In an ELF file, how does the address for _start get detemined?

Question

I\'ve been reading the ELF specification and cannot figure out where the program entry point and _start address come from.

It seems like they should have to be in a

Answer 1

Take a look at the linker script ld is using:

ld -verbose

The format is documented at: https://sourceware.org/binutils/docs-2.25/ld/Scripts.html

It determines basically everything about how the executable will be generated.

On Binutils 2.24 Ubuntu 14.04 64-bit, it contains the line:

ENTRY(_start)

which sets the entry point to the _start symbol (goes to the ELF header as mentioned by ctn)

And then:

. = SEGMENT_START("text-segment", 0x400000) + SIZEOF_HEADERS;

which sets the address of the first headers to 0x400000 + SIZEOF_HEADERS.

I have modified that address to 0x800000, passed my custom script with ld -T and it worked: readelf -s says that _start is at that address.

Another way to change it is to use the -Ttext-segment=0x800000 option.

The reason for using 0x400000 = 4Mb = getconf PAGE_SIZE is to start at the beginning of the second page as asked at: Why is the ELF execution entry point virtual address of the form 0x80xxxxx and not zero 0x0?

A question describes how to set _start from the command line: Why is the ELF entry point 0x8048000 not changeable with the "ld -e" option?

SIZEOF_HEADERS is the size of the ELF + program headers, which are at the beginning of the ELF file. That data gets loaded into the very beginning of the virtual memory space by Linux (TODO why?) In a minimal Linux x86-64 hello world with 2 program headers it is worth 0xb0, so that the _start symbol comes at 0x4000b0.