本文主要是介绍Linux下ELF格式可执行文件及动态链接相关部分的解析,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
Linux下面的ELF文件主要由ELF头、程序头和各个段组成。
二进制可执行文件结构
本文使用的示例程序如下。首先把它编译为可执行文件,再使用Linux下面的hexdump命令,把可执行文件完全转换为16进制的表示形式,然后分析这样的表示与ELF文件中各部分的对应关系。
示例程序:
#include <stdio.h>int global_init_var = 84;
int global_uninit_var;void func1(int i)
{printf("%d\n", i);
}
int main(int argc, char **argv)
{static int static_var1 = 85;static int static_var2;int a = 1;int b;func1(static_var1 + static_var2 + a + b);return a;
}使用gcc编译生成二进制可执行文件之后,
gcc exam.c -o exam.out
可以通过反汇编工具objcump来查看文件中各个部分的信息,例如
objdump –d –x –s exam.out
生成的文件中展示了二进制文件中不同的节的解释和描述。
对于二进制文件,在Linux下面,可以通过hexdump命令来以文本的形式表示二进制可执行文件。以下是对exam.out文件执行hexdump命令之后所生成的文件的注释,指明了各个不同的节的开始位置及含义。
文件头:
00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 3e 00 01 00 00 00 c0 03 40 00 00 00 00 00 |..>.......@.....|
phoffset = 40 sh offset = aa0
00000020 40 00 00 00 00 00 00 00 a0 0a 00 00 00 00 00 00||
ehsize=40,phentsiez=38, shentsize=40,shnum=1d
00000030 00 00 00 00 40 00 38 00 08 00 40 00 1d 00 1a 00|....@.8...@.....|
程序头表,phtable,大小为0x38* 0x8 =
00000040 06 00 00 00 05 00 00 00 40 00 00 00 00 00 00 00 |........@.......|
00000050 40 00 40 00 00 00 00 00 40 00 40 00 00 00 00 00 |@.@.....@.@.....|
00000060 c0 01 00 00 00 00 00 00 c0 01 00 00 00 00 00 00 |................|
00000070 08 00 00 00 00 00 00 0003 00 00 00 04 00 00 00 |................|
00000080 00 02 00 00 00 00 00 00 00 02 40 00 00 00 00 00 |..........@.....|
00000090 00 02 40 00 00 00 00 00 1c 00 00 00 00 00 00 00 |..@.............|
000000a0 1c 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
000000b0 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 |................|
000000c0 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 |..@.......@.....|
000000d0 dc 06 00 00 00 00 00 00 dc 06 00 00 00 00 00 00 |................|
000000e0 00 00 20 00 00 00 00 0001 00 00 00 06 00 00 00 |.. .............|
000000f0 e0 06 00 00 00 00 00 00 e0 06 60 00 00 00 00 00 |..........`.....|
00000100 e0 06 60 00 00 00 00 00 30 02 00 00 00 00 00 00 |..`.....0.......|
00000110 40 02 00 00 00 00 00 00 00 00 20 00 00 00 00 00 |@......... .....|
00000120 02 00 00 00 06 00 00 00 f8 06 00 00 00 00 00 00 |................|
00000130 f8 06 60 00 00 00 00 00 f8 06 60 00 00 00 00 00 |..`.......`.....|
00000140 d0 01 00 00 00 00 00 00 d0 01 00 00 00 00 00 00 |................|
00000150 08 00 00 00 00 00 00 0004 00 00 00 04 00 00 00 |................|
00000160 1c 02 00 00 00 00 00 00 1c 02 40 00 00 00 00 00 |..........@.....|
00000170 1c 02 40 00 00 00 00 00 20 00 00 00 00 00 00 00 |..@..... .......|
00000180 20 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 | ...............|
00000190 50 e5 74 64 04 00 00 00 e0 05 00 00 00 00 00 00 |P.td............|
000001a0 e0 05 40 00 00 00 00 00 e0 05 40 00 00 00 00 00 |..@.......@.....|
000001b0 34 00 00 00 00 00 00 00 34 00 00 00 00 00 00 00 |4.......4.......|
000001c0 04 00 00 00 00 00 00 0051 e5 74 64 06 00 00 00 |........Q.td....|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001f0 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 |................|
.interp节PROGBITS
00000200 2f 6c 69 62 36 34 2f 6c 64 2d 6c 69 6e 75 78 2d |/lib64/ld-linux-|
.note.ABI-tag节NOTE
00000210 78 38 36 2d 36 34 2e 73 6f 2e 32 000400 00 00 |x86-64.so.2.....|
00000220 10 00 00 00 01 00 00 00 47 4e 55 00 00 00 00 00 |........GNU.....|
00000230 02 00 00 00 06 00 00 00 09 00 00 00 00 00 00 00 |................|
.hashHASH
00000240 03 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 |................|
00000250 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000260 00 00 00 00 00 00 00 00.dynsym
0000 00 00 00 00 00 00 |................|
00000270 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000280 0b 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 |................|
00000290 00 00 00 00 00 00 00 00 12 00 00 00 12 00 00 00 |................|
000002a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002b0 24 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 |$... ...........|
000002c0 00 00 00 00 00 00 00 00
.dynstr,字符串表1STRTAB
006c 69 62 63 2e 73 6f |.........libc.so|
000002d0 2e 36 00 70 72 69 6e 74 66 00 5f 5f 6c 69 62 63 |.6.printf.__libc|
000002e0 5f 73 74 61 72 74 5f 6d 61 69 6e 00 5f 5f 67 6d |_start_main.__gm|
000002f0 6f 6e 5f 73 74 61 72 74 5f 5f 00 47 4c 49 42 43 |on_start__.GLIBC|
00000300 5f 32 2e 32 2e 35 00 00.gnu.versionVERSYM
0000 02 00 02 00 00 00 |_2.2.5..........|
.gnu.version_rVERNEED
00000310 01 00 01 00 01 00 00 00 10 00 00 00 00 00 00 00 |................|
00000320 75 1a 69 09 00 00 02 00 33 00 00 00 00 00 00 00 |u.i.....3.......|
.rela.dynRELA
00000330 c8 08 60 00 00 00 00 00 06 00 00 00 03 00 00 00 |..`.............|
00000340 00 00 00 00 00 00 00 00
.rela.pltRELA
e808 60 00 00 00 00 00 |..........`.....|
00000350 07 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 |................|
00000360 f0 08 60 00 00 00 00 00 07 00 00 00 02 00 00 00 |..`.............|
00000370 00 00 00 00 00 00 00 00
.initPROGBITS
4883 ec 08 e8 6b 00 00 |........H....k..|
00000380 00 48 83 c4 08 c3 00 00 00 00 00 00 00 00 00 00 |.H..............|
.pltPROGBITS
00000390 ff 35 42 05 20 00 ff 25 44 05 20 00 0f 1f 40 00 |.5B. ..%D. ...@.|
000003a0 ff 25 42 05 20 00 68 00 00 00 00 e9 e0 ff ff ff |.%B. .h.........|
000003b0 ff 25 3a 05 20 00 68 01 00 00 00 e9 d0 ff ff ff |.%:. .h.........|
.textPROGBITS
000003c0 31 ed 49 89 d1 5e 48 89 e2 48 83 e4 f0 50 54 49 |1.I..^H..H...PTI|
000003d0 c7 c0 30 05 40 00 48 c7 c1 40 05 40 00 48 c7 c7 |..0.@.H..@.@.H..|
000003e0 f1 04 40 00 e8 c7 ff ff ff f4 90 90 48 83 ec 08 |..@.........H...|
000003f0 48 8b 05 d1 04 20 00 48 85 c0 74 02 ff d0 48 83 |H.... .H..t...H.|
00000400 c4 08 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 |...f............|
00000410 b8 17 09 60 00 55 48 2d 10 09 60 00 48 83 f8 0e |...`.UH-..`.H...|
00000420 48 89 e5 77 02 5d c3 b8 00 00 00 00 48 85 c0 74 |H..w.]......H..t|
00000430 f4 5d bf 10 09 60 00 ff e0 0f 1f 80 00 00 00 00 |.]...`..........|
00000440 b8 10 09 60 00 55 48 2d 10 09 60 00 48 c1 f8 03 |...`.UH-..`.H...|
00000450 48 89 e5 48 89 c2 48 c1 ea 3f 48 01 d0 48 d1 f8 |H..H..H..?H..H..|
00000460 75 02 5d c3 ba 00 00 00 00 48 85 d2 74 f4 5d 48 |u.]......H..t.]H|
00000470 89 c6 bf 10 09 60 00 ff e2 0f 1f 80 00 00 00 00 |.....`..........|
00000480 80 3d 89 04 20 00 00 75 11 55 48 89 e5 e8 7e ff |.=.. ..u.UH...~.|
00000490 ff ff 5d c6 05 76 04 20 00 01 f3 c3 0f 1f 40 00 |..]..v. ......@.|
000004a0 48 83 3d 48 02 20 00 00 74 1e b8 00 00 00 00 48 |H.=H. ..t......H|
000004b0 85 c0 74 14 55 bf f0 06 60 00 48 89 e5 ff d0 5d |..t.U...`.H....]|
000004c0 e9 7b ff ff ff 0f 1f 00 e9 73 ff ff ff 0f 1f 00 |.{.......s......|
000004d0 55 48 89 e5 48 83 ec 10 89 7d fc 8b 45 fc 89 c6 |UH..H....}..E...|
000004e0 bf dc 05 40 00 b8 00 00 00 00 e8 b1 fe ff ff c9 |...@............|
000004f0 c3 55 48 89 e5 48 83 ec 20 89 7d ec 48 89 75 e0 |.UH..H.. .}.H.u.|
00000500 c7 45 fc 01 00 00 00 8b 15 ff 03 20 00 8b 05 01 |.E......... ....|
00000510 04 20 00 01 c2 8b 45 fc 01 c2 8b 45 f8 01 d0 89 |. ....E....E....|
00000520 c7 e8 aa ff ff ff 8b 45 fc c9 c3 0f 1f 44 00 00 |.......E.....D..|
00000530 f3 c3 0f 1f 80 00 00 00 00 0f 1f 80 00 00 00 00 |................|
00000540 4c 89 64 24 e0 4c 89 6c 24 e8 4c 8d 25 97 01 20 |L.d$.L.l$.L.%.. |
00000550 00 4c 89 74 24 f0 4c 89 7c 24 f8 49 89 f6 48 89 |.L.t$.L.|$.I..H.|
00000560 5c 24 d0 48 89 6c 24 d8 48 83 ec 38 41 89 ff 49 |\$.H.l$.H..8A..I|
00000570 89 d5 e8 01 fe ff ff 48 8d 05 62 01 20 00 49 29 |.......H..b. .I)|
00000580 c4 49 c1 fc 03 4d 85 e4 74 1e 31 ed 48 89 c3 90 |.I...M..t.1.H...|
00000590 48 83 c5 01 4c 89 ea 4c 89 f6 44 89 ff ff 13 48 |H...L..L..D....H|
000005a0 83 c3 08 49 39 ec 75 e8 48 8b 5c 24 08 48 8b 6c |...I9.u.H.\$.H.l|
这篇关于Linux下ELF格式可执行文件及动态链接相关部分的解析的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
