-
format "Executable and Linkable" ELF :
typedef struct {
unsigned char e_ident[EI_NIDENT];
uint16_t e_type;
uint16_t e_machine;
uint32_t e_version;
ElfN_Addr e_entry;
ElfN_Off e_phoff;
ElfN_Off e_shoff;
uint32_t e_flags;
uint16_t e_ehsize;
uint16_t e_phentsize;
uint16_t e_phnum;
uint16_t e_shentsize;
uint16_t e_shnum;
uint16_t e_shstrndx;
} ElfN_Ehdr;
typedef struct { typedef struct {
uint32_t p_type; uint32_t p_type;
Elf32_Off p_offset; uint32_t p_flags;
Elf32_Addr p_vaddr; Elf64_Off p_offset;
Elf32_Addr p_paddr; Elf64_Addr p_vaddr;
uint32_t p_filesz; Elf64_Addr p_paddr;
uint32_t p_memsz; uint64_t p_filesz;
uint32_t p_flags; uint64_t p_memsz;
uint32_t p_align; uint64_t p_align;
} Elf32_Phdr; } Elf64_Phdr;
typedef struct { typedef struct {
uint32_t sh_name; uint32_t sh_name;
uint32_t sh_type; uint32_t sh_type;
uint32_t sh_flags; uint64_t sh_flags;
Elf32_Addr sh_addr; Elf64_Addr sh_addr;
Elf32_Off sh_offset; Elf64_Off sh_offset;
uint32_t sh_size; uint64_t sh_size;
uint32_t sh_link; uint32_t sh_link;
uint32_t sh_info; uint32_t sh_info;
uint32_t sh_addralign; uint64_t sh_addralign;
uint32_t sh_entsize; uint64_t sh_entsize;
} Elf32_Shdr; } Elf64_Shdr;
- sections importantes :
-
.text :
- instructions du programme ;
- .bss :
- données non initialisées ;
- .data :
- données initialisées ;
- .rodata :
- données initialisées en lecture seule ;
- .symtab :
- table des symboles (entités du programme) ;
- .strtab :
- noms des symboles de la table des symboles ;
- .shstrtab :
- noms des sections du fichier ELF ;
- .interp :
- interpréteur du programme (e.g. chargeur de bibliothéques) ;
- .dynamic :
- informations concernant les bibliothéques dynamiques ;
- .dynsym :
- symboles pour les liaison dynamiques ;
- .dynstr :
- noms des symboles pour les liaison dynamiques ;
- .hash :
- table pour retrouver rapidement les symboles ;
- .got :
- table des symboles dynamiques (Global Offset Table) ;
- .rel.XXX :
- informations de repositionnement ;
- YYY.ptl :
- indirections pour fonctions dynamiques (Procedure Linkage Table).
- exemple d’entête de fichier objet :
$ gcc -Wall -fno-asynchronous-unwind-tables -c prog2.c
$ readelf -h prog2.o
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: REL (Relocatable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x0
Start of program headers: 0 (bytes into file)
Start of section headers: 260 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 0 (bytes)
Number of program headers: 0
Size of section headers: 40 (bytes)
Number of section headers: 11
Section header string table index: 8
- liste des sections pour le même exemple :
$ readelf -S prog2.o
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 00000000 000034 00005c 00 AX 0 0 4
[ 2] .rel.text REL 00000000 000390 000018 08 9 1 4
[ 3] .data PROGBITS 00000000 000090 000000 00 WA 0 0 4
[ 4] .bss NOBITS 00000000 000090 000000 00 WA 0 0 4
[ 5] .rodata PROGBITS 00000000 000090 000004 00 A 0 0 1
[ 6] .comment PROGBITS 00000000 000094 00001e 01 MS 0 0 1
[ 7] .note.GNU-stack PROGBITS 00000000 0000b2 000000 00 0 0 1
[ 8] .shstrtab STRTAB 00000000 0000b2 000051 00 0 0 1
[ 9] .symtab SYMTAB 00000000 0002bc 0000b0 10 10 8 4
[10] .strtab STRTAB 00000000 00036c 000023 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
- symboles et repositionnements pour le même exemple :
$ readelf -s prog2.o
Symbol table '.symtab' contains 11 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 0 FILE LOCAL DEFAULT ABS prog2.c
2: 00000000 0 SECTION LOCAL DEFAULT 1
3: 00000000 0 SECTION LOCAL DEFAULT 3
4: 00000000 0 SECTION LOCAL DEFAULT 4
5: 00000000 0 SECTION LOCAL DEFAULT 5
6: 00000000 0 SECTION LOCAL DEFAULT 7
7: 00000000 0 SECTION LOCAL DEFAULT 6
8: 00000000 34 FUNC GLOBAL DEFAULT 1 ecrire_entier
9: 00000000 0 NOTYPE GLOBAL DEFAULT UND printf
10: 00000022 58 FUNC GLOBAL DEFAULT 1 main
$ readelf -r prog2.o
Relocation section '.rel.text' at offset 0x390 contains 3 entries:
Offset Info Type Sym.Value Sym. Name
00000007 00000501 R_386_32 00000000 .rodata
00000016 00000902 R_386_PC32 00000000 printf
00000045 00000802 R_386_PC32 00000000 ecrire_entier
- exemple d’entête de fichier exécutable :
$ ld -m elf_i386 -dynamic-linker /lib/ld-linux.so.2 \
prog2.o /usr/lib/i386-linux-gnu/crt*.o -o prog2 -lc
$ readelf -h prog2
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x804831c
Start of program headers: 52 (bytes into file)
Start of section headers: 1524 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 7
Size of section headers: 40 (bytes)
Number of section headers: 24
Section header string table index: 21
- exemple de segments pour le même exemple :
$ readelf -l prog2
Elf file type is EXEC (Executable file)
Entry point 0x804831c
There are 7 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x08048034 0x08048034 0x000e0 0x000e0 R E 0x4
INTERP 0x000114 0x08048114 0x08048114 0x00013 0x00013 R 0x1
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD 0x000000 0x08048000 0x08048000 0x00410 0x00410 R E 0x1000
LOAD 0x000410 0x08049410 0x08049410 0x000e8 0x000e8 RW 0x1000
DYNAMIC 0x000410 0x08049410 0x08049410 0x000c8 0x000c8 RW 0x4
NOTE 0x000128 0x08048128 0x08048128 0x00020 0x00020 R 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame
03 .dynamic .got .got.plt .data
04 .dynamic
05 .note.ABI-tag
06
