readelf

How to understand the difference between Offset and VirAddr in Program Headers in elf?

旧街凉风 提交于 2020-06-28 05:43:18
问题 There is a shared library elf file, I use readelf -l to see the program headers, the output is: Elf file type is DYN (Shared object file) Entry point 0x0 There are 11 program headers, starting at offset 52 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000034 0x00000034 0x00000034 0x00100 0x00100 R 0x4 INTERP 0x000194 0x00000194 0x00000194 0x00013 0x00013 R 0x1 [Requesting program interpreter: /system/bin/linker] LOAD 0x000000 0x00000000 0x00000000 0x3aa8c4

Meanings of mips flags from readelf command?

只谈情不闲聊 提交于 2020-01-05 06:59:19
问题 I have executed the command "readelf -h test" ("test" is my binary program) on linux, and got following text: ELF header: Magic: 7f 45 4c 46 .... Data: 2's complement, little endian ... **Flags: 0x1007, noreorder, pic, cpic, o32, mips1** ... Could you please let me know each meanings of flags of the above text in detail? I have googled it, but could not find answers. Any comments would be appreciated. 回答1: ELF header flags are architecture-specific. For MIPS they are defined in SYSTEM V

objdump/readelf get variables information

99封情书 提交于 2019-12-25 05:07:13
问题 I need to get the information about global variables from a compiled c program. I asked a similar question in here. The problem that I have now is that the program where I am trying to extract the variables info is very big and it takes 4 seconds just to get the tree in text ( readelf -w[i] file.out ). Then I have to parse the tree jumping back and forth in order to get to the place that I need. For example if a variable is of type const unsigned char * volatile MyVariable then I will have to

How can I get the symbol name in struct “Elf64_Rela”

北城以北 提交于 2019-12-13 12:34:11
问题 #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/mman.h> #include <errno.h> #include <fcntl.h> #include <elf.h> Elf64_Rela *retab; Elf64_Rela *retab_end; Elf64_Ehdr *ehdr; Elf64_Shdr *shdr; char *strtab; void elf_open(char *filename) { int fd = open(filename, O_RDONLY); struct stat sbuf; fstat(fd, &sbuf); void *maddr = mmap(NULL, sbuf.st_size, PROT_READ, MAP_SHARED, fd, 0); close(fd); ehdr = maddr; shdr =

What does version info in ldd -v mean?

一笑奈何 提交于 2019-12-12 20:23:51
问题 Version information: /usr/lib/lapack/liblapack.so: libc.so.6 (GLIBC_2.14) => /lib/x86_64-linux-gnu/libc.so.6 libc.so.6 (GLIBC_2.4) => /lib/x86_64-linux-gnu/libc.so.6 libc.so.6 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu/libc.so.6 libgcc_s.so.1 (GCC_4.0.0) => /lib/x86_64-linux-gnu/libgcc_s.so.1 libgfortran.so.3 (GFORTRAN_1.0) => /usr/lib/x86_64-linux-gnu/libgfortran.so.3 libgfortran.so.3 (GFORTRAN_1.4) => /usr/lib/x86_64-linux-gnu/libgfortran.so.3 libm.so.6 (GLIBC_2.2.5) => /lib/x86_64-linux-gnu

How can I get the symbol name in struct “Elf64_Rela”

為{幸葍}努か 提交于 2019-12-06 12:11:55
#include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/mman.h> #include <errno.h> #include <fcntl.h> #include <elf.h> Elf64_Rela *retab; Elf64_Rela *retab_end; Elf64_Ehdr *ehdr; Elf64_Shdr *shdr; char *strtab; void elf_open(char *filename) { int fd = open(filename, O_RDONLY); struct stat sbuf; fstat(fd, &sbuf); void *maddr = mmap(NULL, sbuf.st_size, PROT_READ, MAP_SHARED, fd, 0); close(fd); ehdr = maddr; shdr = (Elf64_Shdr *)(maddr + ehdr->e_shoff); for (int i = 0; i < ehdr->e_shnum; i++) { if (shdr[i].sh_type =

How to extract function prototypes from an elf file?

女生的网名这么多〃 提交于 2019-12-06 03:31:00
问题 I have not been successful in finding an answer on this question. Using GDB, I can use the command "call" to get the prototype of a function. Example: (gdb) call fn $1 = {void (int, int)} 0x8048414 <fn> So, GDB is able to figure out, only from the elf-file, that fn() returns void and takes two integers as arguments. However, I need to use some other tool to extract the function prototypes from an elf file. Preferably, I want to use objdump / readelf. Does anyone know if this is possible? If

why /lib32/libc.so.6 has two “fopen” symbol in it?

浪子不回头ぞ 提交于 2019-12-05 13:12:58
nm -D /lib32/libc.so.6 | grep '\<fopen\>' 0005d0c0 T fopen 00109750 T fopen readelf -s /lib32/libc.so.6 | egrep '0005d0c0|00109750' 181: 0005d0c0 50 FUNC GLOBAL DEFAULT 12 fopen@@GLIBC_2.1 182: 00109750 136 FUNC GLOBAL DEFAULT 12 fopen@GLIBC_2.0 679: 0005d0c0 50 FUNC GLOBAL DEFAULT 12 _IO_fopen@@GLIBC_2.1 680: 00109750 136 FUNC GLOBAL DEFAULT 12 _IO_fopen@GLIBC_2.0 here is my question: why /lib32/libc.so.6 has two fopen symbol in it ? identical symbol in same target file should be forbidden ,right? why readelf -s dump out fopen@@GLIBC_2.1 and fopen@GLIBC_2.0 instead of fopen? Thanks gby

How to extract function prototypes from an elf file?

元气小坏坏 提交于 2019-12-04 07:04:47
I have not been successful in finding an answer on this question. Using GDB, I can use the command "call" to get the prototype of a function. Example: (gdb) call fn $1 = {void (int, int)} 0x8048414 <fn> So, GDB is able to figure out, only from the elf-file, that fn() returns void and takes two integers as arguments. However, I need to use some other tool to extract the function prototypes from an elf file. Preferably, I want to use objdump / readelf. Does anyone know if this is possible? If it is not possible, how does GDB do it? In which section of the elf file is the function prototypes

Where is the “Section to segment mapping” stored in ELF files?

二次信任 提交于 2019-12-04 00:09:52
问题 As part of trying to write a compiler completely from scratch, I'm currently working on the part the handles ELF files. After skimming through several articles and specifications about them, I still don't quite understand where section to segment mappings are stored. When observing small executables generated by NASM+ld, I can see that the .text section is somehow mapped onto a LOAD-type program header, but how? A small piece of readelf's output when given a small (working) executable as
订阅 readelf