可重定位文件的 .text section和.data section分析

一 ELF 的.text section

1 readelf -x SecNum查看，不太友好

[root@localhost 0401]# readelf -x 1 add.o

Hex dump of section '.text':
  0x00000000 554889e5 897dfc89 75f88b45 f88b55fc UH...}..u..E..U.
  0x00000010 01d05dc3                            ..].

2 objdump -d -j .text add.o

[root@localhost 0401]# objdump -d -j .text add.o

add.o:     file format elf64-x86-64


Disassembly of section .text:

0000000000000000 <_Z3addii>:
   0:    55                       push   %rbp
   1:    48 89 e5                 mov    %rsp,%rbp
   4:    89 7d fc                 mov    %edi,-0x4(%rbp)
   7:    89 75 f8                 mov    %esi,-0x8(%rbp)
   a:    8b 45 f8                 mov    -0x8(%rbp),%eax
   d:    8b 55 fc                 mov    -0x4(%rbp),%edx
  10:    01 d0                    add    %edx,%eax
  12:    5d                       pop    %rbp
  13:    c3                       retq

objdump的选项-d表示对由-j选项指定的section内容进行反汇编，也就是由机器码出发，推导出相应的汇编指令。

上面结果显示在add.o目标文件的.text中只包含了函数add（编译后，函数名变成了_Z3addii）

二 ELF的.data section

1 objdump -d -j .data add.o

[root@localhost 0401]# objdump -d -j .data add.o

add.o:     file format elf64-x86-64

说明add.o的.data section中并没有定义任何变量。

2 编辑add.cpp如下：

#include "add.h"
int result=12;
int add(int a, int b){
    return a+b;
}

3 再次执行objdump -d -j .data add.o

[root@localhost 0401]# g++ -c add.cpp
[root@localhost 0401]# objdump -d -j .data add.o

add.o:     file format elf64-x86-64


Disassembly of section .data:

0000000000000000 <result>:
   0:    0c 00 00 00                                         ....

这个结果显示在add.o的.data section中定义了一个4Byte的变量，其值被初始化0x0000000c，也就是十进制12。因为是x86架构，所以存储为0c0000000

4 add.o的section表内容

修改前

[root@localhost 0401]# readelf -S add.o
There are 11 section headers, starting at offset 0x220:

Section Headers:
  [Nr] Name              Type             Address           Offset      Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000    0000000000000000  0000000000000000           0     0     0
  [ 1] .text             PROGBITS         0000000000000000  00000040    0000000000000014  0000000000000000  AX       0     0     1
  [ 2] .data             PROGBITS         0000000000000000  00000054    0000000000000000  0000000000000000  WA       0     0     1
  [ 3] .bss              NOBITS           0000000000000000  00000054    0000000000000000  0000000000000000  WA       0     0     1
  [ 4] .comment          PROGBITS         0000000000000000  00000054    000000000000002e  0000000000000001  MS       0     0     1
  [ 5] .note.GNU-stack   PROGBITS         0000000000000000  00000082    0000000000000000  0000000000000000           0     0     1
  [ 6] .eh_frame         PROGBITS         0000000000000000  00000088    0000000000000038  0000000000000000   A       0     0     8
  [ 7] .rela.eh_frame    RELA             0000000000000000  00000208    0000000000000018  0000000000000018   I       9     6     8
  [ 8] .shstrtab         STRTAB           0000000000000000  000000c0    0000000000000054  0000000000000000           0     0     1
  [ 9] .symtab           SYMTAB           0000000000000000  00000118    00000000000000d8  0000000000000018          10     8     8
  [10] .strtab           STRTAB           0000000000000000  000001f0    0000000000000012  0000000000000000           0     0     1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings), l (large)
  I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)

修改后

[root@localhost 0401]# readelf -S add.o
There are 11 section headers, starting at offset 0x240:

Section Headers:
  [Nr] Name              Type             Address           Offset      Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000    0000000000000000  0000000000000000           0     0     0
  [ 1] .text             PROGBITS         0000000000000000  00000040    0000000000000014  0000000000000000  AX       0     0     1
  [ 2] .data             PROGBITS         0000000000000000  00000054    0000000000000004  0000000000000000  WA       0     0     4
  [ 3] .bss              NOBITS           0000000000000000  00000058    0000000000000000  0000000000000000  WA       0     0     1
  [ 4] .comment          PROGBITS         0000000000000000  00000058    000000000000002e  0000000000000001  MS       0     0     1
  [ 5] .note.GNU-stack   PROGBITS         0000000000000000  00000086    0000000000000000  0000000000000000           0     0     1
  [ 6] .eh_frame         PROGBITS         0000000000000000  00000088    0000000000000038  0000000000000000   A       0     0     8
  [ 7] .rela.eh_frame    RELA             0000000000000000  00000228    0000000000000018  0000000000000018   I       9     6     8
  [ 8] .shstrtab         STRTAB           0000000000000000  000000c0    0000000000000054  0000000000000000           0     0     1
  [ 9] .symtab           SYMTAB           0000000000000000  00000118    00000000000000f0  0000000000000018          10     8     8
  [10] .strtab           STRTAB           0000000000000000  00000208    0000000000000019  0000000000000000           0     0     1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings), l (large)
  I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)

以前.bss section的offset位置是在00000054，和.data section的offset位置一样，这意味着，以前.data section数据为空。而现在，.bss section的offset位置是在00000058，.data section的offset位置是在00000054，两者差值为4，这正好是result这个int变量刚好需要的4 Byte，所以result变量就存在.data section中。