Experiment Report of Practice Four

Source: Internet
Author: User

I. Overview

1.ELF full name executable and linkable format, executable connection format, elf format files are used to store Linux programs. The elf file (target file) format is mainly three kinds:

    • Redirected files: The file holds the code and the appropriate data to create an executable file or a shared target file with other target files. (The target file or the static library file, which is usually a file with a. A and. o suffix of Linux)
    • Executable file: The file holds a program to execute. (e.g. BASH,GCC, etc.)
    • Shared destination file: Shared library. The file holds the code and the appropriate data, which is used by the connection editor and the dynamic linker link. (Linux is suffixed with. so files.) )
      The target file participates in both the program link and the program execution:

The generic Elf file consists of three index tables: Elf Header,program header table,section Header table.

    • ELF header: At the beginning of the file, a roadmap was saved, describing the organization of the document.
    • Program Header table: tells the system how to create a process image. The target file used to construct the process image must have the Program Header table, which is not required to relocate the file.
    • Section Header table: Contains information describing the sections of a file, each of which has an entry in the table, each giving information such as section name, section size. The destination file used for the link must contain the section Header table, and the other destination files may or may not have this table.
Second, analysis elf file header (elf header)
  • Enter terminal input: Cd/usr/include Enter the Include folder to view the Elf.h file, view elf's file header contains the entire file control structure
  • Write a small program (Hello 20135211) to compile and generate a hello executable file.
    Use the ' readelf–a Hello ' command to get information about the following Elf header files, such as:
  • With the information, you can draw the Elf header size of 64bytes, so you can use the Hexdump tool to open the 16 tab of the header file.
    For example, use the: ' Hexdump–x hello–n 64 ' command to view the header of the hello file in 16 tables (top 64bytes) to parse the format.
  • First line, corresponding to E_ident[ei_nident]. The actual representation of the content is 7f454c46020101000000000000000000, the first four bytes 7f454c46 (0x45,0x4c,0x46 is ' e ', ' l ', ' f ' corresponding to the ASCII encoding) is a magic number, indicating that this is an Elf object. The next byte 02 represents a 64-bit object, and the next byte 01 represents the small-end method, and the next byte 01 represents the file header version. The remaining defaults are set to 0.
  • The second line, the E_type value is 0x0002, represents an executable file. The E_machine value is 0x003e, which represents the advanced Micro Devices x86-64 processor architecture. The E_version value is 0x00000100, which indicates the current version. The E_entry value is 0x 004003f0, which represents the entry point.
  • The third row, the E_phoff value is 0x40, represents the program Header table. The E_shoff value is 0x1278, which represents the offset address of the segment table.
  • Row four, the E_flags value is 0x00000000, which indicates an unknown processor-specific flag. The E_ehsize value is 0x0040, which indicates the elf file header size (exactly 64bytes). E_phentsize represents the length of the entry in a Program Header table with a value of 0x0038. The value of E_phnum is 0x0008, which gives the number of entries in the Program Header table. A e_shentsize value of 0x0040 indicates a segment header size of 64 bytes. The E_shnum value is 0x001f, which indicates that there are 31 entries in the Segment table. The E_shstrndx value is 0x001c, which represents the index number in the segment table of the segment name string table.

Third, find the section Header table through the file header to understand its contents
    • File Elf1 Displays the type of the generated target file Hello
    • Elf1 is an executable file. Input: Ls–l hello to see the size of Hello:
    • The hello size is 6712 bytes.
      Input: hexdump–x Hello to display the contents of hello with a 16-digit number
      (where the second column is the offset address of the 16 binary representation)
    • Input: objdump–x Hello to display information about each segment in Hello and the symbol table:
    • Input: Readelf–a Hello to view individual segment information:
    • Elf File header information:
    • Cong Section Header table:
    • Symbol table:
Iv. find sections by section Header table

In an elf file there is a section Header table, through which we can navigate to all the sections, and the E_shoff variable in the ELF header is the offset of the Header table entry for the section header. Each section corresponds to a section header, so you can find your desired section by using the sections header as soon as you find each of the sections in the Header table.

The following is an example of the executable hello, which holds the section of the code snippet as an example of the process of reading one of the sections.
Use the ' vi/usr/include/elf.h ' command to view the structure of the sections header:

From the above analysis, each section header in section headers table occupies a size of 64 bytes, ELF header Gets the value of the E_shoff variable is 0x1278, that is, the table inlet offset, by looking at E_ The Shnum value is 0x001f, which indicates that there are 31 entries in the Segment table.
So there are 31 segments starting from 0x00001278, 64 bytes per segment, input hexdump elf1 view:

    • The first segment, where the content is all 0, does not represent any segment.
    • The second segment, the. Interp segment, the segment offset sh_offset to 0x200, and the segment size sh_size to 0x1c.
    • The third segment, the. Note.abi-tag segment, the segment offset sh_offset to 0x21c, and the segment size sh_size to 0X 20.
    • Fourth paragraph, for. Note.gnu.build-i segment, segment offset Sh_offset 0X 23c, Segment size Sh_size 0X 24.
    • Fifth paragraph, for. Gnu.hash segment, segment offset Sh_offset to 0X 260, segment size Sh_size 0X 1c.

............

    • 14th paragraph, for. Text segment, segment offset Sh_offset to 0X 3f0, segment size sh_size 0X 182.
    • 25th segment, for. Data segment, segment offset Sh_offset to 0X 8d8, segment size Sh_size 0X 10.
    • 26th segment, for. BSS segment, segment offset Sh_offset to 0X 8e8 (red line), segment size Sh_size 0X 08.
    • 29th paragraph, for. Symtab segment, segment offset Sh_offset to 0x910, segment size sh_size to 0x0648.
    • 30th paragraph, for. Strtab segment, segment offset Sh_offset to 0xf58, segment size sh_size to 0x214.

We use the readelf command to view the contents of the. Text section,
Enter Readelf–x, (the label in front of the. Text is 14) to view the contents of the. Text section of the 14 index number:

The following is a Hexdump method to read the contents of this section, by looking at section header. Text in the offset and size are 0x3f0 and 0x182, respectively, by 16 binary to the 10 binary to get offset:1008 and size:386.
Input hexdump–s 1008–n 386–c Hello

Got the same as the above readelf.
Use the following command to disassemble the text segment (. text) of Hello:
Objdump–d Hello gets as:

As you can see, the 16 binary data used with disassembly is the same as the one previously found.

V. Understanding Common. Text. Strtab. Symtab. Rodata and Other sections

The ①.text section is a collection of executable instructions, both. Data and. Text are sections of the Progbits type, which is the program and code to run in the future. The query segment table indicates that the bit offset of the text section is 0x00003f0,size to 0x0000182.

The ②.strtab section, which belongs to the Strtab type, can be seen in a file with a string that stores the name of the symbol. The bit offset is 0x0000f58,size to 0x0000214.

The ③.symtab section stores the symbolic names defined in all sections, such as "Data_items", "Start_loop", and "Symtab" section, which is part of the Symtab type. It describes the "memory address" in "memory" for the symbols in. Strtab. The bit offset is 0x0000910,size to 0x0000648.

Experiment Report of Practice Four

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.