elf

问题 As a concrete example, on GAS 2.24, moving the address: mov $s, %eax s: After: as --64 -o a.o a.S objdump -Sr a.o Uses zero extension: 0000000000000000 <s-0x5>: 0: b8 00 00 00 00 mov $0x0,%eax 1: R_X86_64_32 .text+0x5 But memory access: mov s, %eax s: Compiles to sign extension: 0000000000000000 <s-0x7>: 0: 8b 04 25 00 00 00 00 mov 0x0,%eax 3: R_X86_64_32S .text+0x7 Is there a rationale to using either in this specific case, or in general? I don't understand how the assembler could to any

问题 I have an ELF object file. I want to know which type of debugging info it contains. It was compiled with the Diab compiler (C source) for the PPC architecture. I'm pretty sure it was built with debugging symbols. I have tried extracting the debugging info with dwarfdump but I doesn't work so I guess the debugging information is not of type DWARF. $ dwarfdump file.elf No DWARF information present in file.elf Using objdump to show debugging information comes up empty. $ objdump -g file.elf file

问题 I have disassembled a program. I see at the beginning an AND instruction with ESP and 0xFFFFFFF0 . What is the meaning of this mask? Is it an alignment problem? It is an ELF executable for 32bit x86. 回答1: gcc for i386 Linux defaults to -mpreferred-stack-boundary=4 (meaning 24 = 16 byte alignment). (Other non-Linux systems also use ELF executables, but they also have the same stack-alignment defaults and SysV ABI.) Unlike clang, gcc doesn't assume that the stack will be aligned on entry to

问题 I'm trying to build an shared library on Windows with MinGW, follow this tutorial: Building_elf_shared_libraries I run this step: $ gcc -fPICenter code here -c libfoo.c -o libfoo.o $ gcc -Wall -O2 -shared -Wl,-soname,libfoo.so.1 -o libfoo.so.1.0.0 libfoo.o When I get the .so I try to read it with readelf and get error: $ readelf -h libfoo.so.1.0.0 readelf: Error: Not an ELF file - it has the wrong magic bytes at the start Did I misunderstand something? 回答1: Yes you did misunderstand something

问题 Can anyone please share some link or book that explains in detail about how a process is created from an ELF file. Most of the materials freely available seems to be abstract with out explaining most details like what information is taken from program headers and how the process image is in memory using that information. Thanks 回答1: elf files work in the following way Every segment describes a bunch of sections sharing the same charcteristics together, such as Load to memory, each section has

问题 I am trying to load a PHP extension (sdo.so) but I am getting the following error when I try to run XAMPP. PHP Warning: PHP Startup: Unable to load dynamic library '/opt/lampp/lib/php/extensions/no-debug-non-zts-20060613/sdo.so' - /opt/lampp/lib/php/extensions/no-debug-non-zts-20060613/sdo.so: wrong ELF class: ELFCLASS64 in Unknown on line 0 From what I've seen other people say it seems to be something to do with it being compiled on a 64bit machine and it needs 32bit. Is this the root of the

问题 I need to parse the loadable parts of an ELF executable for a simple loader. Found the nice "libelf by Example" tutorial (by J. Koshy) that gives a nice overview on the structure of an ELF. It then lead me to the ELF Toolchain project, which implements, among other things, the libelf library of ELF handling functions. The nice thing about using this library is that it encapsulates the variations in ELF formats and makes the code more portable and future proof. However, I found out that in

问题 In the symbol table there is only the offset of symbol name but no information on which lib the symbol belongs to. typedef struct { Elf32_Word st_name; Elf32_Addr st_value; Elf32_Word st_size; unsigned char st_info; /* bind, type: ELF_32_ST_... */ unsigned char st_other; Elf32_Half st_shndx; /* SHN_... */ } Elf32_Sym; When the resolving function is called at runtime, the offset of the symbol table and another DWORD are passed to it. Does that DWORD have something to do with the symbol's lib?

问题 I'm trying to use GNU as as a generic assembler similar in use as nasm . I make a template source like this: .section .text .globl _start .intel_syntax noprefix _start: call 0xb77431c0 # the instruction I want to assemble And then I run the assemble command like this: as --32 -o test.o test.s ld -m elf_i386 -Ttext 0xb77431d9 --oformat binary -o test.bin test.o All works well with binutils 2.24. But it appears that as from binutils 2.22 (the one in Ubuntu Precise) aligns .text section to the 4

问题 I have a question about dynamic linking on Linux. Consider the following disassembly of an ARM binary. 8300 <printf@plt-0x40>: .... 8320: e28fc600 add ip, pc, #0, 12 8324: e28cca08 add ip, ip, #8, 20 ; 0x8000 8328: e5bcf344 ldr pc, [ip, #836]! ; 0x344 .... 83fc <main>: ... 8424:ebffffbd bl 8320 <_init+0x2c> Main function calls printf at 8424: bl 8320. 8320 is an address in the .plt shown above. Now the code in .plt makes call to dynamic linker to invoke printf routine. My question is how the