understand hexedit of an elf

问题

Consider the following hexedit display of an ELF file.

00000000   7F 45 4C 46  01 01 01 00  00 00 00 00  .ELF........
0000000C   00 00 00 00  02 00 03 00  01 00 00 00  ............
00000018   30 83 04 08  34 00 00 00  50 14 00 00  0...4...P...
00000024   00 00 00 00  34 00 20 00  08 00 28 00  ....4. ...(.
00000030   24 00 21 00  06 00 00 00  34 00 00 00  $.!.....4...
0000003C   34 80 04 08  34 80 04 08  00 01 00 00  4...4.......
00000048   00 01 00 00  05 00 00 00  04 00 00 00  ............

1. How many section headers does it have?
2. Is it an object file or an executable file?
3. How many program headers does it have?
4. If there are any program headers, what does the first program header do?
5. If there are any section headers, at what offset is the section header table?

回答1:

Strange, this hexdump looks like your homework to me...

1. There are 36 section headers.
2. It is an executable.
3. It has 8 program headers.
4. As you can tell by the first word (offset 0x34: 0x0006) in the first program header, it is of type PT_PHDR, which just informs about the characteristics of the program header table itself.
5. The section header table begins at byte 5200 (which is 0x1450 in hex).

How do I know this stuff? By dumping the hex into a binary and reading it with readelf -a (because I am lazy). Except for question no. 4, which I had to figure out manually by reading man 5 elf.

来源：https://stackoverflow.com/questions/11179989/understand-hexedit-of-an-elf