linux分析文件格式,linux elf文件格式分析
#include void main()
{
printf("hello,jinxin!");
}
然后執行:
gcc -o jin jin.c
readelf -a jin
ELF Header:
Magic:?? 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class:???????????????????????????? ELF32
Data:????????????????????????????? 2's complement, little endian
Version:?????????????????????????? 1 (current)
OS/ABI:??????????????????????????? UNIX - System V
ABI Version:?????????????????????? 0
Type:????????????????????????????? EXEC (Executable file)
Machine:?????????????????????????? Intel 80386
Version:?????????????????????????? 0x1
Entry point address:?????????????? 0x8048310
Start of program headers:????????? 52 (bytes into file)
Start of section headers:????????? 2096 (bytes into file)
Flags:???????????????????????????? 0x0
Size of this header:?????????????? 52 (bytes)
Size of program headers:?????????? 32 (bytes)
Number of program headers:???????? 8
Size of section headers:?????????? 40 (bytes)
Number of section headers:???????? 30
Section header string table index: 27
Section Headers:
[Nr] Name????????????? Type??????????? Addr???? Off??? Size?? ES Flg Lk Inf Al
[ 0]?????????????????? NULL??????????? 00000000 000000 000000 00????? 0?? 0? 0
[ 1] .interp?????????? PROGBITS??????? 08048134 000134 000013 00?? A? 0?? 0? 1
[ 2] .note.ABI-tag???? NOTE??????????? 08048148 000148 000020 00?? A? 0?? 0? 4
[ 3] .note.gnu.build-i NOTE??????????? 08048168 000168 000024 00?? A? 0?? 0? 4
[ 4] .gnu.hash???????? GNU_HASH??????? 0804818c 00018c 000020 04?? A? 5?? 0? 4
[ 5] .dynsym?????????? DYNSYM????????? 080481ac 0001ac 000050 10?? A? 6?? 1? 4
[ 6] .dynstr?????????? STRTAB????????? 080481fc 0001fc 00004c 00?? A? 0?? 0? 1
[ 7] .gnu.version????? VERSYM????????? 08048248 000248 00000a 02?? A? 5?? 0? 2
[ 8] .gnu.version_r??? VERNEED???????? 08048254 000254 000020 00?? A? 6?? 1? 4
[ 9] .rel.dyn????????? REL???????????? 08048274 000274 000008 08?? A? 5?? 0? 4
[10] .rel.plt????????? REL???????????? 0804827c 00027c 000018 08?? A? 5? 12? 4
[11] .init???????????? PROGBITS??????? 08048294 000294 000030 00? AX? 0?? 0? 4
[12] .plt????????????? PROGBITS??????? 080482c4 0002c4 000040 04? AX? 0?? 0? 4
[13] .text???????????? PROGBITS??????? 08048310 000310 00016c 00? AX? 0?? 0 16
[14] .fini???????????? PROGBITS??????? 0804847c 00047c 00001c 00? AX? 0?? 0? 4
[15] .rodata?????????? PROGBITS??????? 08048498 000498 00001a 00?? A? 0?? 0? 4
[16] .eh_frame_hdr???? PROGBITS??????? 080484b4 0004b4 00001c 00?? A? 0?? 0? 4
[17] .eh_frame???????? PROGBITS??????? 080484d0 0004d0 000058 00?? A? 0?? 0? 4
[18] .ctors??????????? PROGBITS??????? 08049528 000528 000008 00? WA? 0?? 0? 4
[19] .dtors??????????? PROGBITS??????? 08049530 000530 000008 00? WA? 0?? 0? 4
[20] .jcr????????????? PROGBITS??????? 08049538 000538 000004 00? WA? 0?? 0? 4
[21] .dynamic????????? DYNAMIC???????? 0804953c 00053c 0000c8 08? WA? 6?? 0? 4
[22] .got????????????? PROGBITS??????? 08049604 000604 000004 04? WA? 0?? 0? 4
[23] .got.plt????????? PROGBITS??????? 08049608 000608 000018 04? WA? 0?? 0? 4
[24] .data???????????? PROGBITS??????? 08049620 000620 000004 00? WA? 0?? 0? 4
[25] .bss????????????? NOBITS????????? 08049624 000624 000008 00? WA? 0?? 0? 4
[26] .comment????????? PROGBITS??????? 00000000 000624 00010e 00????? 0?? 0? 1
[27] .shstrtab???????? STRTAB????????? 00000000 000732 0000fc 00????? 0?? 0? 1
[28] .symtab?????????? SYMTAB????????? 00000000 000ce0 000410 10???? 29? 45? 4
[29] .strtab?????????? STRTAB????????? 00000000 0010f0 0001fb 00????? 0?? 0? 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no section groups in this file.
Program Headers:
Type?????????? Offset?? VirtAddr?? PhysAddr?? FileSiz MemSiz? Flg Align
PHDR?????????? 0x000034 0x08048034 0x08048034 0x00100 0x00100 R E 0x4
INTERP???????? 0x000134 0x08048134 0x08048134 0x00013 0x00013 R?? 0x1
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD?????????? 0x000000 0x08048000 0x08048000 0x00528 0x00528 R E 0x1000
LOAD?????????? 0x000528 0x08049528 0x08049528 0x000fc 0x00104 RW? 0x1000
DYNAMIC??????? 0x00053c 0x0804953c 0x0804953c 0x000c8 0x000c8 RW? 0x4
NOTE?????????? 0x000148 0x08048148 0x08048148 0x00044 0x00044 R?? 0x4
GNU_EH_FRAME?? 0x0004b4 0x080484b4 0x080484b4 0x0001c 0x0001c R?? 0x4
GNU_STACK????? 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW? 0x4
Section to Segment mapping:
Segment Sections...
00
01???? .interp
02???? .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
03???? .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
04???? .dynamic
05???? .note.ABI-tag .note.gnu.build-id
06???? .eh_frame_hdr
07
Dynamic section at offset 0x53c contains 20 entries:
Tag??????? Type???????????????????????? Name/Value
0x00000001 (NEEDED)???????????????????? Shared library: [libc.so.6]
0x0000000c (INIT)?????????????????????? 0x8048294
0x0000000d (FINI)?????????????????????? 0x804847c
0x6ffffef5 (GNU_HASH)?????????????????? 0x804818c
0x00000005 (STRTAB)???????????????????? 0x80481fc
0x00000006 (SYMTAB)???????????????????? 0x80481ac
0x0000000a (STRSZ)????????????????????? 76 (bytes)
0x0000000b (SYMENT)???????????????????? 16 (bytes)
0x00000015 (DEBUG)????????????????????? 0x0
0x00000003 (PLTGOT)???????????????????? 0x8049608
0x00000002 (PLTRELSZ)?????????????????? 24 (bytes)
0x00000014 (PLTREL)???????????????????? REL
0x00000017 (JMPREL)???????????????????? 0x804827c
0x00000011 (REL)??????????????????????? 0x8048274
0x00000012 (RELSZ)????????????????????? 8 (bytes)
0x00000013 (RELENT)???????????????????? 8 (bytes)
0x6ffffffe (VERNEED)??????????????????? 0x8048254
0x6fffffff (VERNEEDNUM)???????????????? 1
0x6ffffff0 (VERSYM)???????????????????? 0x8048248
0x00000000 (NULL)?????????????????????? 0x0
Relocation section '.rel.dyn' at offset 0x274 contains 1 entries:
Offset???? Info??? Type??????????? Sym.Value? Sym. Name
08049604? 00000106 R_386_GLOB_DAT??? 00000000?? __gmon_start__
Relocation section '.rel.plt' at offset 0x27c contains 3 entries:
Offset???? Info??? Type??????????? Sym.Value? Sym. Name
08049614? 00000107 R_386_JUMP_SLOT?? 00000000?? __gmon_start__
08049618? 00000207 R_386_JUMP_SLOT?? 00000000?? __libc_start_main
0804961c? 00000307 R_386_JUMP_SLOT?? 00000000?? printf
There are no unwind sections in this file.
Symbol table '.dynsym' contains 5 entries:
Num:??? Value? Size Type??? Bind?? Vis????? Ndx Name
0: 00000000???? 0 NOTYPE? LOCAL? DEFAULT? UND
1: 00000000???? 0 NOTYPE? WEAK?? DEFAULT? UND __gmon_start__
2: 00000000???? 0 FUNC??? GLOBAL DEFAULT? UND __libc_start_main@GLIBC_2.0 (2)
3: 00000000???? 0 FUNC??? GLOBAL DEFAULT? UND printf@GLIBC_2.0 (2)
4: 0804849c???? 4 OBJECT? GLOBAL DEFAULT?? 15 _IO_stdin_used
Symbol table '.symtab' contains 65 entries:
Num:??? Value? Size Type??? Bind?? Vis????? Ndx Name
0: 00000000???? 0 NOTYPE? LOCAL? DEFAULT? UND
1: 08048134???? 0 SECTION LOCAL? DEFAULT??? 1
2: 08048148???? 0 SECTION LOCAL? DEFAULT??? 2
3: 08048168???? 0 SECTION LOCAL? DEFAULT??? 3
4: 0804818c???? 0 SECTION LOCAL? DEFAULT??? 4
5: 080481ac???? 0 SECTION LOCAL? DEFAULT??? 5
6: 080481fc???? 0 SECTION LOCAL? DEFAULT??? 6
7: 08048248???? 0 SECTION LOCAL? DEFAULT??? 7
8: 08048254???? 0 SECTION LOCAL? DEFAULT??? 8
9: 08048274???? 0 SECTION LOCAL? DEFAULT??? 9
10: 0804827c???? 0 SECTION LOCAL? DEFAULT?? 10
11: 08048294???? 0 SECTION LOCAL? DEFAULT?? 11
12: 080482c4???? 0 SECTION LOCAL? DEFAULT?? 12
13: 08048310???? 0 SECTION LOCAL? DEFAULT?? 13
14: 0804847c???? 0 SECTION LOCAL? DEFAULT?? 14
15: 08048498???? 0 SECTION LOCAL? DEFAULT?? 15
16: 080484b4???? 0 SECTION LOCAL? DEFAULT?? 16
17: 080484d0???? 0 SECTION LOCAL? DEFAULT?? 17
18: 08049528???? 0 SECTION LOCAL? DEFAULT?? 18
19: 08049530???? 0 SECTION LOCAL? DEFAULT?? 19
20: 08049538???? 0 SECTION LOCAL? DEFAULT?? 20
21: 0804953c???? 0 SECTION LOCAL? DEFAULT?? 21
22: 08049604???? 0 SECTION LOCAL? DEFAULT?? 22
23: 08049608???? 0 SECTION LOCAL? DEFAULT?? 23
24: 08049620???? 0 SECTION LOCAL? DEFAULT?? 24
25: 08049624???? 0 SECTION LOCAL? DEFAULT?? 25
26: 00000000???? 0 SECTION LOCAL? DEFAULT?? 26
27: 00000000???? 0 FILE??? LOCAL? DEFAULT? ABS crtstuff.c
28: 08049528???? 0 OBJECT? LOCAL? DEFAULT?? 18 __CTOR_LIST__
29: 08049530???? 0 OBJECT? LOCAL? DEFAULT?? 19 __DTOR_LIST__
30: 08049538???? 0 OBJECT? LOCAL? DEFAULT?? 20 __JCR_LIST__
31: 08048340???? 0 FUNC??? LOCAL? DEFAULT?? 13 __do_global_dtors_aux
32: 08049624???? 1 OBJECT? LOCAL? DEFAULT?? 25 completed.5918
33: 08049628???? 4 OBJECT? LOCAL? DEFAULT?? 25 dtor_idx.5920
34: 080483a0???? 0 FUNC??? LOCAL? DEFAULT?? 13 frame_dummy
35: 00000000???? 0 FILE??? LOCAL? DEFAULT? ABS crtstuff.c
36: 0804952c???? 0 OBJECT? LOCAL? DEFAULT?? 18 __CTOR_END__
37: 08048524???? 0 OBJECT? LOCAL? DEFAULT?? 17 __FRAME_END__
38: 08049538???? 0 OBJECT? LOCAL? DEFAULT?? 20 __JCR_END__
39: 08048450???? 0 FUNC??? LOCAL? DEFAULT?? 13 __do_global_ctors_aux
40: 00000000???? 0 FILE??? LOCAL? DEFAULT? ABS jin.c
41: 08049608???? 0 OBJECT? LOCAL? HIDDEN?? 23 _GLOBAL_OFFSET_TABLE_
42: 08049528???? 0 NOTYPE? LOCAL? HIDDEN?? 18 __init_array_end
43: 08049528???? 0 NOTYPE? LOCAL? HIDDEN?? 18 __init_array_start
44: 0804953c???? 0 OBJECT? LOCAL? HIDDEN?? 21 _DYNAMIC
45: 08049620???? 0 NOTYPE? WEAK?? DEFAULT?? 24 data_start
46: 080483e0???? 5 FUNC??? GLOBAL DEFAULT?? 13 __libc_csu_fini
47: 08048310???? 0 FUNC??? GLOBAL DEFAULT?? 13 _start
48: 00000000???? 0 NOTYPE? WEAK?? DEFAULT? UND __gmon_start__
49: 00000000???? 0 NOTYPE? WEAK?? DEFAULT? UND _Jv_RegisterClasses
50: 08048498???? 4 OBJECT? GLOBAL DEFAULT?? 15 _fp_hw
51: 0804847c???? 0 FUNC??? GLOBAL DEFAULT?? 14 _fini
52: 00000000???? 0 FUNC??? GLOBAL DEFAULT? UND __libc_start_main@@GLIBC_
53: 0804849c???? 4 OBJECT? GLOBAL DEFAULT?? 15 _IO_stdin_used
54: 08049620???? 0 NOTYPE? GLOBAL DEFAULT?? 24 __data_start
55: 080484a0???? 0 OBJECT? GLOBAL HIDDEN?? 15 __dso_handle
56: 08049534???? 0 OBJECT? GLOBAL HIDDEN?? 19 __DTOR_END__
57: 080483f0??? 90 FUNC??? GLOBAL DEFAULT?? 13 __libc_csu_init
58: 00000000???? 0 FUNC??? GLOBAL DEFAULT? UND printf@@GLIBC_2.0
59: 08049624???? 0 NOTYPE? GLOBAL DEFAULT? ABS __bss_start
60: 0804962c???? 0 NOTYPE? GLOBAL DEFAULT? ABS _end
61: 08049624???? 0 NOTYPE? GLOBAL DEFAULT? ABS _edata
62: 0804844a???? 0 FUNC??? GLOBAL HIDDEN?? 13 __i686.get_pc_thunk.bx
63: 080483c4??? 24 FUNC??? GLOBAL DEFAULT?? 13 main
64: 08048294???? 0 FUNC??? GLOBAL DEFAULT?? 11 _init
Histogram for `.gnu.hash' bucket list length (total of 2 buckets):
Length? Number???? % of total? Coverage
0? 1????????? ( 50.0%)
1? 1????????? ( 50.0%)??? 100.0%
Version symbols section '.gnu.version' contains 5 entries:
Addr: 0000000008048248? Offset: 0x000248? Link: 5 (.dynsym)
000:?? 0 (*local*)?????? 0 (*local*)?????? 2 (GLIBC_2.0)???? 2 (GLIBC_2.0)
004:?? 1 (*global*)
Version needs section '.gnu.version_r' contains 1 entries:
Addr: 0x0000000008048254? Offset: 0x000254? Link: 6 (.dynstr)
000000: Version: 1? File: libc.so.6? Cnt: 1
0x0010:?? Name: GLIBC_2.0? Flags: none? Version: 2
Notes at offset 0x00000148 with length 0x00000020:
Owner?? ??? ?Data size?? ?Description
GNU?? ??? ?0x00000010?? ?NT_GNU_ABI_TAG (ABI version tag)
Notes at offset 0x00000168 with length 0x00000024:
Owner?? ??? ?Data size?? ?Description
GNU?? ??? ?0x00000014?? ?NT_GNU_BUILD_ID (unique build ID bitstring)
總結:
1.文件大小:
[root@localhost mnt]# ls -l jin
-rwxrwxr-x 1 root root 4843 09-17 18:52 jin
2.文件內容分布圖:
文件偏移量??? 十六進制?????? 大小????????????????? 說明
0~51?????????? /?????????? 52?????????????? elf文件頭
52~307???????? /????????? 32*8???????????????? 程序頭(描述了section如何映射到
Segment)占用的空間
308~2094???? 134~82e?????? /?????????????? section信息(0~27)
2096~3295??? 830~cdf???? 40*30???????????? section頭部信息
3296~4842??? ce0~12eb????? /??????????????? section信息 (28~29)
注:
[ 1] .interp?????????? PROGBITS??????? 08048134 000134 000013 00?? A? 0?? 0? 1
[27] .shstrtab???????? STRTAB????????? 00000000 000732 0000fc 00????? 0?? 0? 1
[28] .symtab?????????? SYMTAB????????? 00000000 000ce0 000410 10???? 29? 45? 4
[29] .strtab?????????? STRTAB????????? 00000000 0010f0 0001fb 00????? 0?? 0? 1
0x732+0xfc=0x82e,而0x82e到0xce0之間的大片空間保存了什么?
0x830~0xce0保存了section信息!
3.程序頭分析
Program Headers:
Type?????????? Offset?? VirtAddr?? PhysAddr?? FileSiz MemSiz? Flg Align
PHDR?????????? 0x000034 0x08048034 0x08048034 0x00100 0x00100 R E 0x4
INTERP???????? 0x000134 0x08048134 0x08048134 0x00013 0x00013 R?? 0x1
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD?????????? 0x000000 0x08048000 0x08048000 0x00528 0x00528 R E 0x1000
LOAD?????????? 0x000528 0x08049528 0x08049528 0x000fc 0x00104 RW? 0x1000
DYNAMIC??????? 0x00053c 0x0804953c 0x0804953c 0x000c8 0x000c8 RW? 0x4
NOTE?????????? 0x000148 0x08048148 0x08048148 0x00044 0x00044 R?? 0x4
GNU_EH_FRAME?? 0x0004b4 0x080484b4 0x080484b4 0x0001c 0x0001c R?? 0x4
GNU_STACK????? 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW? 0x4
Section to Segment mapping:
Segment Sections...
00
01???? .interp
02???? .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
03???? .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
04???? .dynamic
05???? .note.ABI-tag .note.gnu.build-id
06???? .eh_frame_hdr
07
從鏈接的角度來看,elf文件是按照"section"來劃分的。
但從裝載的角度看,elf文件是按照"Segment"來劃分的。
程序頭描述了系統如何以裝載的角度來描述elf文件。裝載時所有的section將會以程序頭描述的方式
映射到虛擬內存中。但是裝載時,我們只關心類型為"LOAD"的Segment,因為只有它是需要映射的,其他的
請如NOTE、GNU_EH_FRAME、GNU_STACK都是在裝載時起輔助作用的。有時會僅僅有兩個類型為"LOAD"的
Segment(代碼段和數據段),那是因為bss段合并到了數據段中。
4.驗證文件大小:
[29] .strtab?????????? STRTAB????????? 00000000 0010f0 0001fb 00????? 0?? 0? 1
而最后一個section信息如上所示,可見此section信息的文件偏移量為0x10f0,大小為0x1fb .
0x10f0+0x1fb=0x12eb,而0x12eb換作十進制數剛好就是4843!
5.節信息分析:
[Nr] Name????????????? Type??????????? Addr???? Off??? Size?? ES Flg Lk Inf Al
[ 1] .interp?????????? PROGBITS??????? 08048134 000134 000013 00?? A? 0?? 0? 1
此section保存了動態鏈接器的路徑信息,在此例中,此section內容為:/lib/ld-linux.so.2,共18個字符,加上最后的
空格,共19個字符,剛好等于Size字段的0x000013.
總結
以上是生活随笔為你收集整理的linux分析文件格式,linux elf文件格式分析的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: linux系统管理Linux系统实验,实
- 下一篇: linux 其他常用命令