Linux relocatable file elf structure __linux

The types of elf files under Linux are divided into the following ways:

1, can reposition files, such as SIMPLESECTION.O;

2, executable files, such as/bin/bash;

3, share the target file, such as/lib/libc.so.

In the next article, we'll use OBJDUMP,READELF,HEXDUMP,NM to analyze a relocatable file simplesection.o in Linux.

First attach SIMPLESECTION.C source code:

int printf (const char* format, ...);


int global_init_var = n;
int Global_uninit_var;

void func1 (int i)
{
	printf ("%d\n", I);
}

int main (void)
{
	static int static_var =;
	static int static_var2;

	int a = 1;
	int b;

	Func1 (Static_var + static_var2 + A + b);
		
	return A;
}

To use the command:

Gcc-c SIMPLESECTION.C

To get SIMPLESECTION.O, we first attach the binary content of SIMPLESECTION.O and the overall contour.

To use the command:

Hexdump-c simplesection.o, get simplesection.o binary content.

In computer science, binary 0 1 can represent code, letters, numbers (decimal numbers and hexadecimal numbers).

00000000 7f 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.
elf............| 00000010 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 |.
>.............|
00000020 00 00 00 00 00 00 00 00 88 01 00 00 00 00-00 00 |................|
00000030 0d 0a 00 |....@.....@.....|----- 00000040 e5-EC 7d FC 8b FC C6 | UH.. H. ...}
e...|
00000050 (B8) E8 (C9) and |................| 00000060 c3 e5-C7 F8 01 00 00 00 |. UH.. H....
e.....| 00000070 8b 8b D0 03 45 | ............. .....
e| 00000080 F8 FC C7 F8 C9 C3 |-E8 | E.........
e...| 00000090 the 0a 00 00 47 43 43 In | T... u...%d ...
gcc|  000000A0 3a 6e 000000b0 2f 4c-6e-ubuntu/linaro| 6f |: (75 2e) 2e 2d 31 62 75 6e 74 75 35 29 |
4.6.3-1UBUNTU5) | 000000C0 2e 2e 33 00 00 14 00 00 00 00 00 00 00 |
4.6.3..........| 000000D0 7a 1b 0c 07 08 90 01 00 00 |. ZR..
x..........| 000000E0 1c 1c 00 00 00 00 00 00 00 21 00 00 00 |............!
...| 000000f0 0e 0d 5c 0c 07 08 00 00 00 |. A.... C..
\......|
00000100 |....<......./...| 2f (a) for all the other 1c 00000110 0e 0d 6a 0c 07 08 00 00 00 |. A.... C..
j......| 00000120 2e 6d, 2e 73 74 72 74 61 62 |. Symtab..
strtab| 00000130 2e to the "61" (2e) (6c) |. Shstrtab..
rela| 00000140 2e (2e) 2e 62 73 73 |. Text.. Data..
bss|
00000150 2e (6f), 2e, 6f 6d 6d, 6e |..rodata..commen| 00000160 2e 6e 6f |t 2e to 4e (2d) Note.
gnu-stac| 00000170 6b 2e (6c) 2e-5f-|k
rela.eh_frame|
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 |................| * 000001c0 00 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 | ...... |
000001d0 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000001e0 of 40 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00 |@ ....
p.......|
000001f0 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|
00000200 1b 00 00 00 04 00 00 00 |................|
00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 |................|
00000220 B0 the same as the same as the |........x.......|
00000230 0b 00 00 00 01 00 00 00 08 00 00 00 00 00 00 00 |................|
00000240 to the same (a) of the |........&.......|
00000250 03 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 |................|
00000260 90 00 00 00 00 00 00 00 08 00 00 00 00 00-00 00 |................|
00000270 00 00 00 00 00 00 00 00 04 00 00 00 00 00-00 00 |................| 00000280 2c 00 00 00 08 00 00 00 | .........,.......|
00000290 03 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 |................|
000002A0 98 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|
000002b0 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................| 000002c0 00 00 00 00 00 00 00 00 31 00 00 00 01 00 00 00 | ...
1.......|
000002d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002E0 98 00 00 00 00 00 00 00 04 00 00 00 00 00-00 00 |................|
000002f0 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................| 00000300 00 00 00 00 00 00 00 00 39 00 00 00 01 00 00 00 | ...
9.......|
00000310 30 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 |0...............|
00000320 9c 2b 00 00 00 00 00 00 00 |........+.......|
00000330 00 00 00 00 00 00 00 00 01 00 00 00 00 00-00 00 |................| 00000340 01 00 00 00 00 00 00 00 42 00 00 00 01 00 00 00 | ...
b.......| 00000350 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 |................|
00000360 C7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000370 00 00 00 00 00 00 00 00 01 00 00 00 00 00-00 00 |................| 00000380 00 00 00 00 00 00 00 00 57 00 00 00 01 00 00 00 | ...
w.......|
00000390 02 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 |................| 000003a0 C8 00 00 00 00 00 00 00 58 00 00 00 00 00 00 00 | ...
x.......|
000003b0 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 |................| 000003c0 00 00 00 00 00 00 00 00 52 00 00 00 04 00 00 00 | ...
r.......|
000003d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000003e0 28 07 00 00 00 00 00 00 30 00 00 00 00 00 00 00 | (.......
0.......|
000003f0 0b 00 00 00 08 00 00 00 08 00 00 00 00 00 00 00 |................|
00000400 18 00 00 00 00 00 00 00 11 00 00 00 03 00-00 00 |................|
00000410 00 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 |................| 00000420 20 01 00 00 00 00 00 00 61 00 00 00 00 00 00 00 |
... a.......|.
00000430 00 00 00 00 00 00 00 00 01 00 00 00 00 00-00 00 |................|
00000440 00 00 00 00 00 00 00 00 01 00 00 00 02 00-00 00 |................|
00000450 00 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 |................|
00000460 C8 04 00 00 00 00 00 00 80 01 00 00 00 00 00 00 |................|
00000470 0c 0b 00 00 00 08 00 00 00 00 00 00 00 |................|
00000480 18 00 00 00 00 00 00 00 09 00 00 00 03 00-00 00 |................|
00000490 00 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 |................| 000004A0 48 06 00 00 00 00 00 00 66 00 00 00 00 00 00 00 |
h.......f.......|
000004b0 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
000004c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
* 000004E0 F1 FF 00 00 00 00 00 00 00 00 |................| 000004f0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 01 00 |................|
00000500 00 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 |................|
00000510 00 00 00 00 03 00 03 00 00 00 00 00 00 00-00 00 |................|
00000520 00 00 00 00 00 00 00 00 00 00 00 00 03 00-04 00 |................|
00000530 00 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 |................|
00000540 00 00 00 00 03 00 05 00 00 00 00 00 00 00-00 00 |................|
00000550 00 00 00 00 00 00 00 00 11 00 00 00 01 00-03 00 |................|
00000560 04 00 00 00 00 00 00 00 04 00 00 00 00 00-00 00 |................| 00000570 21 00 00 00 01 00 04 00 00 00 00 00 00 00-00 00 |!
...............|
00000580 04 00 00 00 00 00 00 00 00 00 00 00 03 00-07 00 |................|
00000590 00 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 |................|
000005a0 00 00 00 00 03 00 08 00 00 00 00 00 00 00 00 00 |................|
000005b0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 06 00 |................| 000005c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000005d0 32 00 00 00 11 00 03 00 00 00 00 00 00 00 00 00 |2...............| F2 (FF), in which you are not in the same---
b.......|
000005f0 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................| 00000600 54 00 00 00 12 00 01 00 00 00 00 00 00 00 00 00 |
t...............| 00000610 5a 00 00 00 10 00 00 00 |! .......
z.......|
00000620 00 00 00 00 00 00 00 00 00 00 00 00 00 00-00 00 |................| 00000630 the same as the same as all of the |a.......!
.......| 00000640 2f 6d 6c 65 53 |/...........
simples|
00000650 (6f 6e 2e) The |ection.c.static_| of the same
00000660 the 2e to the |var.1594.static_| of the 5f.
00000670 a 2e 6c 6f to 6c |var2.1595.global|--
00000680 5f, 6e |_init_var.global|, 5f-A-a-6c, 6f, 6c 00000690 5f 6e (6e), 5f, 6e-|_uninit_var.func|
000006a0 6e (6d) |1.printf.main...| 6e (m)
000006b0 0a 00 00 00 05 00 00 00 |................|
000006C0 1b 00 00 00 00 00 00 00 |................|
000006D0 0e FC FF FF FF FF FF FF FF |................|
000006e0 32 00 00 00 00 00 00 00 02 00 00 00 03 00-00 00 |2...............| 000006f0 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 | ...
8.......|
00000700 an FC FF FF FF FF FF FF |................| The 00000710 0d 00 00 00 (+) |
g...............|
00000720 FC FF FF FF FF 20 00 00 00 00 00 00 00 | ... |..... |
00000730 02 00 00 00 02 00 00 00 00 00 00 00 00 00-00 00 |................|
00000740 40 00 00 00 00 00 00 00 02 00 00 00 02 00-00 00 |@...............|                          00000750 21 00 00 00 00 00 00 00 |! .......|

Figure 1

Using the command ls-l SIMPLESECTION.O, you can get a file size of 1880 bytes, and the binary content above is exactly 1880 bytes (0x758 conversion to 10 mechanism 1880).

The overall outline of the SIMPLESECTION.O is as follows, and perhaps the reader will wonder why they get such a picture, and as we delve into the contents of each paragraph, the answer will naturally be revealed.

Figure 2

We see that 0x758 is the end of all segments and translates into decimal 1880 bytes. The same size as the file we just obtained.

Here we use the command to analyze each part of the ELF file structure:

1, ELF Header

Use the command readelf-h SIMPLESECTION.O to get the following figure.

Figure 3

The elf file header structure and related parameters are defined in "/usr/include/elf.h", as follows:

typedef struct {unsigned char e_ident[ei_nident];                 /* Magic number and other info */Elf32_half e_type;              /* Object File type */Elf32_half e_machine;              /* Architecture * * Elf32_word e_version;                /* Object file version */ELF32_ADDR e_entry;                * Entry Point Virtual Address * * * Elf32_off E_phoff;                /* Program Header Table file offset */Elf32_off E_shoff;                /* Section Header Table file offset */Elf32_word e_flags;               * PROCESSOR-SPECIFIC Flags * * * elf32_half e_ehsize;            /* ELF Header size in bytes */elf32_half e_phentsize;                /* Program Header table Entry Size */Elf32_half e_phnum;            /* Program Header Table Entry Count */Elf32_half e_shentsize;                /* Section Header table Entry size */Elf32_half e_shnum;      /* Section Header table Entry Count */Elf32_half e_shstrndx;       /* section Header string Table index */} ELF32_EHDR; 

Type:elf file type, in this case rel (relocatable file), which can be relocated.

The Start of section headers, Cong offset in the file, is the position of section table in Figure 2 is 392 (0x188).

The size of section Headers,elf file header is 64 bytes.

Number of section headers,elf owns how many breaks, this example is 13 segments. See Figure 7.

Section Header string Table index, Cong the segment where the string table is located in the segment table. This example is equal to 10, as shown in Figure 7.

2,. Text

To use the command:

Objdump-d SIMPLESECTION.O, the following figure is obtained, because it is a code snippet, so the binary represents the assembly code.

Figure 4

3,. Data

Using the command objdump-s SIMPLESECTION.O, get the data segment, as shown in the following figure:

Figure 5

In this case, the data section is stored in the

int global_init_var = n;
static int static_var = 85;

A total of 8 bytes, one is 0x00000054, the decimal is 84; one is 0x0000000056, and the decimal is 85.

4. BSS

Using the command objdump-h SIMPLESECTION.O, get the following figure:

Figure 6

In this case, the data section is stored in the

static int static_var2;

You will notice that int global_uninit_var is neither in the. Data section nor in the. BSS segment. If you add static to the front, then there is a. BSS section.

5. Rodata

. rodata stored read-only data. 25640a00, looking at the ASCII table represents%d\n.

6. Shstrtab (segment Table string table)

As shown in Figure 1, the storage is

.. symtab..strtab..shstrtab..rela.text..data..bs..rodata..comment..note.gnu-stak..rela.eh_frame

7. Strtab (String table)

As shown in Figure 1, the storage is

Simplesection.c.static_var.1594.static_var2.1595.global_init_var.global_uninit_var.func1.printf.main

8, Section Table

Use the command, Readelf-s SIMPLESECTION.O, get the following figure:

Figure 7

This explains Figure 1, why do you want to draw?

Offset represents the segment offset, and size represents the segment size.

Type,progbits said paragraph, Nobits said not to occupy space. RelA represents a relocation segment, Strtab represents a string table, and Symtab represents a symbol table.

Entsize indicates a duplicate content size if there is duplicate content in the segment. For example, the following symbol table to be introduced is a duplicate content composition.

When type is RelA, link indicates that the corresponding symbol table used for the paragraph is in the paragraph table, in this case 11. Info represents the subscript of the segment that the relocation table is in in the segment table ... rela.text for 1,.rela.eh_frame is 8.

9. Symtab (symbol table)

Use the command, Readelf-s SIMPLESECTION.O, get the following figure:

Figure 8

Name, which indicates the subscript of the string in the string table;

NDX,SIMPLESECTION.C is Abs,global_uninit_var com, which means that the variable is a strong or weak reference and is not currently in the. Data section, nor in the. BSS segment, and is determined when the link is waiting.

printf is und, meaning that there is no definition, that is, an external function is referenced.

The GLOBAL_INIT_VAR,NDX is 3, which is similar to the rest in. Data. The subscript that represents the segment of the symbol in the segment table, as shown in Figure 7.

Bind Global represents functions and variables that can be referenced externally or referenced externally.

Type is an object, Func represents a function, a section represents a segment, a file represents a document, printf is a notype, is undefined, and refers to an external function.

The size represents the sizes.

Value represents the offset in this paragraph, for example, static_var.1594 indicates that the offset in the. Data section is 4. Main's offset in the. Data section is 21.

Finally, we introduce a command, NM SIMPLESECTION.O, and the results are as follows:

You can see all the functions and variables that can be referenced externally or referenced externally.

T means that text;d and D indicate that the data;b represents the Bss,c Common,u represents the undef.

A non-static local variable in a program is not a data segment nor a code snippet, possibly on a stack segment.

    At this point, all of the sections are finished. This article refers to the self cultivation of the programmer.