDR + 42]
		mov ax, word [KERNELADDR + 44]
		movzx eax, ax
		movzx ebx, bx
		mul ebx
		add dword [ImageSizeTest], eax
		xor eax, eax
		xor ebx, ebx
		mov bx, word [KERNELADDR + 46]
		mov ax, word [KERNELADDR + 48]
		movzx eax, ax
		movzx ebx, bx
		mul ebx
		add dword [ImageSizeTest], eax
		mov ebx, dword [ImageSizeTest]
		mov eax, dword [ImageSize]
		cmp ebx, eax
		jge FailureSizes

*NOTE: Code has been revised.

It's the third test I do that fails. Using the ELF specification: http://www.skyfree.org/linux/references/ELF_Format.pdf (Search for 1-3), I add up the ELF Header size + (Program Header Size * Number of Program Headers) + (Section Header Size * Number of Section Headers). Now I am aware that this isn't the full size of the file. But if all this combined is greater than ImageSize, then there is a major problem. Which is why I do jge, ebx being the combined size of all the headers. FailureSizes is just to print an error, so I know what failed.

The size of ImageSize is correct for sure. I make sure to increment ecx during the loading of the executable. Then I move ecx into ImageSize after the file has been loaded. KERNELADDR is:

Code: Select all

%define KERNELADDR 0x100000

I've relooked over my calculations plenty of times, and at first my offsets (From KERNELADDR) were way off, but after I 'fixed' that. I just don't see anything else wrong.

[gerryg400]

Code: Select all

mov word [ImageSizeTest], bx

Has the upper word of [ImageSizeTest], been zeroed ? Can't see anything else obvious.

[HitmanYesman]

Yes, probably should have mentioned the declaration of ImageSizeTest:

Code: Select all

ImageSizeTest			dd 0

Thanks for trying though.

[HitmanYesman]

Oh my mistake. I meant to add the EBX address of the value + 5. I'll fix that, but thanks for pointing it out.

[HitmanYesman]

After going over my previous code about a hundred times, I finally figured that out. But now I'm attempting to use the program headers to copy data to the correct places.

Code: Select all

mov ebx, dword [KERNELADDR + 28]
		mov dx, word [KERNELADDR + 42]
		mov cx, word [KERNELADDR + 44]
		movzx edx, dx
		
		.Loop:
			pusha
			mov eax, [KERNELADDR + ebx]
			cmp eax, 1
			jne .NotLoad
			
			.Load:
				mov eax, [KERNELADDR + ebx + 4]
				mov edx, [KERNELADDR + ebx + 12]
				mov ecx, [KERNELADDR + ebx + 16]
				mov esi, KERNELADDR
				add esi, eax
				mov edi, edx
				rep movsb
				
				mov eax, [KERNELADDR + ebx + 20]
				sub eax, ecx
				xchg eax, ecx
				cmp ecx, 0
				je .Next
				add edx, eax
				
				.Copy:
					mov [edx], dword 0
					add edx, 4
					loop .Copy
				
				mov ebx, msgLOAD
				call Print32
				jmp .Next
			
			.NotLoad:
				mov ebx, msgNotLOAD
				call Print32
			
			.Next:
				popa
				add ebx, edx
				loop .Loop
	
	Execute:
		mov ebp, [KERNELADDR + 24]
		call ebp
		cli
		hlt

And when I call ebp it reboots instantly. Any help is appreciated.