fix: use notes for elf implementation

Signed-off-by: Robert Günzler <r@gnzler.io>

Author: robertgzr

README.markdown

@@ -65,53 +65,6 @@ The run-time lookup uses APIs from `<mach-o/getsect.h>`.
 
 ### Linux
 
-For ELF executables, the resources are added as sections. Unfortunately
-there is no guaranteed metadata about sections in the ELF format, the
-section header table (SHT) is optional and can be stripped after linking
-(`llvm-strip --strip-sections`). So while the resources are added as
-sections, the run-time lookup requires a bespoke implementation, which
-makes it the most complex and non-standard out of the platforms. There
-are N+1 sections used for the implementation, where the extra section
-serves as our own version of the SHT (which can't be stripped). Finding
-the SHT section at run-time is done via a static pointer in the code
-which is looked up by its symbol name and has its value updated after
-the sections are injected.
-
-The build-time equivalent is somewhat involved since our version of
-the SHT has to be manually constructed after adding the sections, and
-the section updated with the new content. There's also not a standard
-tool that can change the value of a static variable after linking, so
-instead the SHT is found by a symbol which is added via
-`objcopy --binary-architecture`. The following instructions show how
-to embed the binary data at build-time for ELF executables, with the
-section holding the data name "foobar":
+For ELF executables, the resources are added as notes.
 
-```sh
-# The binary data should be on disk in a file named foobar - the name
-# of the file is important as it is used in the added symbols
-$ objcopy --input binary --output elf64-x86-64 \
-  --binary-architecture i386:x86-64 \
-  --rename-section .data=foobar,CONTENTS,ALLOC,LOAD,READONLY,DATA \
-  foobar foobar.o
-# Also create an empty section for the SHT
-$ objcopy --input binary --output elf64-x86-64 \
-  --binary-architecture i386:x86-64 \
-  --rename-section .data=foobar,CONTENTS,ALLOC,LOAD,READONLY,DATA \
-  postject_sht postject_sht.o
-# Link the created .o files at build-time. Also define
-# `__POSTJECT_NO_SHT_PTR` so that the run-time code uses the
-# symbol added by `--binary-architecture` to find the SHT
-$ clang++ -D__POSTJECT_NO_SHT_PTR test.cpp foobar.o postject_sht.o
-# Dump the sections with readelf, and grab the virtual address and
-# size for the "foobar" section
-$ readelf -S a.out
-# Manually create the SHT - replace 0xAA with the virtual address
-# and 0xBB with the size from the readelf output
-$ python3 -c "import struct; print((struct.pack('<I', 1) + bytes('foobar', 'ascii') + bytes([0]) + struct.pack('<QI', 0xAA, 0xBB)).decode('ascii'), end='');" > postject_sht
-# Update the SHT section with the correct content
-$ objcopy --update-section postject_sht=postject_sht a.out
-```
-
-The run-time lookup finds our version of the SHT through the static
-pointer, and then parses the contents of our SHT to look for the
-section with the requested name.
+The build-time equivalent is to use a linker script.

postject-api.h

@@ -11,10 +11,10 @@
 #include <mach-o/dyld.h>
 #include <mach-o/getsect.h>
 #elif defined(__linux__)
-#include <link.h>
 #include <elf.h>
-#include <fcntl.h>
-#include <unistd.h>
+#include <link.h>
+#include <sys/param.h>
+#include <sys/auxv.h>
 #elif defined(_WIN32)
 #include <windows.h>
 #endif
@@ -92,50 +92,52 @@ static const void* postject_find_resource(const char* name,
 
   return ptr;
 #elif defined(__linux__)
-  void* ptr = NULL;
-  int fd, i;
-#if defined(__LP64__)
-  Elf64_Ehdr e;
-  Elf64_Shdr s;
-#else
-  Elf32_Ehdr e;
-  Elf32_Shdr s;
-#endif
-  char *strs;
-
-  if (options != NULL && options->elf_section_name != NULL) {
-    name = options->elf_section_name;
-  }
-
-  // This executable might be a Position Independent Executable (PIE), so
-  // the virtual address values need to be added to the relocation address
-  uintptr_t relocation_addr = _r_debug.r_map->l_addr;
-
-  if ((fd = open("/proc/self/exe", O_RDONLY, 0)) != -1) {
-    if (read(fd, &e, sizeof(e)) == sizeof(e)) {
-      lseek(fd, e.e_shoff + (e.e_shstrndx * e.e_shentsize), SEEK_SET);
-      if (read(fd, &s, sizeof(s)) == sizeof(s)) {
-        strs = (char *)malloc(s.sh_size);
-        lseek(fd, s.sh_offset, SEEK_SET);
-        if (read(fd, strs, s.sh_size) == s.sh_size) {
-          for (i = 0; i < e.e_shnum; i++) {
-            lseek(fd, e.e_shoff + (i * e.e_shentsize), SEEK_SET);
-            if (read(fd, &s, sizeof(s)) != sizeof(s)) {
-              break;
-            }
-            if ((!strcmp(strs + s.sh_name, name)) && (s.sh_type == SHT_PROGBITS)) {
-              ptr = (void*)(relocation_addr + (uintptr_t)s.sh_addr);
-              *size = s.sh_size;
-              break;
-             }
-          }
-        }
-        free(strs);
-      }
-    }
-    close(fd);
-  }
-  return ptr;
+	void *ptr = NULL;
+
+	if (options != NULL && options->elf_section_name != NULL) {
+		name = options->elf_section_name;
+	}
+
+	uintptr_t p = getauxval(AT_PHDR);
+	size_t n = getauxval(AT_PHNUM);
+	uintptr_t base_addr = p - sizeof(ElfW(Ehdr));
+
+	// iterate program header
+	for (; n > 0; n--, p += sizeof(ElfW(Phdr))) {
+		ElfW(Phdr) *phdr = (ElfW(Phdr) *)p;
+
+		// skip everything but notes
+		if (phdr->p_type != PT_NOTE) {
+			continue;
+		}
+
+		// note segment starts at base address + segment virtual address
+		uintptr_t pos = (base_addr + phdr->p_vaddr);
+		uintptr_t end = (pos + phdr->p_memsz);
+
+		// iterate through segment until we reach the end
+		while (pos < end) {
+			if (pos + sizeof(ElfW(Nhdr)) > end) {
+				break; // invalid
+			}
+
+			ElfW(Nhdr) *note = (ElfW(Nhdr) *)(uintptr_t)pos;
+			if (note->n_namesz != 0 && note->n_descsz != 0 &&
+			    strncmp((char *)(pos + sizeof(ElfW(Nhdr))),
+				    (char *)name, sizeof(name)) == 0) {
+				*size = note->n_descsz;
+				// advance past note header and aligned name
+				// to get to description data
+				return (void *)((uintptr_t)note +
+						sizeof(ElfW(Nhdr)) +
+						roundup(note->n_namesz, 4));
+			}
+
+			pos += (sizeof(ElfW(Nhdr)) + roundup(note->n_namesz, 4) +
+				roundup(note->n_descsz, 4));
+		}
+	}
+	return NULL;
 
 #elif defined(_WIN32)
   void* ptr = NULL;

postject.py

@@ -59,19 +59,21 @@ def get_executable_format(filename):
 def inject_into_elf(filename, section_name, data, overwrite=False):
     app = lief.ELF.parse(filename)
 
-    existing_section = app.get_section(section_name)
+    existing_section = None
+    for note in app.notes:
+        if note.name == section_name:
+            existing_section = note
 
     if existing_section:
         if not overwrite:
             return False
 
-        app.remove_section(section_name, clear=True)
+        app.remove(note)
 
-    section = lief.ELF.Section()
-    section.name = section_name
-    section.content = data
-    section.add(lief.ELF.SECTION_FLAGS.ALLOC) # Ensure it's loaded into memory
-    section = app.add(section, loaded=True)
+    note = lief.ELF.Note()
+    note.name = section_name
+    note.description = data
+    note = app.add(note)
 
     app.write(filename)