用readelf 解读二进制文件(elf格式)

1840阅读 0评论2010-08-23 bailiangcn
分类:LINUX

先弄一段最简单的代码(test.s)

.section .data

.section .text
.globl _start
_start:
    movl $1, %eax
    movl $4, %ebx
    int $0x80

编译、链接后,生成test.o和test两个文件
as test.s -o test.o
ld test.o -o test
readelf -a test.o
输出为
ELF Header:
  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF32  (32位代码)
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              REL (Relocatable file)
  Machine:                           Intel 80386 (32位代码)
  Version:                           0x1
  Entry point address:               0x0
  Start of program headers:          0 (bytes into file)
  Start of section headers:          204 (bytes into file) 0xcc
  Flags:                             0x0
  Size of this header:               52 (bytes)  头文件大小
  Size of program headers:           0 (bytes)  程序头大小,库文件可以没有
  Number of program headers:         0
  Size of section headers:           40 (bytes)  每个段头的大小
  Number of section headers:         10  段头的个数
  Section header string table index: 7

Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0  0
  [ 1] .text             PROGBITS        00000000 000034 00000c 00  AX  0   0  4
  [ 2] .data             PROGBITS        00000000 000040 000000 00  WA  0   0  4
  [ 3] .bss              NOBITS          00000000 000040 000000 00  WA  0   0  4
  [ 4] .stab             PROGBITS        00000000 000040 00003c 0c      6   0  4
  [ 5] .rel.stab         REL             00000000 0002d4 000020 08      8   4  4
  [ 6] .stabstr          STRTAB          00000000 00007c 000011 00      0   0  1
  [ 7] .shstrtab         STRTAB          00000000 00008d 00003f 00      0   0  1
  [ 8] .symtab           SYMTAB          00000000 00025c 000070 10      9   6  4
  [ 9] .strtab           STRTAB          00000000 0002cc 000008 00      0   0  1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)

There are no section groups in this file.

There are no program headers in this file.

Relocation section '.rel.stab' at offset 0x2d4 contains 4 entries:
 Offset     Info    Type            Sym.Value  Sym. Name
00000014  00000101 R_386_32          00000000   .text
00000020  00000101 R_386_32          00000000   .text
0000002c  00000101 R_386_32          00000000   .text
00000038  00000101 R_386_32          00000000   .text

There are no unwind sections in this file.

Symbol table '.symtab' contains 7 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
     0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 00000000     0 SECTION LOCAL  DEFAULT    1
     2: 00000000     0 SECTION LOCAL  DEFAULT    2
     3: 00000000     0 SECTION LOCAL  DEFAULT    3
     4: 00000000     0 SECTION LOCAL  DEFAULT    4
     5: 00000000     0 SECTION LOCAL  DEFAULT    6
     6: 00000000     0 NOTYPE  GLOBAL DEFAULT    1 _start

No version information found in this file.
通过分析readelf输出,可以解析出test.o的存储格式

起始地址    长度    名称
0    52    elf header
0x34    12    .text段
0x40    0    .data
0x40    0    .bss
0x40    60    .stab
0x7c    17    .stabstr
0x8d    63    .shstrtab
0xcc    400    section headers
0x25c    112    .symtab
0x2cc    8    .strtab
0x2d4    32    .rel.stab
0x2f4        


上一篇:shell命令行下进行ASCII码转换
下一篇:socket学习中网络序与主机序