elf

load ELF file into memory

南楼画角 提交于 2019-12-21 03:39:15
问题 I'm trying to put an elf file into memory and then execute it, these are the steps: 1- file to put into memory int main() { printf("Hello world! \n"); return 0; } 2- Compile it gcc -o hello hello.c -static ELF Header: Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 Class: ELF32 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: ARM Version: 0x1 Entry point address: 0x8120 Start of program headers: 52

ELF文件格式

点点圈 提交于 2019-12-20 19:32:46
ELF头 Object目标文件类型 Object文件格式 数据表示 ELF Header结构体 e_ident e_type类型 e_machine ELF节 section头表结构体 section介绍 符号表 字符串表 符号值 重定位 重定位类型 Linux命令行 ELF头 Object目标文件类型 一个可重定位(relocation)文件保存着代码和适当的数据,用来和其他的object文件一起创建一个可执行文件或一个共享文件。 一个可执行(executable)文件保存着一个用来执行的程序,该文件指出exec(BA_OS)如何创建程序进程映像。 一个共享object文件保存着代码和合适的数据,用来被链接器链接。第一个链接器[ld(SD_CMD)],可以和其他的可重定位和共享object文件来创建其他的object;第二个动态链接器,联合一个可执行文件和其他共享object文件来创建一个进程映像。 Object文件格式 数据表示 ELF Header结构体 # define EI_NIDENT 16 typedef struct { unsigned char e_ident [ EI_NIDENT ] ; Elf32_Half e_type ; Elf32_half e_machine ; Elf32_Word e_version ; //目标文件的版本,若为0

load-time ELF relocation

◇◆丶佛笑我妖孽 提交于 2019-12-20 09:00:24
问题 I am writing a simple user-space ELF loader under Linux (why? for 'fun'). My loader at the moment is quite simple and is designed to load only statically-linked ELF files containing position-independent code. Normally, when a program is loaded by the kernel's ELF loader, it is loaded into its own address space. As such, the data segment and code segment can be loaded at the correct virtual address as specified in the ELF segments. In my case, however, I am requesting addresses from the kernel

What functions does gcc add to the linux ELF?

六眼飞鱼酱① 提交于 2019-12-20 08:49:07
问题 When linking a hello-world-like program in c (or asm) with gcc it will add some stuff into the result executable object file. I know only about runtime dynamic linker and _start entry point but what is the kind of these added functions? 00000000004003f0 t deregister_tm_clones 0000000000400430 t register_tm_clones 0000000000400470 t __do_global_dtors_aux 0000000000400490 t frame_dummy 00000000004004e0 T __libc_csu_init 0000000000400550 T __libc_csu_fini 0000000000400554 T _fini

How do I find out which functions of a shared object are used by a program or an other library?

给你一囗甜甜゛ 提交于 2019-12-20 08:40:05
问题 How do I find out which functions of a shared object are used by a program or an other library? In this specific case, I would like to see which functions in /lib/libgcc1_s.so.1 are used by an other dynamic library. Since they are dynamically linked, objdump -d doesn't resolve the function call addresses. Is there a way short of running the program in a debugger or relinking statically? Thanks, Luca Edit: nm and readelf won't do, I don't need to see which symbols are present in a shared

making proprietary ELF binaries portable on Linux

点点圈 提交于 2019-12-19 16:54:58
问题 I am searching for a way to make existing proprietary ELF-binaries, which are linked against specific versions of system libraries, portable. With portable I mean making the executable work on every system with the same processor architecture and a compatible system kernel, without necessarily having the source code of the libraries (if there is no way without having the source code, it'll be fine too). So far I thought of two possibilities, but I don't know if they are at all possible and if

making proprietary ELF binaries portable on Linux

感情迁移 提交于 2019-12-19 16:53:59
问题 I am searching for a way to make existing proprietary ELF-binaries, which are linked against specific versions of system libraries, portable. With portable I mean making the executable work on every system with the same processor architecture and a compatible system kernel, without necessarily having the source code of the libraries (if there is no way without having the source code, it'll be fine too). So far I thought of two possibilities, but I don't know if they are at all possible and if

Why shows readelf on an ARM binary an odd entry point address?

こ雲淡風輕ζ 提交于 2019-12-19 11:05:26
问题 I compiled a C++ HelloWorld on an Odroid-XU3 with gcc/g++ version 4.8.2 and clang version 3.5. I also wrote a C HelloWorld for comparison. g++ -static -o HelloWorld hello.cc readelf -h HelloWorld shows the following entry point addresses: HelloWorld: 0x8be5 HelloClang: 0x8c45 HelloC: 0x88b5 These are odd addresses. Thumb has odd addresses, so has this something to do with Thumb? Additionally, objdump -lSd HelloWorld shows the _start Symbol at 0x8be4 , which looks like the "right" address. Why

What is the “__gmon_start__” symbol?

假装没事ソ 提交于 2019-12-18 12:49:28
问题 I'm compiling this code with gcc hello.c -o hello -O3 : #include <stdio.h> int main(void) { printf("Hello world\n"); return 0; } and when I list the relocations I get: test@southpark$ readelf -r hello | grep gmon 080495a4 00000106 R_386_GLOB_DAT 00000000 __gmon_start__ 080495b4 00000107 R_386_JUMP_SLOT 00000000 __gmon_start__ When I list the symbols in this file I get: test@southpark$ readelf -s hello | grep gmon 1: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 48: 00000000 0 NOTYPE WEAK

Analizing MIPS binaries: is there a Python library for parsing binary data?

萝らか妹 提交于 2019-12-18 11:39:09
问题 I'm working on a utility which needs to resolve hex addresses to a symbolic function name and source code line number within a binary. The utility will run on Linux on x86, though the binaries it analyzes will be for a MIPS-based embedded system. The MIPS binaries are in ELF format, using DWARF for the symbolic debugging information. I'm currently planning to fork objdump, passing in a list of hex addresses and parsing the output to get function names and source line numbers. I have compiled
订阅 elf