ELF格式简介
Overview
概要
ELF 是一种文件格式。首次发布在名为 System Release 4 的 Unix 操作系统版本的 ABI 规范中,后来使用在 Tool interface standard中,然后迅速被不同的 Unix 发行版使用。在1999年,ELF 被选为 Unix 和 Unix-like 系统x86处理器的标准二进制文件格式。
文件格式
ELF 文件由 ELF File Header 和 Data 组成,Data 又由以下部分组成:
- Program header table
- Section header table
- 1, 2 表头中引用的数据
ELF file header
Program header
Section header
示例
1readelf -all a.out
1 ELF Header:
2 Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
3 Class: ELF64
4 Data: 2's complement, little endian
5 Version: 1 (current)
6 OS/ABI: UNIX - System V
7 ABI Version: 0
8 Type: EXEC (Executable file)
9 Machine: Advanced Micro Devices X86-64
10 Version: 0x1
11 Entry point address: 0x4003e0
12 Start of program headers: 64 (bytes into file)
13 Start of section headers: 2488 (bytes into file)
14 Flags: 0x0
15 Size of this header: 64 (bytes)
16 Size of program headers: 56 (bytes)
17 Number of program headers: 8
18 Size of section headers: 64 (bytes)
19 Number of section headers: 30
20 Section header string table index: 27
21
22 Section Headers:
23 [Nr] Name Type Address Offset
24 Size EntSize Flags Link Info Align
25 [ 0] NULL 0000000000000000 00000000
26 0000000000000000 0000000000000000 0 0 0
27 [ 1] .interp PROGBITS 0000000000400200 00000200
28 000000000000001c 0000000000000000 A 0 0 1
29 [ 2] .note.ABI-tag NOTE 000000000040021c 0000021c
30 0000000000000020 0000000000000000 A 0 0 4
31 [ 3] .note.gnu.build-i NOTE 000000000040023c 0000023c
32 0000000000000024 0000000000000000 A 0 0 4
33 [ 4] .gnu.hash GNU_HASH 0000000000400260 00000260
34 000000000000001c 0000000000000000 A 5 0 8
35 [ 5] .dynsym DYNSYM 0000000000400280 00000280
36 0000000000000060 0000000000000018 A 6 1 8
37 [ 6] .dynstr STRTAB 00000000004002e0 000002e0
38 000000000000003d 0000000000000000 A 0 0 1
39 [ 7] .gnu.version VERSYM 000000000040031e 0000031e
40 0000000000000008 0000000000000002 A 5 0 2
41 [ 8] .gnu.version_r VERNEED 0000000000400328 00000328
42 0000000000000020 0000000000000000 A 6 1 8
43 [ 9] .rela.dyn RELA 0000000000400348 00000348
44 0000000000000018 0000000000000018 A 5 0 8
45 [10] .rela.plt RELA 0000000000400360 00000360
46 0000000000000030 0000000000000018 A 5 12 8
47 [11] .init PROGBITS 0000000000400390 00000390
48 0000000000000018 0000000000000000 AX 0 0 4
49 [12] .plt PROGBITS 00000000004003a8 000003a8
50 0000000000000030 0000000000000010 AX 0 0 4
51 [13] .text PROGBITS 00000000004003e0 000003e0
52 00000000000001e8 0000000000000000 AX 0 0 16
53 [14] .fini PROGBITS 00000000004005c8 000005c8
54 000000000000000e 0000000000000000 AX 0 0 4
55 [15] .rodata PROGBITS 00000000004005d8 000005d8
56 000000000000001e 0000000000000000 A 0 0 8
57 [16] .eh_frame_hdr PROGBITS 00000000004005f8 000005f8
58 0000000000000024 0000000000000000 A 0 0 4
59 [17] .eh_frame PROGBITS 0000000000400620 00000620
60 000000000000007c 0000000000000000 A 0 0 8
61 [18] .ctors PROGBITS 00000000006006a0 000006a0
62 0000000000000010 0000000000000000 WA 0 0 8
63 [19] .dtors PROGBITS 00000000006006b0 000006b0
64 0000000000000010 0000000000000000 WA 0 0 8
65 [20] .jcr PROGBITS 00000000006006c0 000006c0
66 0000000000000008 0000000000000000 WA 0 0 8
67 [21] .dynamic DYNAMIC 00000000006006c8 000006c8
68 0000000000000190 0000000000000010 WA 6 0 8
69 [22] .got PROGBITS 0000000000600858 00000858
70 0000000000000008 0000000000000008 WA 0 0 8
71 [23] .got.plt PROGBITS 0000000000600860 00000860
72 0000000000000028 0000000000000008 WA 0 0 8
73 [24] .data PROGBITS 0000000000600888 00000888
74 0000000000000004 0000000000000000 WA 0 0 4
75 [25] .bss NOBITS 0000000000600890 0000088c
76 0000000000000010 0000000000000000 WA 0 0 8
77 [26] .comment PROGBITS 0000000000000000 0000088c
78 000000000000002c 0000000000000001 MS 0 0 1
79 [27] .shstrtab STRTAB 0000000000000000 000008b8
80 00000000000000fe 0000000000000000 0 0 1
81 [28] .symtab SYMTAB 0000000000000000 00001138
82 0000000000000600 0000000000000018 29 46 8
83 [29] .strtab STRTAB 0000000000000000 00001738
84 00000000000001f0 0000000000000000 0 0 1
85 Key to Flags:
86 W (write), A (alloc), X (execute), M (merge), S (strings)
87 I (info), L (link order), G (group), x (unknown)
88 O (extra OS processing required) o (OS specific), p (processor specific)
89
90 There are no section groups in this file.
91
92 Program Headers:
93 Type Offset VirtAddr PhysAddr
94 FileSiz MemSiz Flags Align
95 PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040
96 0x00000000000001c0 0x00000000000001c0 R E 8
97 INTERP 0x0000000000000200 0x0000000000400200 0x0000000000400200
98 0x000000000000001c 0x000000000000001c R 1
99 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
100 LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
101 0x000000000000069c 0x000000000000069c R E 200000
102 LOAD 0x00000000000006a0 0x00000000006006a0 0x00000000006006a0
103 0x00000000000001ec 0x0000000000000200 RW 200000
104 DYNAMIC 0x00000000000006c8 0x00000000006006c8 0x00000000006006c8
105 0x0000000000000190 0x0000000000000190 RW 8
106 NOTE 0x000000000000021c 0x000000000040021c 0x000000000040021c
107 0x0000000000000044 0x0000000000000044 R 4
108 GNU_EH_FRAME 0x00000000000005f8 0x00000000004005f8 0x00000000004005f8
109 0x0000000000000024 0x0000000000000024 R 4
110 GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
111 0x0000000000000000 0x0000000000000000 RW 8
112
113 Section to Segment mapping:
114 Segment Sections...
115 00
116 01 .interp
117 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
118 03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
119 04 .dynamic
120 05 .note.ABI-tag .note.gnu.build-id
121 06 .eh_frame_hdr
122 07
123
124 Dynamic section at offset 0x6c8 contains 20 entries:
125 Tag Type Name/Value
126 0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
127 0x000000000000000c (INIT) 0x400390
128 0x000000000000000d (FINI) 0x4005c8
129 0x000000006ffffef5 (GNU_HASH) 0x400260
130 0x0000000000000005 (STRTAB) 0x4002e0
131 0x0000000000000006 (SYMTAB) 0x400280
132 0x000000000000000a (STRSZ) 61 (bytes)
133 0x000000000000000b (SYMENT) 24 (bytes)
134 0x0000000000000015 (DEBUG) 0x0
135 0x0000000000000003 (PLTGOT) 0x600860
136 0x0000000000000002 (PLTRELSZ) 48 (bytes)
137 0x0000000000000014 (PLTREL) RELA
138 0x0000000000000017 (JMPREL) 0x400360
139 0x0000000000000007 (RELA) 0x400348
140 0x0000000000000008 (RELASZ) 24 (bytes)
141 0x0000000000000009 (RELAENT) 24 (bytes)
142 0x000000006ffffffe (VERNEED) 0x400328
143 0x000000006fffffff (VERNEEDNUM) 1
144 0x000000006ffffff0 (VERSYM) 0x40031e
145 0x0000000000000000 (NULL) 0x0
146
147 Relocation section '.rela.dyn' at offset 0x348 contains 1 entries:
148 Offset Info Type Sym. Value Sym. Name + Addend
149 000000600858 000100000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0
150
151 Relocation section '.rela.plt' at offset 0x360 contains 2 entries:
152 Offset Info Type Sym. Value Sym. Name + Addend
153 000000600878 000200000007 R_X86_64_JUMP_SLO 0000000000000000 puts + 0
154 000000600880 000300000007 R_X86_64_JUMP_SLO 0000000000000000 __libc_start_main + 0
155
156 There are no unwind sections in this file.
157
158 Symbol table '.dynsym' contains 4 entries:
159 Num: Value Size Type Bind Vis Ndx Name
160 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
161 1: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
162 2: 0000000000000000 0 FUNC GLOBAL DEFAULT UND puts@GLIBC_2.2.5 (2)
163 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.2.5 (2)
164
165 Symbol table '.symtab' contains 64 entries:
166 Num: Value Size Type Bind Vis Ndx Name
167 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
168 1: 0000000000400200 0 SECTION LOCAL DEFAULT 1
169 2: 000000000040021c 0 SECTION LOCAL DEFAULT 2
170 3: 000000000040023c 0 SECTION LOCAL DEFAULT 3
171 4: 0000000000400260 0 SECTION LOCAL DEFAULT 4
172 5: 0000000000400280 0 SECTION LOCAL DEFAULT 5
173 6: 00000000004002e0 0 SECTION LOCAL DEFAULT 6
174 7: 000000000040031e 0 SECTION LOCAL DEFAULT 7
175 8: 0000000000400328 0 SECTION LOCAL DEFAULT 8
176 9: 0000000000400348 0 SECTION LOCAL DEFAULT 9
177 10: 0000000000400360 0 SECTION LOCAL DEFAULT 10
178 11: 0000000000400390 0 SECTION LOCAL DEFAULT 11
179 12: 00000000004003a8 0 SECTION LOCAL DEFAULT 12
180 13: 00000000004003e0 0 SECTION LOCAL DEFAULT 13
181 14: 00000000004005c8 0 SECTION LOCAL DEFAULT 14
182 15: 00000000004005d8 0 SECTION LOCAL DEFAULT 15
183 16: 00000000004005f8 0 SECTION LOCAL DEFAULT 16
184 17: 0000000000400620 0 SECTION LOCAL DEFAULT 17
185 18: 00000000006006a0 0 SECTION LOCAL DEFAULT 18
186 19: 00000000006006b0 0 SECTION LOCAL DEFAULT 19
187 20: 00000000006006c0 0 SECTION LOCAL DEFAULT 20
188 21: 00000000006006c8 0 SECTION LOCAL DEFAULT 21
189 22: 0000000000600858 0 SECTION LOCAL DEFAULT 22
190 23: 0000000000600860 0 SECTION LOCAL DEFAULT 23
191 24: 0000000000600888 0 SECTION LOCAL DEFAULT 24
192 25: 0000000000600890 0 SECTION LOCAL DEFAULT 25
193 26: 0000000000000000 0 SECTION LOCAL DEFAULT 26
194 27: 000000000040040c 0 FUNC LOCAL DEFAULT 13 call_gmon_start
195 28: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
196 29: 00000000006006a0 0 OBJECT LOCAL DEFAULT 18 __CTOR_LIST__
197 30: 00000000006006b0 0 OBJECT LOCAL DEFAULT 19 __DTOR_LIST__
198 31: 00000000006006c0 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__
199 32: 0000000000400430 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux
200 33: 0000000000600890 1 OBJECT LOCAL DEFAULT 25 completed.6349
201 34: 0000000000600898 8 OBJECT LOCAL DEFAULT 25 dtor_idx.6351
202 35: 00000000004004a0 0 FUNC LOCAL DEFAULT 13 frame_dummy
203 36: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
204 37: 00000000006006a8 0 OBJECT LOCAL DEFAULT 18 __CTOR_END__
205 38: 0000000000400698 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__
206 39: 00000000006006c0 0 OBJECT LOCAL DEFAULT 20 __JCR_END__
207 40: 0000000000400590 0 FUNC LOCAL DEFAULT 13 __do_global_ctors_aux
208 41: 0000000000000000 0 FILE LOCAL DEFAULT ABS main.c
209 42: 0000000000600860 0 OBJECT LOCAL DEFAULT 23 _GLOBAL_OFFSET_TABLE_
210 43: 000000000060069c 0 NOTYPE LOCAL DEFAULT 18 __init_array_end
211 44: 000000000060069c 0 NOTYPE LOCAL DEFAULT 18 __init_array_start
212 45: 00000000006006c8 0 OBJECT LOCAL DEFAULT 21 _DYNAMIC
213 46: 0000000000600888 0 NOTYPE WEAK DEFAULT 24 data_start
214 47: 00000000004004f0 2 FUNC GLOBAL DEFAULT 13 __libc_csu_fini
215 48: 00000000004003e0 0 FUNC GLOBAL DEFAULT 13 _start
216 49: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
217 50: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
218 51: 0000000000000000 0 FUNC GLOBAL DEFAULT UND puts@@GLIBC_2.2.5
219 52: 00000000004005c8 0 FUNC GLOBAL DEFAULT 14 _fini
220 53: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_
221 54: 00000000004005d8 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used
222 55: 0000000000600888 0 NOTYPE GLOBAL DEFAULT 24 __data_start
223 56: 00000000004005e0 0 OBJECT GLOBAL HIDDEN 15 __dso_handle
224 57: 00000000006006b8 0 OBJECT GLOBAL HIDDEN 19 __DTOR_END__
225 58: 0000000000400500 137 FUNC GLOBAL DEFAULT 13 __libc_csu_init
226 59: 000000000060088c 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
227 60: 00000000006008a0 0 NOTYPE GLOBAL DEFAULT ABS _end
228 61: 000000000060088c 0 NOTYPE GLOBAL DEFAULT ABS _edata
229 62: 00000000004004c4 32 FUNC GLOBAL DEFAULT 13 main
230 63: 0000000000400390 0 FUNC GLOBAL DEFAULT 11 _init
231
232 Version symbols section '.gnu.version' contains 4 entries:
233 Addr: 000000000040031e Offset: 0x00031e Link: 5 (.dynsym)
234 000: 0 (*local*) 0 (*local*) 2 (GLIBC_2.2.5) 2 (GLIBC_2.2.5)
235
236 Version needs section '.gnu.version_r' contains 1 entries:
237 Addr: 0x0000000000400328 Offset: 0x000328 Link: 6 (.dynstr)
238 000000: Version: 1 File: libc.so.6 Cnt: 1
239 0x0010: Name: GLIBC_2.2.5 Flags: none Version: 2
240
241 Notes at offset 0x0000021c with length 0x00000020:
242 Owner Data size Description
243 GNU 0x00000010 NT_GNU_ABI_TAG (ABI version tag)
244
245 Notes at offset 0x0000023c with length 0x00000024:
246 Owner Data size Description
247 GNU 0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring)