So tmp.out - once again - got me. Especially netspooky, which wrote about golfing binaries. I was instantly caught in golfing.
Binary golfing?#
Crafting the smallest binary which does a particular task.
Why someone would do this?
- Learn about binary executables and format parsers
- Flex on muggles
My notes on ELF format#
It is recommanded to code in assembly in order to manage your headers as you wish.
We can handcraft binaries, because GCC is a bit messy when compiling code and linking stuff. We can then make sections or headers overlap to save more space.
In brief, the section header table is for use by the compiler and linker, while the program header table is for use by the program loader. The program header table is optionnal and never present in practice, the section header table is also optional but always present.
- Brian Raiter, “A Whirlwind Tutorial on Creating Really Teensy ELF Executables for Linux”
Compile#
Classic way:
1nasm -f elf32 file.s
2ld -m elf_i386 -nmagic file.o -o bin
Better:
1nasm -f bin file.s
To directly craft a binary from NASM file.
Header#
The smallest valid header I can think of might be:
7f45 4c46 01?? ???? ???? ???? ???? ????
0200 0300 0100 ???? dead beef 2c00 0000
???? ???? ???? ???? 3400 2000 0100 0000
???? ???? 0000 0008 0000 0008 !!!! !!!!
!!!! !!!! 0500 0000 0010 0000
Considering the following:
??: garbage, so you can just use those bytes for your code!!!! !!!!: total size of the header, so it will depend on your codedead beef: address of the entrypoint
Here is a template I modified from here, so all creds to the author:
1bits 32
2
3org 0x8000000
4
5ehdr: ; Elf32_Ehdr
6db 0x7F, "ELF", 1, 1, 1, 0 ; e_ident
7times 8 db 0
8dw 2 ; e_type
9dw 3 ; e_machine
10dd 1 ; e_version
11dd _start ; e_entry
12dd phdr-$$ ; e_phoff
13dd 0 ; e_shoff
14dd 0 ; e_flags
15dw ehdrsize ; e_ehsize
16dw phdrsize ; e_phentsize
17dw 1 ; e_phnum
18dw 0 ; e_shentsize
19dw 0 ; e_shnum
20dw 0 ; e_shstrndx
21
22ehdrsize equ $-ehdr
23
24phdr: ; Elf32_Phdr
25dd 1 ; p_type
26dd 0 ; p_offset
27dd $$ ; p_vaddr
28dd $$ ; p_paddr
29dd filesize ; p_filesz
30dd filesize ; p_memsz
31dd 5 ; p_flags
32dd 0x1000 ; p_align
33
34phdrsize equ $-phdr
35
36_start:
37
38; your program here
39
40filesize equ $-$$
And the version for 64 bits (taken from here):
1bits 64
2org 0x8000000
3
4ehdr: ; Elf64_Ehdr
5 db 0x7F, "ELF", 2, 1, 1, 0 ; e_ident
6 times 8 db 0
7 dw 2 ; e_type
8 dw 62 ; e_machine
9 dd 1 ; e_version
10 dq _start ; e_entry
11 dq phdr - $$ ; e_phoff
12 dq 0 ; e_shoff
13 dd 0 ; e_flags
14 dw ehdrsize ; e_ehsize
15 dw phdrsize ; e_phentsize
16 dw 1 ; e_phnum
17 dw 0 ; e_shentsize
18 dw 0 ; e_shnum
19 dw 0 ; e_shstrndx
20
21ehdrsize equ $-ehdr
22
23phdr: ; Elf64_Phdr
24 dd 1 ; p_type
25 dd 5 ; p_flags
26 dq 0 ; p_offset
27 dq $$ ; p_vaddr
28 dq $$ ; p_paddr
29 dq filesize ; p_filesz
30 dq filesize ; p_memsz
31 dq 0x1000 ; p_align
32
33phdrsize equ $-phdr
34
35_start:
36 ; your code here
37
38filesize equ $-$$
Unethical stuff#
Declaring variables in the wild#
🙈 Nothing forbidens to declare variables anywhere, to save some space you can skip using the .rodata section.
1section .text
2 var: db "salut", 0xa
Use header as code section#
🧠 Big brain move here: put code in the header
1ehdr:
2 db 0x7f, "ELF"
3 db 1, 1, 1, 0, 0
4_start:
5 mov bl, 42
6 xor eax, eax
7 inc eax
8 int 0x80
9 ;; continue the header
10 dw 2
11 dw 3
12 dw 1
13 ;; ...
Golfing resources#
A while ago I created a repo containing some random assembly programs I did, I added my try to make a tiny Hello world binary: https://github.com/OxNinja/nasm_/tree/main/elf-golfing
https://codegolf.stackexchange.com/questions/5696/shortest-elf-for-hello-world-n