Why of "magic number"

Elf magic number, we can see from the output of readelf, the 16 bytes of the first "magic" correspond to the member e_ident of "elf32_ehdr. The 16 bytes are defined by the elf standard to identify the platform attributes of the ELF File, such as the elf character length (32-bit/64-bit), the byte order, and the ELF File version, as shown in 3-5.

The first four bytes must be the same identification code for all elf files, including 0x7f, 0x45, 0x4c, and 0x46, the first byte corresponds to the Del control character in the ASCII character, and the last three bytes are the ASCII code of the three letters elf. These four bytes are also called the magic number of ELF files. The first few bytes of almost all executable file formats are magic numbers. For example, the first two bytes of the. Out format are 0x01 and 0x07. The first two bytes of the PE/coff file are 0x4d and 0x5a, that is, the ASCII character MZ. This magic number is used to confirm the file type. When the operating system loads executable files, it determines whether the magic number is correct. If it is incorrect, it will reject the loading.

The next byte is used to identify the ELF File class. 0x01 indicates 32-bit, 0x02 indicates 64-bit, and 6th words indicates the byte order, specify whether the ELF file is large or small (see Appendix: byte order ). The master version number of the ELF file is set to 1 in 7th bytes, because the elf standard has never been updated since version 1.2. The following nine bytes are not defined in the elf standard. Generally, this parameter is set to 0. Some platforms use these nine bytes as the extension mark.

Origins of various magic numbers

A. Out is in the format of 0x01 and 0x07. Why does this magic number be specified?

Unix was born on the PDP Minicomputer in the early years. At that time, the system loaded an executable file and directly started to execute it from the first byte of the file, people usually place a jump command at the beginning of a file. This command skips the file header of the next seven machine words to the real portal of the executable file. And 0x01 0x07 these two bytes are just the PDP-11 of the machine jump to the seven machine words of the command. To maintain compatibility with previous systems, this jump command has been retained as a magic number for decades.

There are many weird designs in computer systems that have interesting history and traditions behind them. Understanding their origins can help us understand a lot of interesting things. This reminds me of the so-called "path dependency" in economics. One of the most interesting stories is the story of "horse ass decides the Space Shuttle", which has been widely circulated on the Internet, if you are interested, you can search for "horse ass" and "Space Shuttle" as keywords on Google.

Standard history of ELF files

In 1990s, some vendors jointly established a committee to draft and release an elf document format standard for public use, and hoped that everyone would follow this standard and benefit from it. In 1993, the Committee issued the elf documentation standard. At that time, compiler vendors, such as Watcom and Borland, CPU vendors such as IBM and Intel, and operating system vendors such as IBM and Microsoft were involved in the Committee. In 1995, the Committee issued the elf 1.2 standard, which has since completed its mission and has soon been dissolved. Therefore, the latest ELF File Format standard version is 1.2.

The e_type Member of the file type indicates the ELF file type, which is the three types of ELF files mentioned earlier. Each file type corresponds to a constant. The system uses this constant to determine the true file type of ELF, rather than the file extension. Related constants start with "Et _", as shown in Table 3-5.