Weird Scripts

This topic was published by and viewed 1904 times since "". The last page revision was "".

Viewing 1 post (of 1 total)
  • Author

  • DevynCJohnson
    • Topics - 437
    • @devyncjohnson

    A special part of the Linux kernel called "binfmt_misc" permits various formats of executable files to be recognized. Without this part of the kernel, certain files would not execute. For example, binfmt_misc allows JAR files to be executed (if the Java Virtual Machine is installed). If WINE and Mono are installed, then binfmt_misc can also pass Windows, DOS, and .NET files to the proper place for execution. With the proper utilities, even C-programming source code can be executed like scripts. With possibilities like that, it is worth learning about binfmt_misc.

    Filesystem Interface

    Special files that are executable are registered on a pseudo-filesystem that is used as an interface between "binfmt_misc" and the userland. Under /proc/sys/fs/binfmt_misc/, users can view files that specify various information used by binfmt_misc for executing the files. Users can see that binfmt_misc is mounted by typing "mount" in a terminal. User should see a line that looks like "binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)". This special filesystem is normally auto-mounted during boot-up on many systems. However, if a user must manually mount binfmt_misc, the command is "mount -t binfmt_misc none /proc/sys/fs/binfmt_misc". Alternately, users can add "none /proc/sys/fs/binfmt_misc binfmt_misc defaults 0 0" to /etc/fstab.

    Extend binfmt_misc

    "binfmt_misc" can be extended to support additional special executable files. When users install WINE, the software package adds additional entries which allow various Windows files to become executable on the system. Installing "binfmt-support" and "binfmtc" can also increase the amount of executable formats the system can support.

    The "binfmtc" package provides multiple binfmt-interpreters that make it possible to execute normally non-executable files. Such interpreters include

    • binfmtasm-interpreter - Executes Assembly source code; the file must begin with "/*BINFMTASM:"
    • binfmtc-interpreter - Executes C-programming source code; the file must begin with "/*BINFMTC:"
    • binfmtcxx-interpreter - Executes C++ source code; the file must begin with "/*BINFMTCXX:"
    • binfmtf95-interpreter - Executes Fortran source code; the file must begin with "! BINFMTF95:"
    • binfmtgcj-interpreter - Executes Java source code; the file must begin with "//BINFMTGCJ:"
    • The "qemu-user-binfmt" software package provides the files needed to use the QEMU emulator to execute binaries made for other platforms (like ARM, MicroBlaze, MIPS, etc.).

    When the proper binfmt interpreters are installed, the file-types are registered, and the desired files are given the executable-bit, then various files can easily be executed. For instance, a user could execute a C++ source code file by opening a terminal and typing the path to the file (such as "~/test_code.cpp"). If the files are in $PATH, then the file's name can be typed in an executable.

    Register File-types

    Additional file-types can be recognized by binfmt_misc if such file-types are registered. For example, to register LuaJIT bytecode, the command would be echo ":luajit:M::\x1b\x4c\x4a::/usr/bin/luajit:" > /proc/sys/fs/binfmt_misc/register

    The format for the command is ":NAME:TYPE:OFFSET:MAGIC:MASK:INTERPRETER:". "Name" is the name of the file format. The type may be "E" or "M". "E" means the file is identified by its file extension while "M" indicates that the magic number is used. The "OFFSET" and "MASK" are ignored if "E" is specified. The "INTERPRETER" is the path to the executable that can read/execute the file. Below are some more examples.

    • ARM Binary (via QEMU) - :arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm-static:
    • ARMEB Binary (via QEMU) - :armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb-static:
    • DOS Applications - :DEXE:M::\x0eDEX::/usr/bin/dosexec:
    • em86 (i386) - :i386:M::\x7fELF\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfb\xff\xff:/bin/em86:
    • em86 (i486) - :i486:M::\x7fELF\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfb\xff\xff:/bin/em86:
    • JAR File - :ExecutableJAR:E::jar::/usr/local/bin/jarwrapper:
    • Java Applet - :Applet:E::html::/opt/java/bin/appletviewer:
    • Java Application - :Java:M::\xca\xfe\xba\xbe::/usr/local/bin/javawrapper:
    • Mono (.NET) - :CLR:M::MZ::/usr/bin/mono:
    • WINE (PE Windows executables) - :DOSWin:M::MZ::/usr/bin/wine:

    NOTE: ARMEB = ARM EABI Big-endian


    On Linux systems that retain the configuration file used to build the kernel, the command zcat /proc/config.gz | grep -i binfmt_misc can be used to test the presence of binfmt_misc. As an alternative, users could execute findmnt binfmt_misc in a terminal.

    The command ls -al /proc/sys/fs/binfmt_misc can be used to verify the registration.

    The command chmod +x FILE can be used to set the executable on a "FILE".

    Further Reading

Viewing 1 post (of 1 total)