elf | 易学教程

Adding section to ELF file

阅读更多关于 Adding section to ELF file

问题 I need to be able to add an arbitrary section to an ELF file. I cannot use GPL code in this program, so BFD is out of the question. I can use libelf/gelf to read sections, but the documentation is fairly sparse for these, and I cannot figure out how to add a section. Does anybody know how to do this? I would rather not write my own ELF code. 回答1: There's a few (possibly) related answers in this question about ELF file headers. The accepted answer mentioned using objcopy to add sections to an

What do the .eh_frame and .eh_frame_hdr sections store, exactly?

阅读更多关于 What do the .eh_frame and .eh_frame_hdr sections store, exactly?

问题 I know that, when using languages that support exceptions, such as C++, additional information must be provided to the runtime environment to describe the call frames that must be unwound during the processing of an exception. This information is contained in special sections of the object files, such as .eh_frame and .eh_frame_hdr . But, what kind of data structures are stored in these sections? I mean, can they be read by using any C struct? Do they have anything to do with the .cfi

How to disassemble one single function using objdump?

阅读更多关于 How to disassemble one single function using objdump?

I've got a binary installed on my system, and would like to look at the disassembly of a given function. Preferrably using objdump , but other solutions would be acceptable as well. From this questions I've learned that I might be able to disassemble part of the code if I only know the boundary addresses. From this answer I've learned how to turn my split debug symbols back into a single file. But even operating on that single file, and even disassembling all the code (i.e. without start or stop address, but plain -d parameter to objdump ), I still don't see that symbol anywhere. Which makes

How can I examine contents of a data section of an ELF file on Linux?

阅读更多关于 How can I examine contents of a data section of an ELF file on Linux?

I've been using objdump to look at assembly code in Linux ELF binaries. Sometimes there is an indirect jump through a jump table that is stored in the rodata (read-only data) section. How to get objdump or any other tool to show me the contents of this data section? I could execute the program and examine the relevant addresses in the debugger, but I don't want to do that because it has to be done interactively. The ideal answer will identify a tool that will not only show me the contents but will let me control the display format, much as od does. hobbs objdump -s -j .rodata exefile gives a

How are the different segments like heap, stack, text related to the physical memory?

阅读更多关于 How are the different segments like heap, stack, text related to the physical memory?

问题 When a C program is compiled and the object file(ELF) is created. the object file contains different sections such as bss, data, text and other segments. I understood that these sections of the ELF are part of virtual memory address space. Am I right? Please correct me if I am wrong. Also, there will be a virtual memory and page table associated with the compiled program. Page table associates the virtual memory address present in ELF to the real physical memory address when loading the

loading ELF file in C in user space

阅读更多关于 loading ELF file in C in user space

问题 I am trying to load an ELF file compiled with "gcc -m32 test.c -o test.exe" on Linux in a 64 bit x86 environment. I am trying to load that 32bit file (test.exe) inside a user space ELF loader which has the following core logic (32bit ELF). The problem is that calling into the returned start address results in a segmentation fault core dump. Here is the code: void *image_load (char *elf_start, unsigned int size) { Elf32_Ehdr *hdr = NULL; Elf32_Phdr *phdr = NULL; unsigned char *start = NULL;

What is the difference between ELF files and bin files?

阅读更多关于 What is the difference between ELF files and bin files?

问题 The final images produced by compliers contain both bin file and extended loader format ELf file ,what is the difference between the two , especially the utility of ELF file. 回答1: A Bin file is a pure binary file with no memory fix-ups or relocations, more than likely it has explicit instructions to be loaded at a specific memory address. Whereas.... ELF files are Executable Linkable Format which consists of a symbol look-ups and relocatable table, that is, it can be loaded at any memory

In an ELF file, how does the address for _start get detemined?

阅读更多关于 In an ELF file, how does the address for _start get detemined?

问题 I've been reading the ELF specification and cannot figure out where the program entry point and _start address come from. It seems like they should have to be in a pretty consistent place, but I made a few trivial programs, and _start is always in a different place. Can anyone clarify? 回答1: The _start symbol may be defined in any object file. Normally it is generated automatically (it corresponds to main in C). You can generate it yourself, for instance in an assembler source file: .globl

How to extract only the raw contents of an ELF section?

阅读更多关于 How to extract only the raw contents of an ELF section?

I've tried the following, but the resulting file is still an ELF and not purely the section content. $ objcopy --only-section=<name> <infile> <outfile> I just want the contents of the section. Is there any utility that can do this? Any ideas? Rather inelegant hack around objdump and dd : IN_F=/bin/echo OUT_F=./tmp1.bin SECTION=.text objdump -h $IN_F | grep $SECTION | awk '{print "dd if='$IN_F' of='$OUT_F' bs=1 count=$[0x" $3 "] skip=$[0x" $6 "]"}' | bash The objdump -h produces predictable output which contains section offset in the elf file. I made the awk to generate a dd command for the

Pack shared libraries into the elf

阅读更多关于 Pack shared libraries into the elf

Is there a utility that can take ALL the SO's that an Elf needs turn them into static then converts the Elf to be SO's free? Here are some projects you might find useful: Statifier (basically does what you want) ERESI (might do what you want, also allows for analysis of ELF targets) NOTE: I've not used either application myself. Statifier is an option. Another option is Ermine . While Ermine is commercial it behaves better than statifier on systems with memory randomization. I've used Statifier as mentioned by codelogic. It worked well for several Linux commands like ethtool. Probably not,