Linux Kernel series-11. ELF format for operating system development, linuxelf
Shows the structure of the ELF file:
The ELF File consists of four parts: ELF header, Program header table, Section (Sections), and Section header table ).
In fact, a file does not necessarily contain all this content, and their locations may not be arranged as shown in this arrangement. Only the ELF header is fixed, the location and size of other parts are determined by the values in the ELF header.
The ELF header Format is as follows:
#define EI_NIDENT 16typedef struct{ unsigned char e_ident[EI_NIDENT]; Elf32_Half e_type; Elf32_Half e_machine; Elf32_word e_version; Elf32_Addr e_entry; Elf32_Off e_phoff; Elf32_Off e_shoff; Elf32_Word e_flags; Elf32_Haif e_ehsize; Elf32_Haif e_phentsize; Elf32_Haif e_phnum; Elf32_Haif e_shentsize; Elf32_Haif e_shnum; Elf32_Haif e_shstrndx;}Elf32_Ehdr;
The following table describes various types of data. Since the ELF file is designed to support processors of different architectures from 8-bit to 32-bit, these data types are defined in the following table, this makes the file format irrelevant to the machine.
The following describes the meaning of each item in the ELF header. Foobar file:
It must start with a 16-byte e_ident, which contains characters used to represent the ELF File and other machine-independent information.
The 4 bytes at the beginning are fixed and the value of 1st bytes is 0x7F, followed by three ELF characters. These 4 bytes indicate that this file is an ELF file.
1. e_type -- identifies the file type and the values are not listed one by one. The e_type of the file foobar is 2, indicating that it is an executable file.
2. The value of this item in e_machine -- foobar is 3, indicating that the architecture required to run the program is Intel 80386.
3. e_version -- file version.
4. e_entry -- entry address of the program. The entry address of the file foobar is 0x80480A0.
5. e_phoff -- offset of the Program header table in the file (in bytes). The value here is 0x34.
6. e_shoff -- Section header table offset in the file (in bytes). The value here is 0x1C0.
7. e_flags -- for IA32, this value is 0.
8. e_ehsize -- ELF header size (in bytes). The value here is 0x34.
9. e_phentsize -- size of each entry (one Program header) in the Program header table. The value is 0x20.
10. e_phnum -- How many entries are in the Program header table. Here there are 3 entries.
11. e_shentsize -- size of each entry (a Section header) in Section header table. The value here is 0x28.
12. How many entries are in e_shnum -- Section header table. There are 6 entries here.
13. e_shstrndx -- the number of sections (starting from scratch) in the string table containing the section name ). The value is 5, indicating that the 5th section contains the section name.
We can see that the offset (e_phoff) of the Program header table in the file is 0x34, and the ELF header size (e_ehsize) is also 0x34. It can be seen that the ELF header is followed by the Program header table. The data structure of the Program header is as follows:
typedef struct{ Elf32_Word p_type; Elf32_Off p_offset; Elf32_Addr p_vaddr; Elf32_Addr p_paddr; Elf32_Word p_filesz; Elf32_Word p_memsz; Elf32_Word p_flags; Elf32_Word p_align;}Elf32_Phdr;
In fact, the Program header describes a segment or other information required by the system to prepare the Program to run. There are three items in the program header table (e_phnum = 3), and the offset is 0x34 ~ 0x53, 0x54 ~ 0x73 and 0x74 ~ 0x93.
1. p_type -- the type of the segment described by the current Program header.
2. p_offset -- the offset of the first byte of the segment in the file.
3. p_vaddr -- the virtual address of the first byte of the segment in the memory.
4. p_paddr -- in the system related to the physical address location, this item is reserved for the physical address.
5. p_filesz -- the length of the segment in the file.
6. p_memsz -- the length of the segment in the memory.
7. p_flags -- the identifier related to the segment.
8. p_align -- determines how segments are aligned in files and memory based on this value.
The Program header describes the position, size, and location and size of a segment in the file after it is put into the memory. This information is required if we want to load a file into the memory.
There are three Program headers in foobar. Their values are as follows:
Based on this information, we can easily know the situation after foobar is loaded into the memory, such: