elf | 易学教程

List all the functions/symbols on the fly in C code on a Linux architecture?

阅读更多关于 List all the functions/symbols on the fly in C code on a Linux architecture?

问题 Assume main.c uses symbols from shared libs and local functions declared in main.c . Is there a nice and elegant way to print a list of all the available function names and symbols at run time? It should be possible since the data is loaded to the .code segment. 回答1: Since I had the same need to retrieve all loaded symbol names at runtime, I did some research based upon R..'s answer. So here is a detailed solution for linux shared libraries in ELF format which works with my gcc 4.3.4, but

Do .bss section zero initialized variables occupy space in elf file?

阅读更多关于 Do .bss section zero initialized variables occupy space in elf file?

问题 If I understand correctly, the .bss section in ELF files is used to allocate space for zero-initialized variables. Our tool chain produces ELF files, hence my question: does the .bss section actually have to contain all those zeroes? It seems such an awful waste of spaces that when, say, I allocate a global ten megabyte array, it results in ten megabytes of zeroes in the ELF file. What am I seeing wrong here? 回答1: Has been some time since i worked with ELF. But i think i still remember this

How do I add contents of text file as a section in an ELF file?

阅读更多关于 How do I add contents of text file as a section in an ELF file?

问题 I have a NASM assembly file that I am assembling and linking (on Intel-64 Linux). There is a text file, and I want the contents of the text file to appear in the resulting binary (as a string, basically). The binary is an ELF executable. My plan is to create a new readonly data section in the ELF file (equivalent to the conventional .rodata section). Ideally, there would be a tool to add a file verbatim as a new section in an elf file, or a linker option to include a file verbatim. Is this

Why does the PLT exist in addition to the GOT, instead of just using the GOT?

阅读更多关于 Why does the PLT exist in addition to the GOT, instead of just using the GOT?

问题 I understand that in a typical ELF binary, functions get called through the Procedure Linkage Table (PLT). The PLT entry for a function usually contains a jump to a Global Offset Table (GOT) entry. This entry will first reference some code to load the actual function address into the GOT, and contain the actual function address after the first call (lazy binding). To be precise, before lazy binding the GOT entry points back into the PLT, to the instructions following the jump into the GOT.

Library to read ELF file DWARF debug information

阅读更多关于 Library to read ELF file DWARF debug information

问题 Any recommendations for a good cross-platform library for reading ELF file debug information in DWARF format? I'd like to read the DWARF debug info in a Python program. 回答1: There's a new kid on the block - pyelftools - a pure Python library for parsing the ELF and DWARF formats. Give it a try. It aims to be feature-complete and is currently in active development, so any problems should be handled quickly and enthusiastically :-) 回答2: The concept of "ELF debug info" doesn't really exist: the

How to make an executable ELF file in Linux using a hex editor?

阅读更多关于 How to make an executable ELF file in Linux using a hex editor?

Just curious. This obviously isn't a very good solution for actual programming, but say I wanted to make an executable in Bless (a hex editor). My architecture is x86. What's a very simple program I can make? A hello world? An infinite loop? Similar to this question, but in Linux. As mentioned in my comment, you will essentially be writing your own elf-header for the executable eliminating the unneeded sections. There are still several required sections. The documentation at Muppetlabs-TinyPrograms does a fair job explaining this process. For fun, here are a couple of examples: The equivalent

Does gcc have any options to add version info in ELF binary file?

阅读更多关于 Does gcc have any options to add version info in ELF binary file?

问题 I mean whether gcc can insert some source code version infor into ELF binary as section or something similar. I do not want to change my source file, but add some info with gcc option in Makefile. 回答1: You can emit your version info into a text file, then turn that text file into an object file which you then statically link into your executable. The first step is simple but you have to write some code: a script or something to write your version info in any format you like as a plain text

How to retrieve the GCC version used to compile a given ELF executable?

阅读更多关于 How to retrieve the GCC version used to compile a given ELF executable?

I'd like to retrieve the GCC version used to compile a given executable. I tried readelf but didn't get the information. Any thoughts? It is normally stored in the comment section strings -a <binary/library> |grep "GCC: (" returns GCC: (GNU) X.X.X strip -R .comment <binary> strings -a <binary/library> |grep "GCC: (" returns no output It is not uncommon to strip the .comment (as well as .note) section out to reduce size via strip --strip-all -R .note -R .comment <binary> strip --strip-unneeded -R .note -R .comment <library> Note: busybox strings specifies the -a option by default, which is

How to disassemble one single function using objdump?

阅读更多关于 How to disassemble one single function using objdump?

问题 I've got a binary installed on my system, and would like to look at the disassembly of a given function. Preferrably using objdump , but other solutions would be acceptable as well. From this questions I've learned that I might be able to disassemble part of the code if I only know the boundary addresses. From this answer I've learned how to turn my split debug symbols back into a single file. But even operating on that single file, and even disassembling all the code (i.e. without start or

Why is the ELF execution entry point virtual address of the form 0x80xxxxx and not zero 0x0?

阅读更多关于 Why is the ELF execution entry point virtual address of the form 0x80xxxxx and not zero 0x0?

When executed, program will start running from virtual address 0x80482c0. This address doesn't point to our main() procedure, but to a procedure named _start which is created by the linker. My Google research so far just led me to some (vague) historical speculations like this: There is folklore that 0x08048000 once was STACK_TOP (that is, the stack grew downwards from near 0x08048000 towards 0) on a port of *NIX to i386 that was promulgated by a group from Santa Cruz, California. This was when 128MB of RAM was expensive, and 4GB of RAM was unthinkable. Can anyone confirm/deny this? As Mads