linux可执行文件格式
http://blog.csdn.net/dadalan/article/details/2890957
可執行文件可以是具有不同格式的二進制文件,也可以是一個文本的腳本。可執行文件映像中包含了進程執行的代碼和數據,同時也包含了操作系統用來將映像正確裝入內存并執行的信息。在Linux中,當前的“本地”(系統默認的)可執行文件格式是ELF[15] (Executable and Linking Format)可執行鏈接格式。由于先前的a.out格式難于實現共享庫,不能適用于動態鏈接,所以目前已經全部被ELF所替換。不過,Linux仍然為 a.out保留了一個二進制處理程序,但通常是使用ELF。
Linux的加載程序一般是根據內嵌在可執行文件開頭的“magic序列”(一個特殊字節序列)來識別文件,有時也會通過文件名的一些特性。例如,Java編譯處理程序可以保證其文件名以.class結尾,并且文件起始前四個字節是 0xcafebabe,這是Java標準所定義的。下面是2.4版本內核在Intel體系下所提供的二進制處理程序,理論上,Linux靈活到足以處理幾乎所有的目標文件格式。
(1)a.out(在fs/binfmt_aout.c中):這是為了支持原來風格的Linux二進制文件。它的存在主要是為了滿足一些系統的向后兼容的需要,但是基本上a.out已經光榮退役了。
(2) ELF(在fs/binfmt_elf.c中):目前是Linux默認的二進制文件格式。該格式在可執行文件和共享庫中都廣泛使用。最新的Linux系統 (例如Red Hat 9)一般只預裝了ELF二進制文件解釋器,但是特殊情況下要決定加載a.out二進制文件,那么系統也通過模塊的方式,對它提供支持。雖然ELF被作為慣用的Linux本地格式,但也和其它格式一樣使用同一個加載處理程序。
(3)EM86(在fs/binfmt_em86.c中):允許在Alpha機器上運行Intel的Linux二進制文件,仿佛它們就是Alpha的本地二進制文件。
(4) Java(在fs/binfmt_java.c中):可以不必每次都定義Java字節碼的解釋程序就可以執行Java的.class文件。這種機制和腳本中使用的機制類似,通過把.class文件的文件名作為參數傳遞,處理程序返回執行整型字節碼的解釋程序。從用戶的觀點來看,Java二進制文件是作為本地可執行文件處理的。
(5)misc(在fs/binfmt_misc.c中):這是最明智地使用二進制處理程序的方法,這個處理程序通過內嵌的特征數字或者文件名后綴可以識別出各種二進制格式,不過最優秀的特性是它可以在運行期配置,而不是只能在編譯期配置。因此,只要遵循其規則,就可以快速的增加對新二進制文件的支持,而不用重新編譯內核,也無須重新啟動機器。Linux源程序文件中的注釋建議最終使用它來取代Java和EM86二進制處理程序。
(6)腳本(在fs/binfmt_script.c中):對于shell腳本、Perl腳本等提供支持。寬松一點地說,所有前面兩個字符是“#!”的可執行文件,都歸由這個二進制處理程序進行處理。
這些Linux支持的二進制格式,可以在內核編譯鏈接的時候直接建立在內核之中,也可以在內核運行的時候作為模塊來加載。內核保存了支持的二進制格式解釋程序的列表,當試圖執行一個文件的時候,每一個二進制格式都會被依次嘗試,直到判斷出可識別的對應的二進制格式為止。
?
==============================
Linux 查看 elf可執行文件格式的兩個命令
使用objdump 和readelf 兩個命令,我們可以看到elf的各個節段的 信息還有 運行時需要那些動態鏈接庫,elf中的匯編代碼等等。 我就是想用來查看 這個elf運行需要哪些 *.so 文件
#include<stdio.h>
int test()
{
return 0;
}
int main(void)
{
int i;
int j =0;
//printf ("sizeof (int)=%d\n",sizeof (int));
if ( i = j )
???? printf ("\ntrue\n",i);
return 0;
}
gcc main.c 編譯后,
www.lnuxidc.com@linuxidc:~/桌面$ readelf -a a.out
ELF Header:
Magic:?? 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class:???????????????????????????? ELF32
Data:????????????????????????????? 2's complement, little endian
Version:?????????????????????????? 1 (current)
OS/ABI:??????????????????????????? UNIX - System V
ABI Version:?????????????????????? 0
Type:????????????????????????????? EXEC (Executable file)
Machine:?????????????????????????? Intel 80386
Version:?????????????????????????? 0x1
Entry point address:?????????????? 0x8048310
Start of program headers:????????? 52 (bytes into file)
Start of section headers:????????? 5996 (bytes into file)
Flags:???????????????????????????? 0x0
Size of this header:?????????????? 52 (bytes)
Size of program headers:?????????? 32 (bytes)
Number of program headers:???????? 8
Size of section headers:?????????? 40 (bytes)
Number of section headers:???????? 36
Section header string table index: 33
Section Headers:
[Nr] Name????????????? Type??????????? Addr???? Off??? Size?? ES Flg Lk Inf Al
[ 0]?????????????????? NULL??????????? 00000000 000000 000000 00????? 0?? 0 0
[ 1] .interp?????????? PROGBITS??????? 08048134 000134 000013 00?? A 0?? 0 1
[ 2] .note.ABI-tag???? NOTE??????????? 08048148 000148 000020 00?? A 0?? 0 4
[ 3] .hash???????????? HASH??????????? 08048168 000168 000028 04?? A 5?? 0 4
[ 4] .gnu.hash???????? GNU_HASH??????? 08048190 000190 000020 04?? A 5?? 0 4
[ 5] .dynsym?????????? DYNSYM????????? 080481b0 0001b0 000050 10?? A 6?? 1 4
[ 6] .dynstr?????????? STRTAB????????? 08048200 000200 00004c 00?? A 0?? 0 1
[ 7] .gnu.version????? VERSYM????????? 0804824c 00024c 00000a 02?? A 5?? 0 2
[ 8] .gnu.version_r??? VERNEED???????? 08048258 000258 000020 00?? A 6?? 1 4
[ 9] .rel.dyn????????? REL???????????? 08048278 000278 000008 08?? A 5?? 0 4
[10] .rel.plt????????? REL???????????? 08048280 000280 000018 08?? A 5 12 4
[11] .init???????????? PROGBITS??????? 08048298 000298 000030 00 AX 0?? 0 4
[12] .plt????????????? PROGBITS??????? 080482c8 0002c8 000040 04 AX 0?? 0 4
[13] .text???????????? PROGBITS??????? 08048310 000310 0001ac 00 AX 0?? 0 16
[14] .fini???????????? PROGBITS??????? 080484bc 0004bc 00001c 00 AX 0?? 0 4
[15] .rodata?????????? PROGBITS??????? 080484d8 0004d8 00000f 00?? A 0?? 0 4
[16] .eh_frame???????? PROGBITS??????? 080484e8 0004e8 000004 00?? A 0?? 0 4
[17] .ctors??????????? PROGBITS??????? 08049f0c 000f0c 000008 00 WA 0?? 0 4
[18] .dtors??????????? PROGBITS??????? 08049f14 000f14 000008 00 WA 0?? 0 4
[19] .jcr????????????? PROGBITS??????? 08049f1c 000f1c 000004 00 WA 0?? 0 4
[20] .dynamic????????? DYNAMIC???????? 08049f20 000f20 0000d0 08 WA 6?? 0 4
[21] .got????????????? PROGBITS??????? 08049ff0 000ff0 000004 04 WA 0?? 0 4
[22] .got.plt????????? PROGBITS??????? 08049ff4 000ff4 000018 04 WA 0?? 0 4
[23] .data???????????? PROGBITS??????? 0804a00c 00100c 000008 00 WA 0?? 0 4
[24] .bss????????????? NOBITS????????? 0804a014 001014 000008 00 WA 0?? 0 4
[25] .comment????????? PROGBITS??????? 00000000 001014 0000fc 00????? 0?? 0 1
[26] .debug_aranges??? PROGBITS??????? 00000000 001110 000070 00????? 0?? 0 8
[27] .debug_pubnames?? PROGBITS??????? 00000000 001180 000025 00????? 0?? 0 1
[28] .debug_info?????? PROGBITS??????? 00000000 0011a5 0001b5 00????? 0?? 0 1
[29] .debug_abbrev???? PROGBITS??????? 00000000 00135a 000083 00????? 0?? 0 1
[30] .debug_line?????? PROGBITS??????? 00000000 0013dd 000180 00????? 0?? 0 1
[31] .debug_str??????? PROGBITS??????? 00000000 00155d 00008e 01 MS 0?? 0 1
[32] .debug_ranges???? PROGBITS??????? 00000000 0015f0 000040 00????? 0?? 0 8
[33] .shstrtab???????? STRTAB????????? 00000000 001630 000139 00????? 0?? 0 1
[34] .symtab?????????? SYMTAB????????? 00000000 001d0c 0004b0 10???? 35 54 4
[35] .strtab?????????? STRTAB????????? 00000000 0021bc 000213 00????? 0?? 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no section groups in this file.
?
Dynamic section at offset 0xf20 contains 21 entries: 用 readelf -d 命令可以單獨查看這個Dynamic section
Tag??????? Type???????????????????????? Name/Value
0x00000001 (NEEDED)???????????????????? Shared library: [libc.so.6]?? 需要的動態鏈接庫
0x0000000c (INIT)?????????????????????? 0x8048298
0x0000000d (FINI)?????????????????????? 0x80484bc
0x00000004 (HASH)?????????????????????? 0x8048168
0x6ffffef5 (GNU_HASH)?????????????????? 0x8048190
0x00000005 (STRTAB)???????????????????? 0x8048200
0x00000006 (SYMTAB)???????????????????? 0x80481b0
0x0000000a (STRSZ)????????????????????? 76 (bytes)
0x0000000b (SYMENT)???????????????????? 16 (bytes)
0x00000015 (DEBUG)????????????????????? 0x0
0x00000003 (PLTGOT)???????????????????? 0x8049ff4
0x00000002 (PLTRELSZ)?????????????????? 24 (bytes)
0x00000014 (PLTREL)???????????????????? REL
0x00000017 (JMPREL)???????????????????? 0x8048280
0x00000011 (REL)??????????????????????? 0x8048278
0x00000012 (RELSZ)????????????????????? 8 (bytes)
0x00000013 (RELENT)???????????????????? 8 (bytes)
0x6ffffffe (VERNEED)??????????????????? 0x8048258
0x6fffffff (VERNEEDNUM)???????????????? 1
0x6ffffff0 (VERSYM)???????????????????? 0x804824c
0x00000000 (NULL)?????????????????????? 0x0
Relocation section '.rel.dyn' at offset 0x278 contains 1 entries:
Offset???? Info??? Type??????????? Sym.Value Sym. Name
08049ff0 00000106 R_386_GLOB_DAT??? 00000000?? __gmon_start__
Relocation section '.rel.plt' at offset 0x280 contains 3 entries:
Offset???? Info??? Type??????????? Sym.Value Sym. Name
0804a000 00000107 R_386_JUMP_SLOT?? 00000000?? __gmon_start__
0804a004 00000207 R_386_JUMP_SLOT?? 00000000?? __libc_start_main
0804a008 00000307 R_386_JUMP_SLOT?? 00000000?? printf
There are no unwind sections in this file.
Symbol table '.dynsym' contains 5 entries:
?? Num:??? Value Size Type??? Bind?? Vis????? Ndx Name
???? 0: 00000000???? 0 NOTYPE LOCAL DEFAULT UND
???? 1: 00000000???? 0 NOTYPE WEAK?? DEFAULT UND __gmon_start__
???? 2: 00000000???? 0 FUNC??? GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (2)
???? 3: 00000000???? 0 FUNC??? GLOBAL DEFAULT UND printf@GLIBC_2.0 (2)
???? 4: 080484dc???? 4 OBJECT GLOBAL DEFAULT?? 15 _IO_stdin_used
Symbol table '.symtab' contains 75 entries:
?? Num:??? Value Size Type??? Bind?? Vis????? Ndx Name
。。。。。。
??? 67: 00000000???? 0 FUNC??? GLOBAL DEFAULT UND printf@@GLIBC_2.0
??? 68: 0804a014???? 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
??? 69: 080483c4??? 10 FUNC??? GLOBAL DEFAULT?? 13 test
??? 70: 0804a01c???? 0 NOTYPE GLOBAL DEFAULT ABS _end
??? 71: 0804a014???? 0 NOTYPE GLOBAL DEFAULT ABS _edata
??? 72: 0804848a???? 0 FUNC??? GLOBAL HIDDEN?? 13 __i686.get_pc_thunk.bx
??? 73: 080483ce??? 69 FUNC??? GLOBAL DEFAULT?? 13 main
??? 74: 08048298???? 0 FUNC??? GLOBAL DEFAULT?? 11 _init
---------------------------------------------------
www.lnuxidc.com@linuxidc:~/桌面$ objdump -d a.out?? 反匯編
a.out:???? file format elf32-i386
??? ...
080482f8 <printf@plt>:
80482f8:??? ff 25 08 a0 04 08??????? jmp??? *0x804a008
80482fe:??? 68 10 00 00 00?????????? push?? $0x10
8048303:??? e9 c0 ff ff ff?????????? jmp??? 80482c8 <_init+0x30>
Disassembly of section .text:
080483ce <main>:
80483ce:??? 8d 4c 24 04????????????? lea??? 0x4(%esp),%ecx
80483d2:??? 83 e4 f0???????????????? and??? $0xfffffff0,%esp
80483d5:??? ff 71 fc???????????????? pushl -0x4(%ecx)
80483d8:??? 55?????????????????????? push?? %ebp
80483d9:??? 89 e5??????????????????? mov??? %esp,%ebp
80483db:??? 51?????????????????????? push?? %ecx
80483dc:??? 83 ec 24???????????????? sub??? $0x24,%esp
80483df:??? c7 45 f4 00 00 00 00???? movl?? $0x0,-0xc(%ebp)
80483e6:??? 8b 45 f4???????????????? mov??? -0xc(%ebp),%eax
80483e9:??? 89 45 f8???????????????? mov??? %eax,-0x8(%ebp)
80483ec:??? 83 7d f8 00????????????? cmpl?? $0x0,-0x8(%ebp)
80483f0:??? 74 13??????????????????? je???? 8048405 <main+0x37>
80483f2:??? 8b 45 f8???????????????? mov??? -0x8(%ebp),%eax
80483f5:??? 89 44 24 04????????????? mov??? %eax,0x4(%esp)
80483f9:??? c7 04 24 e0 84 04 08???? movl?? $0x80484e0,(%esp)
8048400:??? e8 f3 fe ff ff?????????? call?? 80482f8 <printf@plt>
8048405:??? b8 00 00 00 00?????????? mov??? $0x0,%eax
804840a:??? 83 c4 24???????????????? add??? $0x24,%esp
804840d:??? 59?????????????????????? pop??? %ecx
804840e:??? 5d?????????????????????? pop??? %ebp
804840f:??? 8d 61 fc???????????????? lea??? -0x4(%ecx),%esp
8048412:??? c3?????????????????????? ret???
8048413:??? 90?????????????????????? nop???
8048414:??? 90?????????????????????? nop???
8048415:??? 90?????????????????????? nop???
8048416:??? 90?????????????????????? nop???
8048417:??? 90?????????????????????? nop???
8048418:??? 90?????????????????????? nop???
8048419:??? 90?????????????????????? nop???
804841a:??? 90?????????????????????? nop???
804841b:??? 90?????????????????????? nop???
804841c:??? 90?????????????????????? nop???
804841d:??? 90?????????????????????? nop???
804841e:??? 90?????????????????????? nop???
804841f:??? 90?????????????????????? nop???
======================================================
關于ELF格式的鏈接 可以看
?
1. Intel平臺下Linux中 ELF文件動態鏈接的加載、解析及實例分析): 加載
???????? IBM developerWorks 中國網站 王瑞川 (jeppeterone@163.com)
2. Linkers and Loaders
http://www.iecc.com/linker/
=======================================
2009-05-06 widebright 補充
上面兩個命令都是 gnu binutils工具附帶的,可能比較有幫助的還有addr2line 可以根據 你出錯的堆棧地址找到對應的代碼的行數吧。
http://www.gnu.org/software/binutils/
GNU Binutils
The GNU Binutils are a collection of binary tools. The main ones are:
ld - the GNU linker.
as - the GNU assembler.
But they also include:
addr2line - Converts addresses into filenames and line numbers.
ar - A utility for creating, modifying and extracting from archives.
c++filt - Filter to demangle encoded C++ symbols.
dlltool - Creates files for building and using DLLs.
gold - A new, faster, ELF only linker, still in beta test.
gprof - Displays profiling information.
nlmconv - Converts object code into an NLM.
nm - Lists symbols from object files.
objcopy - Copys and translates object files.
objdump - Displays information from object files.
ranlib - Generates an index to the contents of an archive.
readelf - Displays information from any ELF format object file.
size - Lists the section sizes of an object or archive file.
strings - Lists printable strings from files.
strip - Discards symbols.
windmc - A Windows compatible message compiler.
windres - A compiler for Windows resource files.
本篇文章來源于 Linux公社網站(www.linuxidc.com)? 原文鏈接:http://www.linuxidc.com/Linux/2011-05/35837.htm
?
總結
以上是生活随笔為你收集整理的linux可执行文件格式的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: camel in action
- 下一篇: linux getopts学习笔记