# ELF-File


- `/bin/ls`: Pick ELF file
- `file`  
- `gcc -no-pie -o hello hello.c`


# 1. Why `-no-pie` 🥧? 
`-no-pie` disables generation of a Position Independent Executable (PIE):
    - PIE: binary can be loaded at different memory addresses each time its run
    - NO-PIE: traditional fixed-address executable

**Use-cases**:
- Writing low-level code interacting with **fixed memory addresses**
    - OS kernels, 
    - bootloaders, or 
    - systems programming tasks.
- Reverse-engineering memory layout
    - learning assembly, 
    - debugging, 
    - writing shellcode.
- Linking with older code or tools that don’t support PIE.

# 2. Traditional Executables (`-no-pie`)
Compiled executables have **fixed memory layout**:
- All sections (`.text`, `.data.`, `.bss` etc) loaded at
- ***Same Memory Addresses*** **every time** program is run.
- Function addresses are **predictable**



`say_hello()` will always be loaded at address `0x401136`.
- Terminal: `gcc -no-pie -o hello_no_pie hello.c`
- Terminal: `nm hello_no_pie | grep say_hello`
- Output: `0000000000401136 T say_hello`


# 3. Who cares about **Memory Addresses**?
At hardware level, everything is just memory:
- code
- variables
- strings

Are all:
- bytes stored
- at different memory addresses

When CPU runs code: 
- Jumps from one memory address to another
- Executing instructions stored there.

# 4. How are Memory Addresses used?
When a program is compiled, its split into **sections** in memory:


Steps
- create: `tiny.c`
- compile: `gcc -no-pie -o tiny_no_pie tiny.c` (fixed addys)
- inspect ELF file: `readelf -S tiny_no_pie`


Disassemble to see fns & their addys `objdump -d tiny_no_pie`       
Hex dump the binary to see layout: `xxd -g 1 tiny | less`

readelf -l tiny

The binary is saying:

    “Please map this file segment into memory starting at 0x400000”


# 5. Why Do the Virtual Memory Address Look Similar?
## 5.1 Memory Sizes Primer

[] =  $1$ bit  
[][][][]-[][][][] 
- = $8$ bits 
- = $2^8$ combindations from $8$ bits
- = $256$ 
- = 0 to 255 values
- = 1 bytes  

$1$ kilobyte or $1$ KB:
- = $2^{10}$ bytes 
- = $1024$ bytes 
- = $1024 * 8$ bits
- = $8192$ bits




In [None]:

# 1 kb = 8 bits (binary)
# [][]-[][][][]-[][][][]
# [1][]-[][][][]-[][][][] = 1024 bits


for i in range(0,11):
    print(f"{i}: {2**i}")

0: 1
1: 2
2: 4
3: 8
4: 16
5: 32
6: 64
7: 128
8: 256
9: 512
10: 1024


compile: `gcc -no-pie -o tiny tiny.c`
- **Default Linker Script** is run or **linker** (e.g. GNU `ld`)
    - Place `ELF Headers` first???
    - Then place `.text` (code) section at `0x400000`
- **Result**:
    - `0x400000` → `ELF` headers and entry point
    - `0x401000` → `.text` section starts
        - Add other boiler plate code setup (`_start`, `main`, `libc` )
    - `0x401136` → your `hello()` function (after some startup code)
