To make us easier to study ELF, you can use the following simple C program:
/* test.c */
#include
int global_data = 4;
int global_data_2;
int main(int argc, char **argv)
{
int local_data = 3;
printf("Hello Worldn");
printf("global_data = %dn", global_data);
printf("global_data_2 = %dn", global_data_2);
printf("local_data = %dn", local_data);
return (0);
}
And compile it:
$ gcc -o test test.c
A. Examining ELF header.
The produced binary will be our examination target. Let's start with the content of the ELF header:
$ readelf -h test
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x80482c0
Start of program headers: 52 (bytes into file)
Start of section headers: 2060 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 7
Size of section headers: 40 (bytes)
Number of section headers: 28
Section header string table index: 25
/* test.c */
#include
int global_data = 4;
int global_data_2;
int main(int argc, char **argv)
{
int local_data = 3;
printf("Hello Worldn");
printf("global_data = %dn", global_data);
printf("global_data_2 = %dn", global_data_2);
printf("local_data = %dn", local_data);
return (0);
}
And compile it:
$ gcc -o test test.c
A. Examining ELF header.
The produced binary will be our examination target. Let's start with the content of the ELF header:
$ readelf -h test
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x80482c0
Start of program headers: 52 (bytes into file)
Start of section headers: 2060 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 7
Size of section headers: 40 (bytes)
Number of section headers: 28
Section header string table index: 25
What does this header tell us?
1.This executable is created for Intel x86 32 bit architecture ("machine" and "class" fields).
2.When executed, program will start running from virtual address 0x80482c0 (see entry point address). The "0x" prefix here means it is a hexadecimal number. This address doesn't point to our main() procedure, but to a procedure named _start. Never felt you had created such thing? Of course you don't. _start procedure is created by the linker whose purpose is to initialize your program.
3.This program has a total of 28 sections and 7 segments
1.This executable is created for Intel x86 32 bit architecture ("machine" and "class" fields).
2.When executed, program will start running from virtual address 0x80482c0 (see entry point address). The "0x" prefix here means it is a hexadecimal number. This address doesn't point to our main() procedure, but to a procedure named _start. Never felt you had created such thing? Of course you don't. _start procedure is created by the linker whose purpose is to initialize your program.
3.This program has a total of 28 sections and 7 segments
Section
Section is an area in the object file that contains information which is useful for linking: program's code, program's data (variables, array, string), relocation information and other. So, in each area, several information is grouped and it has a distinct meaning: code section only hold code, data section only holds initialized or non-initialized data, etc
Section Header Table (SHT) tells us exactly what sections the ELF object has, but at least by looking on "Number of section headers" field above, you can tell that "test" contains 28 sections.
How the kernel knows which section goes to which segment? This is the function of Program Header Table(PHT).
Further Reading
http://www.linuxjournal.com/article/1059
http://www.linuxjournal.com/article/1060
Two good ELF introductory articles written by Eric Youngdale.
http://www.linuxjournal.com/article/1060
Two good ELF introductory articles written by Eric Youngdale.
Try out
No comments:
Post a Comment