ELF 文件結構

1. 源代碼 b.c

int printf( const char* format, ...);

int global_int_var = 84;

int global_uinit_var;

void func1( int i) {

printf("%d\n",i);

}

int main(void) {

static int static_var = 85;

static int static_var2;

int a = 1;

int b;

func1 (static_var + static_var2 + a + b);

return a;

}

2. 編譯 gcc -c b.c

3. ELF

suse:/jingsheng # readelf -S b.o

There are 12 section headers, starting at offset 0x140:

Section Headers:

[Nr] Name Type Addr Off Size ES Flg Lk Inf Al

[ 0] NULL 00000000 000000 000000 00 0 0 0

[ 1] .text PROGBITS 00000000 000034 000050 00 AX 0 0 4

[ 2] .rel.text REL 00000000 000478 000028 08 10 1 4

[ 3] .data PROGBITS 00000000 000084 000008 00 WA 0 0 4

[ 4] .bss NOBITS 00000000 00008c 000004 00 WA 0 0 4

[ 5] .rodata PROGBITS 00000000 00008c 000004 00 A 0 0 1

[ 6] .comment PROGBITS 00000000 000090 000043 01 MS 0 0 1

[ 7] .comment.SUSE.OPT PROGBITS 00000000 0000d3 000006 01 MS 0 0 1

[ 8] .note.GNU-stack PROGBITS 00000000 0000d9 000000 00 0 0 1

[ 9] .shstrtab STRTAB 00000000 0000d9 000064 00 0 0 1

[10] .symtab SYMTAB 00000000 000320 000100 10 11 11 4

[11] .strtab STRTAB 00000000 000420 000058 00 0 0 1

Key to Flags:

W (write), A (alloc), X (execute), M (merge), S (strings)

I (info), L (link order), G (group), x (unknown)

O (extra OS processing required) o (OS specific), p (processor specific)

suse:/jingsheng # objdump -s -d -h b.o

b.o: file format elf32-i386

Sections:

Idx Name Size VMA LMA File off Algn

0 .text 00000050 00000000 00000000 00000034 2**2

CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE

1 .data 00000008 00000000 00000000 00000084 2**2

CONTENTS, ALLOC, LOAD, DATA

2 .bss 00000004 00000000 00000000 0000008c 2**2

ALLOC

3 .rodata 00000004 00000000 00000000 0000008c 2**0

CONTENTS, ALLOC, LOAD, READONLY, DATA

4 .comment 00000043 00000000 00000000 00000090 2**0

CONTENTS, READONLY

5 .comment.SUSE.OPTs 00000006 00000000 00000000 000000d3 2**0

CONTENTS, READONLY

6 .note.GNU-stack 00000000 00000000 00000000 000000d9 2**0

CONTENTS, READONLY

Contents of section .text:

0000 5589e583 ec188b45 08894424 04c70424 U......E..D$...$

0010 00000000 e8fcffff ffc9c355 89e583e4 ...........U....

0020 f083ec20 c744241c 01000000 8b150400 ... .D$.........

0030 0000a100 0000008d 04020344 241c0344 ...........D$..D

0040 24188904 24e8fcff ffff8b44 241cc9c3 $...$......D$...

Contents of section .data:

0000 54000000 55000000 T...U...

Contents of section .rodata:

0000 25640a00 %d..

Contents of section .comment:

0000 00474343 3a202853 55534520 4c696e75 .GCC: (SUSE Linu

0010 78292034 2e352e30 20323031 30303630 x) 4.5.0 2010060

0020 34205b67 63632d34 5f352d62 72616e63 4 [gcc-4_5-branc

0030 68207265 76697369 6f6e2031 36303239 h revision 16029

0040 325d00 2].

Contents of section .comment.SUSE.OPTs:

0000 6f737077 6700 ospwg.

Disassembly of section .text:

00000000 <func1>:

0: 55 push %ebp

1: 89 e5 mov %esp,%ebp

3: 83 ec 18 sub $0x18,%esp

6: 8b 45 08 mov 0x8(%ebp),%eax

9: 89 44 24 04 mov %eax,0x4(%esp)

d: c7 04 24 00 00 00 00 movl $0x0,(%esp)

14: e8 fc ff ff ff call 15 <func1+0x15>

19: c9 leave

1a: c3 ret

0000001b <main>:

1b: 55 push %ebp

1c: 89 e5 mov %esp,%ebp

1e: 83 e4 f0 and $0xfffffff0,%esp

21: 83 ec 20 sub $0x20,%esp

24: c7 44 24 1c 01 00 00 movl $0x1,0x1c(%esp)

2b: 00

2c: 8b 15 04 00 00 00 mov 0x4,%edx

32: a1 00 00 00 00 mov 0x0,%eax

37: 8d 04 02 lea (%edx,%eax,1),%eax

3a: 03 44 24 1c add 0x1c(%esp),%eax

3e: 03 44 24 18 add 0x18(%esp),%eax

42: 89 04 24 mov %eax,(%esp)

45: e8 fc ff ff ff call 46 <main+0x2b>s

4a: 8b 44 24 1c mov 0x1c(%esp),%eax

4e: c9 leave

4f: c3 ret

suse:/jingsheng # hexdump -C b.o

00000000 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|

00000010 01 00 03 00 01 00 00 00 00 00 00 00 00 00 00 00 |................|

00000020 40 01 00 00 00 00 00 00 34 00 00 00 00 00 28 00 |@.......4.....(.|

00000030 0c 00 09 00 55 89 e5 83 ec 18 8b 45 08 89 44 24 |....U......E..D$| .text

00000040 04 c7 04 24 00 00 00 00 e8 fc ff ff ff c9 c3 55 |...$...........U|

00000050 89 e5 83 e4 f0 83 ec 20 c7 44 24 1c 01 00 00 00 |....... .D$.....|

00000060 8b 15 04 00 00 00 a1 00 00 00 00 8d 04 02 03 44 |...............D|

00000070 24 1c 03 44 24 18 89 04 24 e8 fc ff ff ff 8b 44 |$..D$...$......D|

00000080 24 1c c9 c3 54 00 00 00 55 00 00 00 25 64 0a 00 |$...T...U...%d..| .data .bss .rodata

00000090 00 47 43 43 3a 20 28 53 55 53 45 20 4c 69 6e 75 |.GCC: (SUSE Linu| .comment

000000a0 78 29 20 34 2e 35 2e 30 20 32 30 31 30 30 36 30 |x) 4.5.0 2010060|

000000b0 34 20 5b 67 63 63 2d 34 5f 35 2d 62 72 61 6e 63 |4 [gcc-4_5-branc|

000000c0 68 20 72 65 76 69 73 69 6f 6e 20 31 36 30 32 39 |h revision 16029|

000000d0 32 5d 00 6f 73 70 77 67 00 00 2e 73 79 6d 74 61 |2].ospwg...symta| .comment.SUSE.OPTs .note.GNU-stack .shstrtab

000000e0 62 00 2e 73 74 72 74 61 62 00 2e 73 68 73 74 72 |b..strtab..shstr|

000000f0 74 61 62 00 2e 72 65 6c 2e 74 65 78 74 00 2e 64 |tab..rel.text..d|

00000100 61 74 61 00 2e 62 73 73 00 2e 72 6f 64 61 74 61 |ata..bss..rodata|

00000110 00 2e 63 6f 6d 6d 65 6e 74 00 2e 63 6f 6d 6d 65 |..comment..comme|

00000120 6e 74 2e 53 55 53 45 2e 4f 50 54 73 00 2e 6e 6f |nt.SUSE.OPTs..no|

00000130 74 65 2e 47 4e 55 2d 73 74 61 63 6b 00 00 00 00 |te.GNU-stack....|

00000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| // Section table

00000160 00 00 00 00 00 00 00 00 1f 00 00 00 01 00 00 00 |................|

00000170 06 00 00 00 00 00 00 00 34 00 00 00 50 00 00 00 |........4...P...|

00000180 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|

00000190 1b 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 |................|

000001a0 78 04 00 00 28 00 00 00 0a 00 00 00 01 00 00 00 |x...(...........|

000001b0 04 00 00 00 08 00 00 00 25 00 00 00 01 00 00 00 |........%.......|

000001c0 03 00 00 00 00 00 00 00 84 00 00 00 08 00 00 00 |................|

000001d0 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|

000001e0 2b 00 00 00 08 00 00 00 03 00 00 00 00 00 00 00 |+...............|

000001f0 8c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 |................|

00000200 04 00 00 00 00 00 00 00 30 00 00 00 01 00 00 00 |........0.......|

00000210 02 00 00 00 00 00 00 00 8c 00 00 00 04 00 00 00 |................|

00000220 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|

00000230 38 00 00 00 01 00 00 00 30 00 00 00 00 00 00 00 |8.......0.......|

00000240 90 00 00 00 43 00 00 00 00 00 00 00 00 00 00 00 |....C...........|

00000250 01 00 00 00 01 00 00 00 41 00 00 00 01 00 00 00 |........A.......|

00000260 30 00 00 00 00 00 00 00 d3 00 00 00 06 00 00 00 |0...............|

00000270 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 |................|

00000280 54 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 |T...............|

00000290 d9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|

000002a0 01 00 00 00 00 00 00 00 11 00 00 00 03 00 00 00 |................|

000002b0 00 00 00 00 00 00 00 00 d9 00 00 00 64 00 00 00 |............d...|

000002c0 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|

000002d0 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 |................|

000002e0 20 03 00 00 00 01 00 00 0b 00 00 00 0b 00 00 00 | ...............|

000002f0 04 00 00 00 10 00 00 00 09 00 00 00 03 00 00 00 |................|

00000300 00 00 00 00 00 00 00 00 20 04 00 00 58 00 00 00 |........ ...X...|

00000310 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|

00000320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| .symtab

00000330 01 00 00 00 00 00 00 00 00 00 00 00 04 00 f1 ff |................|

00000340 00 00 00 00 00 00 00 00 00 00 00 00 03 00 01 00 |................|

00000350 00 00 00 00 00 00 00 00 00 00 00 00 03 00 03 00 |................|

00000360 00 00 00 00 00 00 00 00 00 00 00 00 03 00 04 00 |................|

00000370 00 00 00 00 00 00 00 00 00 00 00 00 03 00 05 00 |................|

00000380 05 00 00 00 04 00 00 00 04 00 00 00 01 00 03 00 |................|

00000390 15 00 00 00 00 00 00 00 04 00 00 00 01 00 04 00 |................|

000003a0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 07 00 |................|

000003b0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 08 00 |................|

000003c0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 06 00 |................|

000003d0 26 00 00 00 00 00 00 00 04 00 00 00 11 00 03 00 |&...............|

000003e0 35 00 00 00 04 00 00 00 04 00 00 00 11 00 f2 ff |5...............|

000003f0 46 00 00 00 00 00 00 00 1b 00 00 00 12 00 01 00 |F...............|

00000400 4c 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 |L...............|

00000410 53 00 00 00 1b 00 00 00 35 00 00 00 12 00 01 00 |S.......5.......|

00000420 00 62 2e 63 00 73 74 61 74 69 63 5f 76 61 72 2e |.b.c.static_var.| .strtab

00000430 31 32 32 32 00 73 74 61 74 69 63 5f 76 61 72 32 |1222.static_var2|

00000440 2e 31 32 32 33 00 67 6c 6f 62 61 6c 5f 69 6e 74 |.1223.global_int|

00000450 5f 76 61 72 00 67 6c 6f 62 61 6c 5f 75 69 6e 69 |_var.global_uini|

00000460 74 5f 76 61 72 00 66 75 6e 63 31 00 70 72 69 6e |t_var.func1.prin|

00000470 74 66 00 6d 61 69 6e 00 10 00 00 00 01 05 00 00 |tf.main.........| .rel.text

00000480 15 00 00 00 02 0e 00 00 2e 00 00 00 01 03 00 00 |................|

00000490 33 00 00 00 01 04 00 00 46 00 00 00 02 0d 00 00 |3.......F.......|

000004a0

4. 命令行

readelf 可以打印出各種段信息, 但是不能反編譯, objdump可以

readelf --debug-dump=info b.o

readelf -h b.o 查看header

readelf -S b.o 查看Section tables

readelf -s b.o 查看.symtab

readelf -r b.o 查看.rel.txt

jingsheng321

發佈了41 篇原創文章 · 獲贊 1 · 訪問量 6萬+

私信關注

使用neovim打造go ide(支持代碼跳轉, 代碼補全, 實時語法檢查)

挑戰程序設計競賽 2.3章習題 poj 3046 Ant Counting

Shell/Python中的用戶名獲取

Android 測試環境

點石成金：從沙子到芯片---且看處理器是怎樣煉成的

Bridge和NAT方式配置VirtualBox網絡, 並通過代理服務器訪問互聯網

創建Image, losetup和mount的使用, 併爲Image設備加捲標

mount 掛載文件系統爲讀寫模式

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結