readelf命令是Linux下的分析ELF文件的命令,这个命令在分析ELF文件格式时非常有用,下面以ELF格式可执行文件test为例详细介绍:
readelf -h a.out
显示a.out的ELF Header的文件头信息。
[root@robot ~]# vim main.c
[root@robot ~]# gcc main.c
[root@robot ~]# readelf -h a.out
ELF Header:
Magic: 7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian // 可以看到是小端的程序
Version: 1 (current)
OS/ABI: UNIX - Linux
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x8048300 // 载入的地址
Start of program headers: 52 (bytes into file)
Start of section headers: 1936 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 8
Size of section headers: 40 (bytes)
Number of section headers: 30
Section header string table index: 27
[root@robot ~]#
readelf -l a.out
显示a.out的Program Header Table中的每个Prgram Header Entry的信息(如果有)
查看文件的程序头表信息
[root@robot ~]# readelf -l a.out
Elf file type is EXEC (Executable file)
Entry point 0x8048300
There are 8 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x08048034 0x08048034 0x00100 0x00100 R E 0x4
INTERP 0x000134 0x08048134 0x08048134 0x00013 0x00013 R 0x1
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD 0x000000 0x08048000 0x08048000 0x0053c 0x0053c R E 0x1000
LOAD 0x00053c 0x0804953c 0x0804953c 0x000fc 0x00104 RW 0x1000
DYNAMIC 0x000550 0x08049550 0x08049550 0x000c8 0x000c8 RW 0x4
NOTE 0x000148 0x08048148 0x08048148 0x00044 0x00044 R 0x4
GNU_EH_FRAME 0x00049c 0x0804849c 0x0804849c 0x00024 0x00024 R 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
04 .dynamic
05 .note.ABI-tag .note.gnu.build-id
06 .eh_frame_hdr
07
[root@robot ~]#
readelf -S a.out
显示a.out的Section Header Table中的每个Section Header Entry的信息(如果有)
显示文件的节信息
[root@robot ~]# readelf -S a.out
There are 30 section headers, starting at offset 0x790:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .interp PROGBITS 08048134 000134 000013 00 A 0 0 1
[ 2] .note.ABI-tag NOTE 08048148 000148 000020 00 A 0 0 4
[ 3] .note.gnu.build-i NOTE 08048168 000168 000024 00 A 0 0 4
[ 4] .gnu.hash GNU_HASH 0804818c 00018c 000020 04 A 5 0 4
[ 5] .dynsym DYNSYM 080481ac 0001ac 000050 10 A 6 1 4
[ 6] .dynstr STRTAB 080481fc 0001fc 00004a 00 A 0 0 1
[ 7] .gnu.version VERSYM 08048246 000246 00000a 02 A 5 0 2
[ 8] .gnu.version_r VERNEED 08048250 000250 000020 00 A 6 1 4
[ 9] .rel.dyn REL 08048270 000270 000008 08 A 5 0 4
[10] .rel.plt REL 08048278 000278 000018 08 A 5 12 4
[11] .init PROGBITS 08048290 000290 000030 00 AX 0 0 4
[12] .plt PROGBITS 080482c0 0002c0 000040 04 AX 0 0 4
[13] .text PROGBITS 08048300 000300 00016c 00 AX 0 0 16
[14] .fini PROGBITS 0804846c 00046c 00001c 00 AX 0 0 4
[15] .rodata PROGBITS 08048488 000488 000013 00 A 0 0 4
[16] .eh_frame_hdr PROGBITS 0804849c 00049c 000024 00 A 0 0 4
[17] .eh_frame PROGBITS 080484c0 0004c0 00007c 00 A 0 0 4
[18] .ctors PROGBITS 0804953c 00053c 000008 00 WA 0 0 4
[19] .dtors PROGBITS 08049544 000544 000008 00 WA 0 0 4
[20] .jcr PROGBITS 0804954c 00054c 000004 00 WA 0 0 4
[21] .dynamic DYNAMIC 08049550 000550 0000c8 08 WA 6 0 4
[22] .got PROGBITS 08049618 000618 000004 04 WA 0 0 4
[23] .got.plt PROGBITS 0804961c 00061c 000018 04 WA 0 0 4
[24] .data PROGBITS 08049634 000634 000004 00 WA 0 0 4
[25] .bss NOBITS 08049638 000638 000008 00 WA 0 0 4
[26] .comment PROGBITS 00000000 000638 000059 01 MS 0 0 1
[27] .shstrtab STRTAB 00000000 000691 0000fc 00 0 0 1
[28] .symtab SYMTAB 00000000 000c40 000410 10 29 45 4
[29] .strtab STRTAB 00000000 001050 0001fa 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
[root@robot ~]#
readelf -d a.out
显示a.out中的Dynamic Section的信息(如果有)
[root@robot ~]# readelf -d a.out
Dynamic section at offset 0x550 contains 20 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000c (INIT) 0x8048290
0x0000000d (FINI) 0x804846c
0x6ffffef5 (GNU_HASH) 0x804818c
0x00000005 (STRTAB) 0x80481fc
0x00000006 (SYMTAB) 0x80481ac
0x0000000a (STRSZ) 74 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000015 (DEBUG) 0x0
0x00000003 (PLTGOT) 0x804961c
0x00000002 (PLTRELSZ) 24 (bytes)
0x00000014 (PLTREL) REL
0x00000017 (JMPREL) 0x8048278
0x00000011 (REL) 0x8048270
0x00000012 (RELSZ) 8 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x6ffffffe (VERNEED) 0x8048250
0x6fffffff (VERNEEDNUM) 1
0x6ffffff0 (VERSYM) 0x8048246
0x00000000 (NULL) 0x0
[root@robot ~]#