Linux下ELF格式可执行文件及动态链接相关部分的解析

2024-06-22 05:58

本文主要是介绍Linux下ELF格式可执行文件及动态链接相关部分的解析,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

Linux下面的ELF文件主要由ELF头、程序头和各个段组成。

二进制可执行文件结构

本文使用的示例程序如下。首先把它编译为可执行文件,再使用Linux下面的hexdump命令,把可执行文件完全转换为16进制的表示形式,然后分析这样的表示与ELF文件中各部分的对应关系。

示例程序:

#include <stdio.h>int global_init_var = 84;
int global_uninit_var;void func1(int i)
{printf("%d\n", i);
}
int main(int argc, char **argv)
{static int static_var1 = 85;static int static_var2;int a = 1;int b;func1(static_var1 + static_var2 + a + b);return a;
}

使用gcc编译生成二进制可执行文件之后,

gcc exam.c -o exam.out

可以通过反汇编工具objcump来查看文件中各个部分的信息,例如

objdump –d –x –s exam.out

生成的文件中展示了二进制文件中不同的节的解释和描述。

对于二进制文件,在Linux下面,可以通过hexdump命令来以文本的形式表示二进制可执行文件。以下是对exam.out文件执行hexdump命令之后所生成的文件的注释,指明了各个不同的节的开始位置及含义。

文件头:

00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|

00000010 02 00 3e 00 01 00 00 00 c0 03 40 00 00 00 00 00 |..>.......@.....|

phoffset = 40 sh offset = aa0

00000020 40 00 00 00 00 00 00 00 a0 0a 00 00 00 00 00 00||

ehsize=40,phentsiez=38, shentsize=40,shnum=1d

00000030 00 00 00 00 40 00 38 00 08 00 40 00 1d 00 1a 00|....@.8...@.....|

程序头表,phtable,大小为0x38* 0x8 =

00000040 06 00 00 00 05 00 00 00 40 00 00 00 00 00 00 00 |........@.......|

00000050 40 00 40 00 00 00 00 00 40 00 40 00 00 00 00 00 |@.@.....@.@.....|

00000060 c0 01 00 00 00 00 00 00 c0 01 00 00 00 00 00 00 |................|

00000070 08 00 00 00 00 00 00 0003 00 00 00 04 00 00 00 |................|

00000080 00 02 00 00 00 00 00 00 00 02 40 00 00 00 00 00 |..........@.....|

00000090 00 02 40 00 00 00 00 00 1c 00 00 00 00 00 00 00 |..@.............|

000000a0 1c 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|

000000b0 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 |................|

000000c0 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 |..@.......@.....|

000000d0 dc 06 00 00 00 00 00 00 dc 06 00 00 00 00 00 00 |................|

000000e0 00 00 20 00 00 00 00 0001 00 00 00 06 00 00 00 |.. .............|

000000f0 e0 06 00 00 00 00 00 00 e0 06 60 00 00 00 00 00 |..........`.....|

00000100 e0 06 60 00 00 00 00 00 30 02 00 00 00 00 00 00 |..`.....0.......|

00000110 40 02 00 00 00 00 00 00 00 00 20 00 00 00 00 00 |@......... .....|

00000120 02 00 00 00 06 00 00 00 f8 06 00 00 00 00 00 00 |................|

00000130 f8 06 60 00 00 00 00 00 f8 06 60 00 00 00 00 00 |..`.......`.....|

00000140 d0 01 00 00 00 00 00 00 d0 01 00 00 00 00 00 00 |................|

00000150 08 00 00 00 00 00 00 0004 00 00 00 04 00 00 00 |................|

00000160 1c 02 00 00 00 00 00 00 1c 02 40 00 00 00 00 00 |..........@.....|

00000170 1c 02 40 00 00 00 00 00 20 00 00 00 00 00 00 00 |..@..... .......|

00000180 20 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 | ...............|

00000190 50 e5 74 64 04 00 00 00 e0 05 00 00 00 00 00 00 |P.td............|

000001a0 e0 05 40 00 00 00 00 00 e0 05 40 00 00 00 00 00 |..@.......@.....|

000001b0 34 00 00 00 00 00 00 00 34 00 00 00 00 00 00 00 |4.......4.......|

000001c0 04 00 00 00 00 00 00 0051 e5 74 64 06 00 00 00 |........Q.td....|

000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|

000001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|

000001f0 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 |................|


.interpPROGBITS

00000200 2f 6c 69 62 36 34 2f 6c 64 2d 6c 69 6e 75 78 2d |/lib64/ld-linux-|

.note.ABI-tagNOTE

00000210 78 38 36 2d 36 34 2e 73 6f 2e 32 000400 00 00 |x86-64.so.2.....|

00000220 10 00 00 00 01 00 00 00 47 4e 55 00 00 00 00 00 |........GNU.....|

00000230 02 00 00 00 06 00 00 00 09 00 00 00 00 00 00 00 |................|

.hashHASH

00000240 03 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 |................|

00000250 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|

00000260 00 00 00 00 00 00 00 00.dynsym

0000 00 00 00 00 00 00 |................|

00000270 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|

00000280 0b 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 |................|

00000290 00 00 00 00 00 00 00 00 12 00 00 00 12 00 00 00 |................|

000002a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|

000002b0 24 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 |$... ...........|

000002c0 00 00 00 00 00 00 00 00

.dynstr字符串表1STRTAB

006c 69 62 63 2e 73 6f |.........libc.so|

000002d0 2e 36 00 70 72 69 6e 74 66 00 5f 5f 6c 69 62 63 |.6.printf.__libc|

000002e0 5f 73 74 61 72 74 5f 6d 61 69 6e 00 5f 5f 67 6d |_start_main.__gm|

000002f0 6f 6e 5f 73 74 61 72 74 5f 5f 00 47 4c 49 42 43 |on_start__.GLIBC|

00000300 5f 32 2e 32 2e 35 00 00.gnu.versionVERSYM

0000 02 00 02 00 00 00 |_2.2.5..........|

.gnu.version_rVERNEED

00000310 01 00 01 00 01 00 00 00 10 00 00 00 00 00 00 00 |................|

00000320 75 1a 69 09 00 00 02 00 33 00 00 00 00 00 00 00 |u.i.....3.......|

.rela.dynRELA

00000330 c8 08 60 00 00 00 00 00 06 00 00 00 03 00 00 00 |..`.............|

00000340 00 00 00 00 00 00 00 00

.rela.pltRELA

e808 60 00 00 00 00 00 |..........`.....|

00000350 07 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 |................|

00000360 f0 08 60 00 00 00 00 00 07 00 00 00 02 00 00 00 |..`.............|

00000370 00 00 00 00 00 00 00 00

.initPROGBITS

4883 ec 08 e8 6b 00 00 |........H....k..|

00000380 00 48 83 c4 08 c3 00 00 00 00 00 00 00 00 00 00 |.H..............|

.pltPROGBITS

00000390 ff 35 42 05 20 00 ff 25 44 05 20 00 0f 1f 40 00 |.5B. ..%D. ...@.|

000003a0 ff 25 42 05 20 00 68 00 00 00 00 e9 e0 ff ff ff |.%B. .h.........|

000003b0 ff 25 3a 05 20 00 68 01 00 00 00 e9 d0 ff ff ff |.%:. .h.........|

.textPROGBITS

000003c0 31 ed 49 89 d1 5e 48 89 e2 48 83 e4 f0 50 54 49 |1.I..^H..H...PTI|

000003d0 c7 c0 30 05 40 00 48 c7 c1 40 05 40 00 48 c7 c7 |..0.@.H..@.@.H..|

000003e0 f1 04 40 00 e8 c7 ff ff ff f4 90 90 48 83 ec 08 |..@.........H...|

000003f0 48 8b 05 d1 04 20 00 48 85 c0 74 02 ff d0 48 83 |H.... .H..t...H.|

00000400 c4 08 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 |...f............|

00000410 b8 17 09 60 00 55 48 2d 10 09 60 00 48 83 f8 0e |...`.UH-..`.H...|

00000420 48 89 e5 77 02 5d c3 b8 00 00 00 00 48 85 c0 74 |H..w.]......H..t|

00000430 f4 5d bf 10 09 60 00 ff e0 0f 1f 80 00 00 00 00 |.]...`..........|

00000440 b8 10 09 60 00 55 48 2d 10 09 60 00 48 c1 f8 03 |...`.UH-..`.H...|

00000450 48 89 e5 48 89 c2 48 c1 ea 3f 48 01 d0 48 d1 f8 |H..H..H..?H..H..|

00000460 75 02 5d c3 ba 00 00 00 00 48 85 d2 74 f4 5d 48 |u.]......H..t.]H|

00000470 89 c6 bf 10 09 60 00 ff e2 0f 1f 80 00 00 00 00 |.....`..........|

00000480 80 3d 89 04 20 00 00 75 11 55 48 89 e5 e8 7e ff |.=.. ..u.UH...~.|

00000490 ff ff 5d c6 05 76 04 20 00 01 f3 c3 0f 1f 40 00 |..]..v. ......@.|

000004a0 48 83 3d 48 02 20 00 00 74 1e b8 00 00 00 00 48 |H.=H. ..t......H|

000004b0 85 c0 74 14 55 bf f0 06 60 00 48 89 e5 ff d0 5d |..t.U...`.H....]|

000004c0 e9 7b ff ff ff 0f 1f 00 e9 73 ff ff ff 0f 1f 00 |.{.......s......|

000004d0 55 48 89 e5 48 83 ec 10 89 7d fc 8b 45 fc 89 c6 |UH..H....}..E...|

000004e0 bf dc 05 40 00 b8 00 00 00 00 e8 b1 fe ff ff c9 |...@............|

000004f0 c3 55 48 89 e5 48 83 ec 20 89 7d ec 48 89 75 e0 |.UH..H.. .}.H.u.|

00000500 c7 45 fc 01 00 00 00 8b 15 ff 03 20 00 8b 05 01 |.E......... ....|

00000510 04 20 00 01 c2 8b 45 fc 01 c2 8b 45 f8 01 d0 89 |. ....E....E....|

00000520 c7 e8 aa ff ff ff 8b 45 fc c9 c3 0f 1f 44 00 00 |.......E.....D..|

00000530 f3 c3 0f 1f 80 00 00 00 00 0f 1f 80 00 00 00 00 |................|

00000540 4c 89 64 24 e0 4c 89 6c 24 e8 4c 8d 25 97 01 20 |L.d$.L.l$.L.%.. |

00000550 00 4c 89 74 24 f0 4c 89 7c 24 f8 49 89 f6 48 89 |.L.t$.L.|$.I..H.|

00000560 5c 24 d0 48 89 6c 24 d8 48 83 ec 38 41 89 ff 49 |\$.H.l$.H..8A..I|

00000570 89 d5 e8 01 fe ff ff 48 8d 05 62 01 20 00 49 29 |.......H..b. .I)|

00000580 c4 49 c1 fc 03 4d 85 e4 74 1e 31 ed 48 89 c3 90 |.I...M..t.1.H...|

00000590 48 83 c5 01 4c 89 ea 4c 89 f6 44 89 ff ff 13 48 |H...L..L..D....H|

000005a0 83 c3 08 49 39 ec 75 e8 48 8b 5c 24 08 48 8b 6c |...I9.u.H.\$.H.l|

这篇关于Linux下ELF格式可执行文件及动态链接相关部分的解析的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!



http://www.chinasem.cn/article/1083479

相关文章

网页解析 lxml 库--实战

lxml库使用流程 lxml 是 Python 的第三方解析库,完全使用 Python 语言编写,它对 XPath表达式提供了良好的支 持,因此能够了高效地解析 HTML/XML 文档。本节讲解如何通过 lxml 库解析 HTML 文档。 pip install lxml lxm| 库提供了一个 etree 模块,该模块专门用来解析 HTML/XML 文档,下面来介绍一下 lxml 库

linux-基础知识3

打包和压缩 zip 安装zip软件包 yum -y install zip unzip 压缩打包命令: zip -q -r -d -u 压缩包文件名 目录和文件名列表 -q:不显示命令执行过程-r:递归处理,打包各级子目录和文件-u:把文件增加/替换到压缩包中-d:从压缩包中删除指定的文件 解压:unzip 压缩包名 打包文件 把压缩包从服务器下载到本地 把压缩包上传到服务器(zip

第10章 中断和动态时钟显示

第10章 中断和动态时钟显示 从本章开始,按照书籍的划分,第10章开始就进入保护模式(Protected Mode)部分了,感觉从这里开始难度突然就增加了。 书中介绍了为什么有中断(Interrupt)的设计,中断的几种方式:外部硬件中断、内部中断和软中断。通过中断做了一个会走的时钟和屏幕上输入字符的程序。 我自己理解中断的一些作用: 为了更好的利用处理器的性能。协同快速和慢速设备一起工作

sqlite3 相关知识

WAL 模式 VS 回滚模式 特性WAL 模式回滚模式(Rollback Journal)定义使用写前日志来记录变更。使用回滚日志来记录事务的所有修改。特点更高的并发性和性能;支持多读者和单写者。支持安全的事务回滚,但并发性较低。性能写入性能更好,尤其是读多写少的场景。写操作会造成较大的性能开销,尤其是在事务开始时。写入流程数据首先写入 WAL 文件,然后才从 WAL 刷新到主数据库。数据在开始

动态规划---打家劫舍

题目: 你是一个专业的小偷,计划偷窃沿街的房屋。每间房内都藏有一定的现金,影响你偷窃的唯一制约因素就是相邻的房屋装有相互连通的防盗系统,如果两间相邻的房屋在同一晚上被小偷闯入,系统会自动报警。 给定一个代表每个房屋存放金额的非负整数数组,计算你 不触动警报装置的情况下 ,一夜之内能够偷窃到的最高金额。 思路: 动态规划五部曲: 1.确定dp数组及含义 dp数组是一维数组,dp[i]代表

【C++】_list常用方法解析及模拟实现

相信自己的力量,只要对自己始终保持信心,尽自己最大努力去完成任何事,就算事情最终结果是失败了,努力了也不留遗憾。💓💓💓 目录   ✨说在前面 🍋知识点一:什么是list? •🌰1.list的定义 •🌰2.list的基本特性 •🌰3.常用接口介绍 🍋知识点二:list常用接口 •🌰1.默认成员函数 🔥构造函数(⭐) 🔥析构函数 •🌰2.list对象

Linux 网络编程 --- 应用层

一、自定义协议和序列化反序列化 代码: 序列化反序列化实现网络版本计算器 二、HTTP协议 1、谈两个简单的预备知识 https://www.baidu.com/ --- 域名 --- 域名解析 --- IP地址 http的端口号为80端口,https的端口号为443 url为统一资源定位符。CSDNhttps://mp.csdn.net/mp_blog/creation/editor

【Python编程】Linux创建虚拟环境并配置与notebook相连接

1.创建 使用 venv 创建虚拟环境。例如,在当前目录下创建一个名为 myenv 的虚拟环境: python3 -m venv myenv 2.激活 激活虚拟环境使其成为当前终端会话的活动环境。运行: source myenv/bin/activate 3.与notebook连接 在虚拟环境中,使用 pip 安装 Jupyter 和 ipykernel: pip instal

安卓链接正常显示,ios#符被转义%23导致链接访问404

原因分析: url中含有特殊字符 中文未编码 都有可能导致URL转换失败,所以需要对url编码处理  如下: guard let allowUrl = webUrl.addingPercentEncoding(withAllowedCharacters: .urlQueryAllowed) else {return} 后面发现当url中有#号时,会被误伤转义为%23,导致链接无法访问