對於BuildID的解釋, 可以在ELF, Build-ID, is there a utility to recompute it?找到一段說明, 說明如下
I think things weren't very precisely formulated. If a tool changes the build that creates the ELF file so that it isn't a "semantically identical" binary anymore then it should get a new (recalculated) build-id. But if a tool changes something about the file that still results in a "semantically identical" binary then the build-id stays the same. What isn't precisely defined is what "semantically identical binary" means. The intention is that it captures everything that a build was made from. So if the source files used to generate a binary are different then you expect different build-ids, even if the binary code produced might happen to be the same. This is why when calculating the build-id of a file through a hash algorithm you use not just the (allocated) code sections, but also the debuginfo sections (which will contain references to the source file names). But if you then for example strip the debuginfo out (and put it into a separate file) then that doesn't change the build-id (the file was still created from the same build). This is also why, even if you knew the precise hashing algorithm used to calculate the build-id, you might not be able to recalculate the build-id. Because you might be missing some of the original data used in the hashing algorithm to calculate the build-id. Feel free to share this answer with others.
內容簡略的說就是, BuildID是"semantically identical binary", 相同的semantic所build的program才會有相同BuildID.
brook@vista:~/01$ file src/hello src/hello: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=91439ef711a19bf3be7774d2c4af35746e098cc8, not stripped brook@vista:~/01$ readelf -n src/hello Displaying notes found at file offset 0x00000254 with length 0x00000020: Owner Data size Description GNU 0x00000010 NT_GNU_ABI_TAG (ABI version tag) OS: Linux, ABI: 2.6.32 Displaying notes found at file offset 0x00000274 with length 0x00000024: Owner Data size Description GNU 0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring) Build ID: 91439ef711a19bf3be7774d2c4af35746e098cc8 brook@vista:~/01$ strip src/hello brook@vista:~/01$ file src/hello src/hello: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=91439ef711a19bf3be7774d2c4af35746e098cc8, stripped brook@vista:~/01$ readelf -n src/hello Displaying notes found at file offset 0x00000254 with length 0x00000020: Owner Data size Description GNU 0x00000010 NT_GNU_ABI_TAG (ABI version tag) OS: Linux, ABI: 2.6.32 Displaying notes found at file offset 0x00000274 with length 0x00000024: Owner Data size Description GNU 0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring) Build ID: 91439ef711a19bf3be7774d2c4af35746e098cc8 brook@vista:~/01$ make clean && make 重build也是會得到相同的BuildID Making clean in src ... brook@vista:~/01$ file src/hello src/hello: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=91439ef711a19bf3be7774d2c4af35746e098cc8, not stripped brook@vista:~/01$ echo -e '\n\n\n' >> src/hello.c 即使多了幾行換行, 重build也是會得到相同的BuildID brook@vista:~/01$ make make all-recursive ... brook@vista:~/01$ file src/hello src/hello: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=91439ef711a19bf3be7774d2c4af35746e098cc8, not stripped
-
參考資料:
- https://stackoverflow.com/questions/41743295/elf-build-id-is-there-a-utility-to-recompute-it, ELF, Build-ID, is there a utility to recompute it?
- https://fedoraproject.org/wiki/Releases/FeatureBuildId, Releases/FeatureBuildId
binary search with grep
回覆刪除brook@vista:~/01$ grep -oUaP "\x91\x43\x9e\xf7\x11\xa1" src/hello|hexdump -v -e '/1 "%02X "' && echo
91 43 9E F7 11 A1 0A