elf

I'm trying to get the offset and the data of each sections of an elf file. I already have the sections names with this code: #include <elf.h> #include <fcntl.h> #include <stdio.h> #include <stdlib.h> #include <sys/mman.h> int filesize(int fd) { return (lseek(fd, 0, SEEK_END)); } void print_section(Elf64_Shdr *shdr, char *strTab, int shNum) { int i; for(i = 0; i < shNum; i++) printf("%02d: %s\n", i, &strTab[shdr[i].sh_name]); } int main(int ac, char **av) { void *data; Elf64_Ehdr *elf; Elf64_Shdr *shdr; int fd; char *strtab; fd = open(av[1], O_RDONLY); data = mmap(NULL, filesize(fd), PROT_READ,

For global variables in C like int aglobal = 5; When does the 5 get transferred into aglobal by the loader and how does it know to put 5 in aglobal. Same situation with a static declaration in a function. Like int afunc() { static int astatic = 8; return astatic; } An int-sized space is made in a data section, with the value 5 encoded in it and a global non-function symbol named 'aglobal' is added to the symbol table pointing at it. References to aglobal are turned into relocations that are resolved at link-time to point to that data block, so in a fully-linked image instructions will load

I have not been successful in finding an answer on this question. Using GDB, I can use the command "call" to get the prototype of a function. Example: (gdb) call fn $1 = {void (int, int)} 0x8048414 <fn> So, GDB is able to figure out, only from the elf-file, that fn() returns void and takes two integers as arguments. However, I need to use some other tool to extract the function prototypes from an elf file. Preferably, I want to use objdump / readelf. Does anyone know if this is possible? If it is not possible, how does GDB do it? In which section of the elf file is the function prototypes

add2.c: int counter=0; int a=0; int b; int c; int add(int a, int b) { return a+b; } compilation: gcc -c add2.c -o add2.o reading the symbol table: readelf --symbols add2.o Symbol table '.symtab' contains 12 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000000 0 FILE LOCAL DEFAULT ABS add2.c 2: 00000000 0 SECTION LOCAL DEFAULT 1 3: 00000000 0 SECTION LOCAL DEFAULT 2 4: 00000000 0 SECTION LOCAL DEFAULT 3 5: 00000000 0 SECTION LOCAL DEFAULT 5 6: 00000000 0 SECTION LOCAL DEFAULT 4 7: 00000000 4 OBJECT GLOBAL DEFAULT 3 counter 8: 00000004 4 OBJECT

I would like to use ld's --build-id option in order to add build information to my binary. However, I'm not sure how to make this information available inside the program. Assume I want to write a program that writes a backtrace every time an exception occurs, and a script that parses this information. The script reads the symbol table of the program and searches for the addresses printed in the backtrace (I'm forced to use such a script because the program is statically linked and backtrace_symbols is not working). In order for the script to work correctly I need to match build version of the

一、实验内容 通过阅读bootmain.c，了解bootloader如何加载ELF文件。通过分析源代码和通过qemu来运行并调试bootloader&OS， bootloader如何读取硬盘扇区的？ bootloader是如何加载ELF格式的OS？ 二、实验相关 ELF文件格式 ELF(Executable and linking format)文件格式是Linux系统下的一种常用 目标文件(object file)格式 ，有 三种主要类型 : 用于执行的可执行文件(executable file)，用于提供程序的进程映像，加载到内存执行。 这也是本实验的OS文件类型。 用于连接的可重定位文件(relocatable file)，可与其它目标文件一起创建可执行文件和共享目标文件。 共享目标文件(shared object file),连接器可将它与其它可重定位文件和共享目标文件连接成其它的目标文件，动态连接器又可将它与可执行文件和其它共享目标文件结合起来创建一个进程映像。 ELF文件有 两种视图 （View）， 链接视图和执行视图 ，如下图： 链接视图通过Section Header Table描述，执行视图通过Program Header Table描述。Section Header Table描述了所有Section的信息，包括所在的文件偏移和大小等；Program