http://blog.csdn.net/ruixj/archive/2009/08/04/4407806.aspx
重定位类型分析(2)
本节分析R_386_GOTPC,R_386_GOT32,R_386_GLOB_DAT和R_386_PLT32
PIC位置无关代码,使用-fPIC参数就可以编译得到
>>>>>>>>>>>>>>>>>R_386_GOTPC
看看第一个重定位符号的重定位信息
汇编代码:
call .L3 //.L3地址压栈
.L3:
popl %ebx //.L3地址弹到ebx中
addl $_GLOBAL_OFFSET_TABLE_+[.-.L3], %ebx //计算got的地址到ebx中
目标文件中的代码:
7: e8 00 00 00 00 call c <f+0xc>
c: 5b pop %ebx
d: 81 c3 03 00 00 00 add $0x3,%ebx
_GLOBAL_OFFSET_TABLE_在 .rel.text 中对应条目:
0000000f 00c0a R_386_GOTPC 00000000 _GLOBAL_OFFSET_TABLE_
查看ld后的结果4.c.txt中
[19] .got PROGBITS 080495b8 0005b8 00002c 04 WA 0 0 4
got地址是080495b8
80484a7: e8 00 00 00 00 call 80484ac <f+0xc>
80484ac: 5b pop %ebx //0x80484ac
80484ad: 81 c3 0c 11 00 00 add $0x110c,%ebx //ebx为got地址
80484b3: 83 ec 0c sub $0xc,%esp
80484b6: 8b 83 24 00 00 00 mov 0x24(%ebx),%eax
80484bc: ff 30 pushl (%eax)
执行pop %ebx,ebx中的值为80484ac
执行add $0x110c,%ebx后,ebx中的值是80495B8,正是got的地址
那么0x110c是怎么来的呢?
0x110c-3=0x1109,修正处的偏移是0x80484af,0x80484af+0x1109=0x80495b8,正是.got地址(0x80495b8)
所以0x110c=0x80495b8-0x0x80484af+3,即修正值为got-Offset+[.-.L3].
因此R_386_GOTPC的重定位方法是:指示连接器将GOT的地址和Offset的差加上原值写入Offset处。[这里offset的意思就是指令所在的地址]
前面的[.-.L3]=3,即5b 81 c3这几个字节的长度,因此[.-.L3]代表指令中操作数所在地址和.L3差值,而
一般的.代表指令的地址.
>>>>>>>>>>>>R_386_GOT32和R_386_GLOB_DAT
汇编代码:
movl t@GOT(%ebx ), %eax
pushl (%eax)
目标文件中的代码:
16: 8b 83 00 00 00 00 mov 0x0(%ebx),%eax
1c: ff 30 pushl (%eax)
在 重定位节中.rel.text 中对应条目为:
00000018 00903 R_386_GOT32 00000000 s
可执行文件中的代码:
查看ld后的结果4.c.txt中
80484b6: 8b 83 24 00 00 00 mov 0x24(%ebx),%eax
80484bc: ff 30 pushl (%eax)
got+0x24=0x80495DC
[root@proxy ~/3]# objdump -sj .got 4
4: file format elf32-i386
Contents of section .got:
80495b8 e4950408 00000000 00000000 52830408 ............R...
80495c8 62830408 72830408 82830408 92830408 b...r...........
80495d8 00000000 00000000 00000000 ............
可见该地址在got中,这里该地址的值为全0. 由此,将去.rel.dyn 节中去寻找该地址对应的条目。
查看4.c.txt的重定位节.rel.dyn 【这个已经是可执行文件中的重定位节了】
080495dc 00606 R_386_GLOB_DAT 0804959c s
重定位0x080495dc处的值为0804959c,应该在.data中
[root@proxy ~/3]# objdump -sj .data 4
4: file format elf32-i386
Contents of section .data:
804958c 00000000 00000000 b4950408 00000000 ................
804959c 78850408 86850408 x.......
值为08045878,即为变量s的值,应该指向.rodata
[root@proxy ~/3]# objdump -sj .rodata 4
4: file format elf32-i386
Contents of section .rodata:
8048570 03000000 01000200 68656c6c 6f20576f ........hello Wo
8048580 726c6421 0a006162 630a00 rld!..abc..
果然,08045878出的值就是字符串hello world!
因此R_386_GOT32的重定位方法是:指示连接器将符号在GOT中的地址和GOT的地址差值写入Offset处。[这里offset的意思就是指令所在的地址]
R_386_GLOB_DAT的重定位方法是:指示连接器将符号的值写入Offset处。[这里offset的意思就是指令所在的地址]
>>>R_386_PLT32
汇编代码:
call printf@PLT
object 文件中的代码:
1e: e8 fc ff ff ff call 1f <f+0x1f>
在重定位节.rel.text中对应的条目:
0000001f 00d04 R_386_PLT32 00000000 printf
查看4.c.txt,在可执行文件中对应的代码:
80484be: e8 b9 fe ff ff call 804837c <_init+0x58>
填入的值是0xfffffeb9,相对跳转,为0x804837c处,在.plt节中
[root@proxy ~/3]# objdump -dj .plt 4
4: file format elf32-i386
Disassembly of section .plt:
0804833c <.plt>:
804833c: ff 35 bc 95 04 08 pushl 0x80495bc
8048342: ff 25 c0 95 04 08 jmp *0x80495c0
8048348: 00 00 add %al,(%eax)
804834a: 00 00 add %al,(%eax)
804834c: ff 25 c4 95 04 08 jmp *0x80495c4
8048352: 68 00 00 00 00 push $0x0
8048357: e9 e0 ff ff ff jmp 804833c <_init+0x18>
804835c: ff 25 c8 95 04 08 jmp *0x80495c8
8048362: 68 08 00 00 00 push $0x8
8048367: e9 d0 ff ff ff jmp 804833c <_init+0x18>
804836c: ff 25 cc 95 04 08 jmp *0x80495cc
8048372: 68 10 00 00 00 push $0x10
8048377: e9 c0 ff ff ff jmp 804833c <_init+0x18>
804837c: ff 25 d0 95 04 08 jmp *0x80495d0 //<<指向这里
8048382: 68 18 00 00 00 push $0x18
8048387: e9 b0 ff ff ff jmp 804833c <_init+0x18>
804838c: ff 25 d4 95 04 08 jmp *0x80495d4
8048392: 68 20 00 00 00 push $0x20
8048397: e9 a0 ff ff ff jmp 804833c <_init+0x18>
说明R_386_PLT32的重定位方法是:将符号在.plt节中的地址和Offset差值填入Offset.
不难理解下面的意思
R_386_GOTPC 10 word32 GOT + A - P //GOT即GOT地址,A为Offset处值,P为Offset. 【object 文件中才有,也就是在链接阶段完成解析】
R_386_GOT32 3 word32 G + A - P //G为符号在GOT中地址,A为Offset处值,P为Offset 【object 文件中才有,也就是在链接阶段完成解析】
R_386_GLOB_DAT 6 word32 S //S为调整后的符号值 【exe文件中才有,在执行阶段完成阶段完成解析】
R_386_PLT32 4 word32 L + A - P //L为符号在plt中的地址,A为Offset处值,P为Offset 【object文件中才有,在链接阶段完成解析】
附件1
1.c.txt
[root@proxy ~/3]# cat 1.c
#include <stdio.h>
char *s="hello World!/n";
char *t="abc/n";
void f()
{
printf(s);
}
void g()
{
printf(t);
}
[root@proxy ~/3]# gcc -fPIC -S 1.c
[root@proxy ~/3]# cat 1.s
.file "1.c"
.version "01.01"
gcc2_compiled.:
.globl s
.section .rodata
.LC0:
.string "hello World!/n"
.data
.align 4
.type s,@object
.size s,4
s:
.long .LC0
.globl t
.section .rodata
.LC1:
.string "abc/n"
.data
.align 4
.type t,@object
.size t,4
t:
.long .LC1
.text
.align 4
.globl f
.type f,@function
f:
pushl %ebp
movl %esp, %ebp
pushl %ebx
subl $4, %esp
call .L3
.L3:
popl %ebx
addl $_GLOBAL_OFFSET_TABLE_+[.-.L3], %ebx
subl $12, %esp
movl s@GOT(%ebx ), %eax
pushl (%eax)
call printf@PLT
addl $16, %esp
movl -4(%ebp), %ebx
leave
ret
.Lfe1:
.size f,.Lfe1-f
.align 4
.globl g
.type g,@function
g:
pushl %ebp
movl %esp, %ebp
pushl %ebx
subl $4, %esp
call .L5
.L5:
popl %ebx
addl $_GLOBAL_OFFSET_TABLE_+[.-.L5], %ebx
subl $12, %esp
movl t@GOT(%ebx ), %eax
pushl (%eax)
call printf@PLT
addl $16, %esp
movl -4(%ebp), %ebx
leave
ret
.Lfe2:
.size g,.Lfe2-g
.ident "GCC: (GNU) 2.96 20000731 (Red Hat Linux 7.1 2.96-98)"
[root@proxy ~/3]# gcc -fPIC -c 1.c -o 1.o
[root@proxy ~/3]# objdump -dj .text 1.o
1.o: file format elf32-i386
Disassembly of section .text:
00000000 <f>:
0: 55 push %ebp
1: 89 e5 mov %esp,%ebp
3: 53 push %ebx
4: 83 ec 04 sub $0x4,%esp
7: e8 00 00 00 00 call c <f+0xc>
c: 5b pop %ebx
d: 81 c3 03 00 00 00 add $0x3,%ebx
13: 83 ec 0c sub $0xc,%esp
16: 8b 83 00 00 00 00 mov 0x0(%ebx),%eax
1c: ff 30 pushl (%eax)
1e: e8 fc ff ff ff call 1f <f+0x1f>
23: 83 c4 10 add $0x10,%esp
26: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
29: c9 leave
2a: c3 ret
2b: 90 nop
0000002c <g>:
2c: 55 push %ebp
2d: 89 e5 mov %esp,%ebp
2f: 53 push %ebx
30: 83 ec 04 sub $0x4,%esp
33: e8 00 00 00 00 call 38 <g+0xc>
38: 5b pop %ebx
39: 81 c3 03 00 00 00 add $0x3,%ebx
3f: 83 ec 0c sub $0xc,%esp
42: 8b 83 00 00 00 00 mov 0x0(%ebx),%eax
48: ff 30 pushl (%eax)
4a: e8 fc ff ff ff call 4b <g+0x1f>
4f: 83 c4 10 add $0x10,%esp
52: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
55: c9 leave
56: c3 ret
57: 90 nop
[root@proxy ~/3]# readelf -a 1.o
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: REL (Relocatable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x0
Start of program headers: 0 (bytes into file)
Start of section headers: 328 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 0 (bytes)
Number of program headers: 0
Size of section headers: 40 (bytes)
Number of section headers: 12
Section header string table index: 9
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 00000000 000034 000058 00 AX 0 0 4
[ 2] .rel.text REL 00000000 000454 000030 08 10 1 4
[ 3] .data PROGBITS 00000000 00008c 000008 00 WA 0 0 4
[ 4] .rel.data REL 00000000 000484 000010 08 10 3 4
[ 5] .bss NOBITS 00000000 000094 000000 00 WA 0 0 4
[ 6] .note NOTE 00000000 000094 000014 00 0 0 1
[ 7] .rodata PROGBITS 00000000 0000a8 000013 00 A 0 0 1
[ 8] .comment PROGBITS 00000000 0000bb 000036 00 0 0 1
[ 9] .shstrtab STRTAB 00000000 0000f1 000057 00 0 0 1
[10] .symtab SYMTAB 00000000 000328 0000f0 10 11 9 4
[11] .strtab STRTAB 00000000 000418 000039 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no program headers in this file.
There is no dynamic segment in this file.
Relocation section '.rel.text' at offset 0x454 contains 6 entries:
Offset Info Type Symbol's Value Symbol's Name
0000000f 00c0a R_386_GOTPC 00000000 _GLOBAL_OFFSET_TABLE_
00000018 00903 R_386_GOT32 00000000 s
0000001f 00d04 R_386_PLT32 00000000 printf
0000003b 00c0a R_386_GOTPC 00000000 _GLOBAL_OFFSET_TABLE_
00000044 00a03 R_386_GOT32 00000004 t
0000004b 00d04 R_386_PLT32 00000000 printf
Relocation section '.rel.data' at offset 0x484 contains 2 entries:
Offset Info Type Symbol's Value Symbol's Name
00000000 00601 R_386_32 00000000 .rodata
00000004 00601 R_386_32 00000000 .rodata
There are no unwind sections in this file.
Symbol table '.symtab' contains 15 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 0 FILE LOCAL DEFAULT ABS 1.c
2: 00000000 0 SECTION LOCAL DEFAULT 1
3: 00000000 0 SECTION LOCAL DEFAULT 3
4: 00000000 0 SECTION LOCAL DEFAULT 5
5: 00000000 0 NOTYPE LOCAL DEFAULT 1 gcc2_compiled.
6: 00000000 0 SECTION LOCAL DEFAULT 7
7: 00000000 0 SECTION LOCAL DEFAULT 6
8: 00000000 0 SECTION LOCAL DEFAULT 8
9: 00000000 4 OBJECT GLOBAL DEFAULT 3 s
10: 00000004 4 OBJECT GLOBAL DEFAULT 3 t
11: 00000000 43 FUNC GLOBAL DEFAULT 1 f
12: 00000000 0 NOTYPE GLOBAL DEFAULT UND _GLOBAL_OFFSET_TABLE_
13: 00000000 0 NOTYPE GLOBAL DEFAULT UND printf
14: 0000002c 43 FUNC GLOBAL DEFAULT 1 g
No version information found in this file.
附件2
4.c.txt
[root@proxy ~/3]# gcc 1.o 3.o -o 4
[root@proxy ~/3]# ./4
hello World!
abc
[root@proxy ~/3]# objdump -dj .text 4
4: file format elf32-i386
Disassembly of section .text:
080483a0 <_start>:
80483a0: 31 ed xor %ebp,%ebp
80483a2: 5e pop %esi
80483a3: 89 e1 mov %esp,%ecx
80483a5: 83 e4 f0 and $0xfffffff0,%esp
80483a8: 50 push %eax
80483a9: 54 push %esp
80483aa: 52 push %edx
80483ab: 68 50 85 04 08 push $0x8048550
80483b0: 68 24 83 04 08 push $0x8048324
80483b5: 51 push %ecx
80483b6: 56 push %esi
80483b7: 68 f8 84 04 08 push $0x80484f8
80483bc: e8 ab ff ff ff call 804836c <_init+0x48>
80483c1: f4 hlt
80483c2: 89 f6 mov %esi,%esi
080483c4 <call_gmon_start>:
80483c4: 55 push %ebp
80483c5: 89 e5 mov %esp,%ebp
80483c7: 53 push %ebx
80483c8: 50 push %eax
80483c9: e8 00 00 00 00 call 80483ce <call_gmon_start+0xa>
80483ce: 5b pop %ebx
80483cf: 81 c3 ea 11 00 00 add $0x11ea,%ebx
80483d5: 8b 83 28 00 00 00 mov 0x28(%ebx),%eax
80483db: 85 c0 test %eax,%eax
80483dd: 74 02 je 80483e1 <call_gmon_start+0x1d>
80483df: ff d0 call *%eax
80483e1: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
80483e4: c9 leave
80483e5: c3 ret
80483e6: 89 f6 mov %esi,%esi
80483e8: 90 nop
80483e9: 90 nop
80483ea: 90 nop
80483eb: 90 nop
80483ec: 90 nop
80483ed: 90 nop
80483ee: 90 nop
80483ef: 90 nop
080483f0 <__do_global_dtors_aux>:
80483f0: 55 push %ebp
80483f1: 89 e5 mov %esp,%ebp
80483f3: 83 ec 08 sub $0x8,%esp
80483f6: 8b 15 98 95 04 08 mov 0x8049598,%edx
80483fc: 85 d2 test %edx,%edx
80483fe: 75 49 jne 8048449 <__do_global_dtors_aux+0x59>
8048400: 8b 15 94 95 04 08 mov 0x8049594,%edx
8048406: 8b 02 mov (%edx),%eax
8048408: 85 c0 test %eax,%eax
804840a: 74 1a je 8048426 <__do_global_dtors_aux+0x36>
804840c: 8d 74 26 00 lea 0x0(%esi,1),%esi
8048410: 8d 42 04 lea 0x4(%edx),%eax
8048413: a3 94 95 04 08 mov %eax,0x8049594
8048418: ff 12 call *(%edx)
804841a: 8b 15 94 95 04 08 mov 0x8049594,%edx
8048420: 8b 0a mov (%edx),%ecx
8048422: 85 c9 test %ecx,%ecx
8048424: 75 ea jne 8048410 <__do_global_dtors_aux+0x20>
8048426: b8 5c 83 04 08 mov $0x804835c,%eax
804842b: 85 c0 test %eax,%eax
804842d: 74 10 je 804843f <__do_global_dtors_aux+0x4f>
804842f: 83 ec 0c sub $0xc,%esp
8048432: 68 a4 95 04 08 push $0x80495a4
8048437: e8 20 ff ff ff call 804835c <_init+0x38>
804843c: 83 c4 10 add $0x10,%esp
804843f: b8 01 00 00 00 mov $0x1,%eax
8048444: a3 98 95 04 08 mov %eax,0x8049598
8048449: 89 ec mov %ebp,%esp
804844b: 5d pop %ebp
804844c: c3 ret
804844d: 8d 76 00 lea 0x0(%esi),%esi
08048450 <fini_dummy>:
8048450: 55 push %ebp
8048451: 89 e5 mov %esp,%ebp
8048453: 83 ec 08 sub $0x8,%esp
8048456: 89 ec mov %ebp,%esp
8048458: 5d pop %ebp
8048459: c3 ret
804845a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
08048460 <frame_dummy>:
8048460: 55 push %ebp
8048461: b8 4c 83 04 08 mov $0x804834c,%eax
8048466: 89 e5 mov %esp,%ebp
8048468: 83 ec 08 sub $0x8,%esp
804846b: 85 c0 test %eax,%eax
804846d: 74 15 je 8048484 <frame_dummy+0x24>
804846f: 83 ec 08 sub $0x8,%esp
8048472: 68 ac 96 04 08 push $0x80496ac
8048477: 68 a4 95 04 08 push $0x80495a4
804847c: e8 cb fe ff ff call 804834c <_init+0x28>
8048481: 83 c4 10 add $0x10,%esp
8048484: 89 ec mov %ebp,%esp
8048486: 5d pop %ebp
8048487: c3 ret
8048488: 90 nop
8048489: 8d b4 26 00 00 00 00 lea 0x0(%esi,1),%esi
08048490 <init_dummy>:
8048490: 55 push %ebp
8048491: 89 e5 mov %esp,%ebp
8048493: 83 ec 08 sub $0x8,%esp
8048496: 89 ec mov %ebp,%esp
8048498: 5d pop %ebp
8048499: c3 ret
804849a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
080484a0 <f>:
80484a0: 55 push %ebp
80484a1: 89 e5 mov %esp,%ebp
80484a3: 53 push %ebx
80484a4: 83 ec 04 sub $0x4,%esp
80484a7: e8 00 00 00 00 call 80484ac <f+0xc>
80484ac: 5b pop %ebx
80484ad: 81 c3 0c 11 00 00 add $0x110c,%ebx
80484b3: 83 ec 0c sub $0xc,%esp
80484b6: 8b 83 24 00 00 00 mov 0x24(%ebx),%eax
80484bc: ff 30 pushl (%eax)
80484be: e8 b9 fe ff ff call 804837c <_init+0x58>
80484c3: 83 c4 10 add $0x10,%esp
80484c6: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
80484c9: c9 leave
80484ca: c3 ret
80484cb: 90 nop
080484cc <g>:
80484cc: 55 push %ebp
80484cd: 89 e5 mov %esp,%ebp
80484cf: 53 push %ebx
80484d0: 83 ec 04 sub $0x4,%esp
80484d3: e8 00 00 00 00 call 80484d8 <g+0xc>
80484d8: 5b pop %ebx
80484d9: 81 c3 e0 10 00 00 add $0x10e0,%ebx
80484df: 83 ec 0c sub $0xc,%esp
80484e2: 8b 83 20 00 00 00 mov 0x20(%ebx),%eax
80484e8: ff 30 pushl (%eax)
80484ea: e8 8d fe ff ff call 804837c <_init+0x58>
80484ef: 83 c4 10 add $0x10,%esp
80484f2: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
80484f5: c9 leave
80484f6: c3 ret
80484f7: 90 nop
080484f8 <main>:
80484f8: 55 push %ebp
80484f9: 89 e5 mov %esp,%ebp
80484fb: 83 ec 08 sub $0x8,%esp
80484fe: e8 9d ff ff ff call 80484a0 <f>
8048503: e8 c4 ff ff ff call 80484cc <g>
8048508: b8 00 00 00 00 mov $0x0,%eax
804850d: c9 leave
804850e: c3 ret
804850f: 90 nop
08048510 <__do_global_ctors_aux>:
8048510: 55 push %ebp
8048511: 89 e5 mov %esp,%ebp
8048513: 53 push %ebx
8048514: 83 ec 04 sub $0x4,%esp
8048517: a1 a8 95 04 08 mov 0x80495a8,%eax
804851c: bb a8 95 04 08 mov $0x80495a8,%ebx
8048521: 83 f8 ff cmp $0xffffffff,%eax
8048524: 74 16 je 804853c <__do_global_ctors_aux+0x2c>
8048526: 8d 76 00 lea 0x0(%esi),%esi
8048529: 8d bc 27 00 00 00 00 lea 0x0(%edi,1),%edi
8048530: 83 eb 04 sub $0x4,%ebx
8048533: ff d0 call *%eax
8048535: 8b 03 mov (%ebx),%eax
8048537: 83 f8 ff cmp $0xffffffff,%eax
804853a: 75 f4 jne 8048530 <__do_global_ctors_aux+0x20>
804853c: 58 pop %eax
804853d: 5b pop %ebx
804853e: 5d pop %ebp
804853f: c3 ret
08048540 <init_dummy>:
8048540: 55 push %ebp
8048541: 89 e5 mov %esp,%ebp
8048543: 83 ec 08 sub $0x8,%esp
8048546: 89 ec mov %ebp,%esp
8048548: 5d pop %ebp
8048549: c3 ret
804854a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
[root@proxy ~/3]# readelf -a 4
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x80483a0
Start of program headers: 52 (bytes into file)
Start of section headers: 10948 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 6
Size of section headers: 40 (bytes)
Number of section headers: 30
Section header string table index: 27
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .interp PROGBITS 080480f4 0000f4 000013 00 A 0 0 1
[ 2] .note.ABI-tag NOTE 08048108 000108 000020 00 A 0 0 4
[ 3] .hash HASH 08048128 000128 00003c 04 A 4 0 4
[ 4] .dynsym DYNSYM 08048164 000164 0000a0 10 A 5 1 4
[ 5] .dynstr STRTAB 08048204 000204 000099 00 A 0 0 1
[ 6] .gnu.version VERSYM 0804829e 00029e 000014 02 A 4 0 2
[ 7] .gnu.version_r VERNEED 080482b4 0002b4 000030 00 A 5 1 4
[ 8] .rel.dyn REL 080482e4 0002e4 000018 08 A 4 0 4
[ 9] .rel.plt REL 080482fc 0002fc 000028 08 A 4 b 4
[10] .init PROGBITS 08048324 000324 000018 00 AX 0 0 4
[11] .plt PROGBITS 0804833c 00033c 000060 04 AX 0 0 4
[12] .text PROGBITS 080483a0 0003a0 0001b0 00 AX 0 0 16
[13] .fini PROGBITS 08048550 000550 00001e 00 AX 0 0 4
[14] .rodata PROGBITS 08048570 000570 00001b 00 A 0 0 4
[15] .data PROGBITS 0804958c 00058c 000018 00 WA 0 0 4
[16] .eh_frame PROGBITS 080495a4 0005a4 000004 00 WA 0 0 4
[17] .ctors PROGBITS 080495a8 0005a8 000008 00 WA 0 0 4
[18] .dtors PROGBITS 080495b0 0005b0 000008 00 WA 0 0 4
[19] .got PROGBITS 080495b8 0005b8 00002c 04 WA 0 0 4
[20] .dynamic DYNAMIC 080495e4 0005e4 0000c8 08 WA 5 0 4
[21] .sbss PROGBITS 080496ac 0006ac 000000 00 W 0 0 1
[22] .bss NOBITS 080496ac 0006ac 000018 00 WA 0 0 4
[23] .stab PROGBITS 00000000 0006ac 0007a4 0c 24 0 4
[24] .stabstr STRTAB 00000000 000e50 001983 00 0 0 1
[25] .comment PROGBITS 00000000 0027d3 00017a 00 0 0 1
[26] .note NOTE 00000000 00294d 00008c 00 0 0 1
[27] .shstrtab STRTAB 00000000 0029d9 0000e9 00 0 0 1
[28] .symtab SYMTAB 00000000 002f74 000540 10 29 3d 4
[29] .strtab STRTAB 00000000 0034b4 000234 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x08048034 0x08048034 0x000c0 0x000c0 R E 0x4
INTERP 0x0000f4 0x080480f4 0x080480f4 0x00013 0x00013 R 0x1
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD 0x000000 0x08048000 0x08048000 0x0058b 0x0058b R E 0x1000
LOAD 0x00058c 0x0804958c 0x0804958c 0x00120 0x00138 RW 0x1000
DYNAMIC 0x0005e4 0x080495e4 0x080495e4 0x000c8 0x000c8 RW 0x4
NOTE 0x000108 0x08048108 0x08048108 0x00020 0x00020 R 0x4
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata
03 .data .eh_frame .ctors .dtors .got .dynamic .bss
04 .dynamic
05 .note.ABI-tag
Dynamic segment at offset 0x5e4 contains 20 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000c (INIT) 0x8048324
0x0000000d (FINI) 0x8048550
0x00000004 (HASH) 0x8048128
0x00000005 (STRTAB) 0x8048204
0x00000006 (SYMTAB) 0x8048164
0x0000000a (STRSZ) 131 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000015 (DEBUG) 0x0
0x00000003 (PLTGOT) 0x80495b8
0x00000002 (PLTRELSZ) 40 (bytes)
0x00000014 (PLTREL) REL
0x00000017 (JMPREL) 0x80482fc
0x00000011 (REL) 0x80482e4
0x00000012 (RELSZ) 24 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x6ffffffe (VERNEED) 0x80482b4
0x6fffffff (VERNEEDNUM) 1
0x6ffffff0 (VERSYM) 0x804829e
0x00000000 (NULL) 0x0
Relocation section '.rel.dyn' at offset 0x2e4 contains 3 entries:
Offset Info Type Symbol's Value Symbol's Name
080495d8 00106 R_386_GLOB_DAT 080495a0 t
080495dc 00606 R_386_GLOB_DAT 0804959c s
080495e0 00906 R_386_GLOB_DAT 00000000 __gmon_start__
Relocation section '.rel.plt' at offset 0x2fc contains 5 entries:
Offset Info Type Symbol's Value Symbol's Name
080495c4 00207 R_386_JUMP_SLOT 0804834c __register_frame_info
080495c8 00307 R_386_JUMP_SLOT 0804835c __deregister_frame_info
080495cc 00407 R_386_JUMP_SLOT 0804836c __libc_start_main
080495d0 00507 R_386_JUMP_SLOT 0804837c printf
080495d4 00707 R_386_JUMP_SLOT 0804838c __cxa_finalize
There are no unwind sections in this file.
Symbol table '.dynsym' contains 10 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 080495a0 4 OBJECT GLOBAL DEFAULT 15 t
2: 0804834c 129 FUNC WEAK DEFAULT UND __register_frame_info@GLIBC_2.0 (2)
3: 0804835c 172 FUNC WEAK DEFAULT UND __deregister_frame_info@GLIBC_2.0 (2)
4: 0804836c 202 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (2)
5: 0804837c 50 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.0 (2)
6: 0804959c 4 OBJECT GLOBAL DEFAULT 15 s
7: 0804838c 157 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.1.3 (3)
8: 08048574 4 OBJECT GLOBAL DEFAULT 14 _IO_stdin_used
9: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
Symbol table '.symtab' contains 84 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 080480f4 0 SECTION LOCAL DEFAULT 1
2: 08048108 0 SECTION LOCAL DEFAULT 2
3: 08048128 0 SECTION LOCAL DEFAULT 3
4: 08048164 0 SECTION LOCAL DEFAULT 4
5: 08048204 0 SECTION LOCAL DEFAULT 5
6: 0804829e 0 SECTION LOCAL DEFAULT 6
7: 080482b4 0 SECTION LOCAL DEFAULT 7
8: 080482e4 0 SECTION LOCAL DEFAULT 8
9: 080482fc 0 SECTION LOCAL DEFAULT 9
10: 08048324 0 SECTION LOCAL DEFAULT 10
11: 0804833c 0 SECTION LOCAL DEFAULT 11
12: 080483a0 0 SECTION LOCAL DEFAULT 12
13: 08048550 0 SECTION LOCAL DEFAULT 13
14: 08048570 0 SECTION LOCAL DEFAULT 14
15: 0804958c 0 SECTION LOCAL DEFAULT 15
16: 080495a4 0 SECTION LOCAL DEFAULT 16
17: 080495a8 0 SECTION LOCAL DEFAULT 17
18: 080495b0 0 SECTION LOCAL DEFAULT 18
19: 080495b8 0 SECTION LOCAL DEFAULT 19
20: 080495e4 0 SECTION LOCAL DEFAULT 20
21: 080496ac 0 SECTION LOCAL DEFAULT 21
22: 080496ac 0 SECTION LOCAL DEFAULT 22
23: 00000000 0 SECTION LOCAL DEFAULT 23
24: 00000000 0 SECTION LOCAL DEFAULT 24
25: 00000000 0 SECTION LOCAL DEFAULT 25
26: 00000000 0 SECTION LOCAL DEFAULT 26
27: 00000000 0 SECTION LOCAL DEFAULT 27
28: 00000000 0 SECTION LOCAL DEFAULT 28
29: 00000000 0 SECTION LOCAL DEFAULT 29
30: 00000000 0 FILE LOCAL DEFAULT ABS initfini.c
31: 080483c4 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
32: 080483c4 0 FUNC LOCAL DEFAULT 12 call_gmon_start
33: 00000000 0 FILE LOCAL DEFAULT ABS init.c
34: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
35: 080483f0 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
36: 08049594 0 OBJECT LOCAL DEFAULT 15 p.0
37: 080495b0 0 OBJECT LOCAL DEFAULT 18 __DTOR_LIST__
38: 08049598 0 OBJECT LOCAL DEFAULT 15 completed.1
39: 080483f0 0 FUNC LOCAL DEFAULT 12 __do_global_dtors_aux
40: 080495a4 0 OBJECT LOCAL DEFAULT 16 __EH_FRAME_BEGIN__
41: 08048450 0 FUNC LOCAL DEFAULT 12 fini_dummy
42: 080496ac 24 OBJECT LOCAL DEFAULT 22 object.2
43: 08048460 0 FUNC LOCAL DEFAULT 12 frame_dummy
44: 08048490 0 FUNC LOCAL DEFAULT 12 init_dummy
45: 0804959c 0 OBJECT LOCAL DEFAULT 15 force_to_data
46: 080495a8 0 OBJECT LOCAL DEFAULT 17 __CTOR_LIST__
47: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
48: 08048510 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
49: 08048510 0 FUNC LOCAL DEFAULT 12 __do_global_ctors_aux
50: 080495ac 0 OBJECT LOCAL DEFAULT 17 __CTOR_END__
51: 08048540 0 FUNC LOCAL DEFAULT 12 init_dummy
52: 080495a4 0 OBJECT LOCAL DEFAULT 15 force_to_data
53: 080495b4 0 OBJECT LOCAL DEFAULT 18 __DTOR_END__
54: 080495a4 0 OBJECT LOCAL DEFAULT 16 __FRAME_END__
55: 00000000 0 FILE LOCAL DEFAULT ABS initfini.c
56: 08048550 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
57: 00000000 0 FILE LOCAL DEFAULT ABS 1.c
58: 080484a0 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
59: 00000000 0 FILE LOCAL DEFAULT ABS 3.c
60: 080484f8 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
61: 080495a0 4 OBJECT GLOBAL DEFAULT 15 t
62: 080495e4 0 OBJECT GLOBAL DEFAULT 20 _DYNAMIC
63: 080484a0 43 FUNC GLOBAL DEFAULT 12 f
64: 0804834c 129 FUNC WEAK DEFAULT UND __register_frame_info@@GLIBC_2.0
65: 08048570 4 NOTYPE GLOBAL DEFAULT 14 _fp_hw
66: 080484cc 43 FUNC GLOBAL DEFAULT 12 g
67: 08048324 0 FUNC GLOBAL DEFAULT 10 _init
68: 0804835c 172 FUNC WEAK DEFAULT UND __deregister_frame_info@@GLIBC_2.0
69: 080483a0 0 FUNC GLOBAL DEFAULT 12 _start
70: 080496ac 0 OBJECT GLOBAL DEFAULT ABS __bss_start
71: 080484f8 23 FUNC GLOBAL DEFAULT 12 main
72: 0804836c 202 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.0
73: 0804958c 0 NOTYPE WEAK DEFAULT 15 data_start
74: 0804837c 50 FUNC GLOBAL DEFAULT UND printf@@GLIBC_2.0
75: 08048550 0 FUNC GLOBAL DEFAULT 13 _fini
76: 0804959c 4 OBJECT GLOBAL DEFAULT 15 s
77: 0804838c 157 FUNC WEAK DEFAULT UND __cxa_finalize@@GLIBC_2.1.3
78: 080496ac 0 OBJECT GLOBAL DEFAULT ABS _edata
79: 080495b8 0 OBJECT GLOBAL DEFAULT 19 _GLOBAL_OFFSET_TABLE_
80: 080496c4 0 OBJECT GLOBAL DEFAULT ABS _end
81: 08048574 4 OBJECT GLOBAL DEFAULT 14 _IO_stdin_used
82: 0804958c 0 NOTYPE GLOBAL DEFAULT 15 __data_start
83: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
Histogram for bucket list length (total of 3 buckets):
Length Number % of total Coverage
0 0 ( 0.0%)
1 1 ( 33.3%) 11.1%
2 0 ( 0.0%) 11.1%
3 0 ( 0.0%) 11.1%
4 2 ( 66.7%) 100.0%
Version symbols section '.gnu.version' contains 10 entries:
Addr: 000000000804829e Offset: 0x00029e Link: 4 (.dynsym)
000: 0 (*local*) 1 (*global*) 2 (GLIBC_2.0) 2 (GLIBC_2.0)
004: 2 (GLIBC_2.0) 2 (GLIBC_2.0) 1 (*global*) 3 (GLIBC_2.1.3)
008: 1 (*global*) 0 (*local*)
Version needs section '.gnu.version_r' contains 1 entries:
Addr: 0x00000000080482b4 Offset: 0x0002b4 Link to section: 5 (.dynstr)
000000: Version: 1 File: libc.so.6 Cnt: 2
0x0010: Name: GLIBC_2.1.3 Flags: none Version: 3
0x0020: Name: GLIBC_2.0 Flags: none Version: 2
重定位类型分析(3)
本文分析剩下的四种类型R_386_COPY,R_386_JMP_SLOT,R_386_RELATIVE,R_386_GOTOFF
R_386_RELATIVE 8 word32 B + A
R_386_JMP_SLOT 7 word32 S
R_386_GOTOFF 9 word32 S + A - GOT
R_386_COPY 5 none none
>>>>>>>>>>>>R_386_RELATIVE 用于局部变量,执行时重定位
查看1.c.txt中1.so的readelf
000013c8 00008 R_386_RELATIVE
000013cc 00008 R_386_RELATIVE
offset 00013c8 是地址,相对于1.so加载地址,显然是在.data节中,没有符号名,那他们是什么呢?
[ 9] .data PROGBITS 000013c8 0003c8 000008 00 WA 0 0 4
[root@proxy ~/3]# objdump -sj .data 1.so
1.so: file format elf32-i386
Contents of section .data:
13c8 b4030000 c2030000 ........
值分别是03b4和03c2,应该是位于.rodata中
[root@proxy ~/3]# objdump -sj .rodata 1.so
1.so: file format elf32-i386
Contents of section .rodata:
03b4 68656c6c 6f20576f 726c6421 0a006162 hello World!..ab
03c4 6300 c.
果然是的.
R_386_RELATIVE 8 word32 B + A,使用加载地址+Offset处值来重定位
验证:由于是执行时连接,需要启用gdb来调试看看
[root@proxy ~/3]# ldd 4
1.so => /usr/lib/1.so (0x4002a000)
libc.so.6 => /lib/i686/libc.so.6 (0x4002c000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
因此
000013c8 00008 R_386_RELATIVE
000013cc 00008 R_386_RELATIVE
加载后的地址为0x4002b3c8,0x4002b3cc
[root@proxy ~/3]# cp 1.so /usr/lib
cp: overwrite `/usr/lib/1.so'? y
[root@proxy ~/3]# gdb -q ./4
(gdb) b main
Breakpoint 1 at 0x8048596
(gdb) r
Starting program: /root/3/./4
Breakpoint 1, 0x08048596 in main ()
(gdb) x/w 0x4002b3c8
0x4002b3c8 <s>: 0x4002a3b4
(gdb) x/w 0x4002b3cc
0x4002b3cc <t>: 0x4002a3c2
(gdb)
Contents of section .data:
13c8 b4030000 c2030000 ........
分别加上0x4002a000就是上面的结果
>>>>>>>>>>>R_386_JMP_SLOT 用于函数,执行时重定位
这个简单,应该修正为符号的实际值S(例如函数f的地址)
>>>>>>>>>>>R_386_GOTOFF 用于静态变量,链接是重定位
1.o中 .rel.text节中的该类型条目有:
00000018 00309 R_386_GOTOFF 00000000 .data
该条目的意思就是GOT生成后,并在GOT表中为该静态变量分配条目后,将该条目在GOT表中的index写入到.text节中偏移地址为0000 0018 的地方。
1.o中.text节中的代码
16: ff b3 00 00 00 00 pushl 0x0(%ebx)
相应的汇编代码:
pushl s@GOTOFF(%ebx )
通过链接成.so库以后生成的结果:
生成1.so中
372: ff b3 f8 ff ff ff pushl 0xfffffff8(%ebx)
修正值为0xfffffff8,即-8,即got-8处.
[root@proxy ~/3]# objdump -sj .data 1.so
1.so: file format elf32-i386
Contents of section .data:
13c8 b4030000 c2030000 ........
即s的值为03b4,指向.rodata
[root@proxy ~/3]# objdump -sj .rodata 1.so
1.so: file format elf32-i386
Contents of section .rodata:
03b4 68656c6c 6f20576f 726c6421 0a006162 hello World!..ab
03c4 6300 c.
所以R_386_GOTOFF的修正方式是:将符号地址和GOT地址差值加上Offset处值存入Offset处.//S + A - GOT
>>>>>R_386_COPY,用于全局变量,执行时重定位
4中.rel.dyn节中有如下条目:
08049748 00105 R_386_COPY 08049748 t
该条目的意思是将.text节中08049748地方的内容修改为动态节符号节.dynsym中相应符号地址中内容。
[22] .bss NOBITS 08049748 000748 00001c 00 WA 0 0 4 //在.bss中1.so中
在.dynsym节中有如下条目:
16: 000013cc 4 OBJECT GLOBAL DEFAULT 9 t
加载地址0x4002a00,所以t的值是0x4002b3cc
abcabc[root@proxy ~/3]# gdb -q ./4
(gdb) b main
Breakpoint 1 at 0x8048596
(gdb) r
Starting program: /root/3/./4
Breakpoint 1, 0x08048596 in main ()
(gdb) x /w 0x08049748 //查4中t的值
0x8049748 <t>: 0x4002a3c2
(gdb) x /w 0x4002b3cc //查1.so中t的值
0x4002b3cc <t>: 0x4002a3c2
(gdb)
两个值相等
所以R_386_COPY的修正方式是:将解析到的符号地址处的值(大小由size决定)复制到Offset处。
这实现了每个可执行文件都有独立的全局变量,而不互相干扰。
可以发现重定位目标文件有.symtab表,这个表是必须的,虽然可以用strip去掉,但是最终连接时会出错
而动态链接库文件和可执行文件有.dynsym和.symtab,.dynsym是必须的,而.symtab不是,可以执行strip命令去掉
附件1
1.c
[root@proxy ~/3]# cat 1.c
#include <stdio.h>
static char *s="hello World!/n";
char *t="abc";
void f()
{
printf(s);
}
void g()
{
printf(t);
}
[root@proxy ~/3]# gcc -fPIC -S 1.c
[root@proxy ~/3]# cat 1.s
.file "1.c"
.version "01.01"
gcc2_compiled.:
.section .rodata
.LC0:
.string "hello World!/n"
.data
.align 4
.type s,@object
.size s,4
s:
.long .LC0
.globl t
.section .rodata
.LC1:
.string "abc"
.data
.align 4
.type t,@object
.size t,4
t:
.long .LC1
.text
.align 4
.globl f
.type f,@function
f:
pushl %ebp
movl %esp, %ebp
pushl %ebx
subl $4, %esp
call .L3
.L3:
popl %ebx
addl $_GLOBAL_OFFSET_TABLE_+[.-.L3], %ebx
subl $12, %esp
pushl s@GOTOFF(%ebx )
call printf@PLT
addl $16, %esp
movl -4(%ebp), %ebx
leave
ret
.Lfe1:
.size f,.Lfe1-f
.align 4
.globl g
.type g,@function
g:
pushl %ebp
movl %esp, %ebp
pushl %ebx
subl $4, %esp
call .L5
.L5:
popl %ebx
addl $_GLOBAL_OFFSET_TABLE_+[.-.L5], %ebx
subl $12, %esp
movl t@GOT(%ebx ), %eax
pushl (%eax)
call printf@PLT
addl $16, %esp
movl -4(%ebp), %ebx
leave
ret
.Lfe2:
.size g,.Lfe2-g
.ident "GCC: (GNU) 2.96 20000731 (Red Hat Linux 7.1 2.96-98)"
[root@proxy ~/3]# gcc -fPIC -c 1.c -o 1.o
[root@proxy ~/3]# ld -shared 1.o -o 1.so
[root@proxy ~/3]# objdump -dj .text 1.o
1.o: file format elf32-i386
Disassembly of section .text:
00000000 <f>:
0: 55 push %ebp
1: 89 e5 mov %esp,%ebp
3: 53 push %ebx
4: 83 ec 04 sub $0x4,%esp
7: e8 00 00 00 00 call c <f+0xc>
c: 5b pop %ebx
d: 81 c3 03 00 00 00 add $0x3,%ebx
13: 83 ec 0c sub $0xc,%esp
16: ff b3 00 00 00 00 pushl 0x0(%ebx)
1c: e8 fc ff ff ff call 1d <f+0x1d>
21: 83 c4 10 add $0x10,%esp
24: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
27: c9 leave
28: c3 ret
29: 8d 76 00 lea 0x0(%esi),%esi
0000002c <g>:
2c: 55 push %ebp
2d: 89 e5 mov %esp,%ebp
2f: 53 push %ebx
30: 83 ec 04 sub $0x4,%esp
33: e8 00 00 00 00 call 38 <g+0xc>
38: 5b pop %ebx
39: 81 c3 03 00 00 00 add $0x3,%ebx
3f: 83 ec 0c sub $0xc,%esp
42: 8b 83 00 00 00 00 mov 0x0(%ebx),%eax
48: ff 30 pushl (%eax)
4a: e8 fc ff ff ff call 4b <g+0x1f>
4f: 83 c4 10 add $0x10,%esp
52: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
55: c9 leave
56: c3 ret
57: 90 nop
[root@proxy ~/3]# readelf -a 1.o
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: REL (Relocatable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x0
Start of program headers: 0 (bytes into file)
Start of section headers: 328 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 0 (bytes)
Number of program headers: 0
Size of section headers: 40 (bytes)
Number of section headers: 12
Section header string table index: 9
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 00000000 000034 000058 00 AX 0 0 4
[ 2] .rel.text REL 00000000 000454 000030 08 10 1 4
[ 3] .data PROGBITS 00000000 00008c 000008 00 WA 0 0 4
[ 4] .rel.data REL 00000000 000484 000010 08 10 3 4
[ 5] .bss NOBITS 00000000 000094 000000 00 WA 0 0 4
[ 6] .note NOTE 00000000 000094 000014 00 0 0 1
[ 7] .rodata PROGBITS 00000000 0000a8 000012 00 A 0 0 1
[ 8] .comment PROGBITS 00000000 0000ba 000036 00 0 0 1
[ 9] .shstrtab STRTAB 00000000 0000f0 000057 00 0 0 1
[10] .symtab SYMTAB 00000000 000328 0000f0 10 11 a 4
[11] .strtab STRTAB 00000000 000418 000039 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no program headers in this file.
There is no dynamic segment in this file.
Relocation section '.rel.text' at offset 0x454 contains 6 entries:
Offset Info Type Symbol's Value Symbol's Name
0000000f 00c0a R_386_GOTPC 00000000 _GLOBAL_OFFSET_TABLE_
00000018 00309 R_386_GOTOFF 00000000 .data
0000001d 00d04 R_386_PLT32 00000000 printf
0000003b 00c0a R_386_GOTPC 00000000 _GLOBAL_OFFSET_TABLE_
00000044 00a03 R_386_GOT32 00000004 t
0000004b 00d04 R_386_PLT32 00000000 printf
Relocation section '.rel.data' at offset 0x484 contains 2 entries:
Offset Info Type Symbol's Value Symbol's Name
00000000 00601 R_386_32 00000000 .rodata
00000004 00601 R_386_32 00000000 .rodata
There are no unwind sections in this file.
Symbol table '.symtab' contains 15 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 0 FILE LOCAL DEFAULT ABS 1.c
2: 00000000 0 SECTION LOCAL DEFAULT 1
3: 00000000 0 SECTION LOCAL DEFAULT 3
4: 00000000 0 SECTION LOCAL DEFAULT 5
5: 00000000 0 NOTYPE LOCAL DEFAULT 1 gcc2_compiled.
6: 00000000 0 SECTION LOCAL DEFAULT 7
7: 00000000 4 OBJECT LOCAL DEFAULT 3 s
8: 00000000 0 SECTION LOCAL DEFAULT 6
9: 00000000 0 SECTION LOCAL DEFAULT 8
10: 00000004 4 OBJECT GLOBAL DEFAULT 3 t
11: 00000000 41 FUNC GLOBAL DEFAULT 1 f
12: 00000000 0 NOTYPE GLOBAL DEFAULT UND _GLOBAL_OFFSET_TABLE_
13: 00000000 0 NOTYPE GLOBAL DEFAULT UND printf
14: 0000002c 43 FUNC GLOBAL DEFAULT 1 g
No version information found in this file.
[root@proxy ~/3]# objdump -dj .text 1.so
1.so: file format elf32-i386
Disassembly of section .text:
0000035c <f>:
35c: 55 push %ebp
35d: 89 e5 mov %esp,%ebp
35f: 53 push %ebx
360: 83 ec 04 sub $0x4,%esp
363: e8 00 00 00 00 call 368 <f+0xc>
368: 5b pop %ebx
369: 81 c3 68 10 00 00 add $0x1068,%ebx
36f: 83 ec 0c sub $0xc,%esp
372: ff b3 f8 ff ff ff pushl 0xfffffff8(%ebx)
378: e8 cf ff ff ff call 34c <f-0x10>
37d: 83 c4 10 add $0x10,%esp
380: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
383: c9 leave
384: c3 ret
385: 8d 76 00 lea 0x0(%esi),%esi
00000388 <g>:
388: 55 push %ebp
389: 89 e5 mov %esp,%ebp
38b: 53 push %ebx
38c: 83 ec 04 sub $0x4,%esp
38f: e8 00 00 00 00 call 394 <g+0xc>
394: 5b pop %ebx
395: 81 c3 3c 10 00 00 add $0x103c,%ebx
39b: 83 ec 0c sub $0xc,%esp
39e: 8b 83 10 00 00 00 mov 0x10(%ebx),%eax
3a4: ff 30 pushl (%eax)
3a6: e8 a1 ff ff ff call 34c <f-0x10>
3ab: 83 c4 10 add $0x10,%esp
3ae: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
3b1: c9 leave
3b2: c3 ret
3b3: 90 no
[root@proxy ~/3]# readelf -a 1.so
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Shared object file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x35c
Start of program headers: 52 (bytes into file)
Start of section headers: 1348 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 3
Size of section headers: 40 (bytes)
Number of section headers: 19
Section header string table index: 16
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .hash HASH 00000094 000094 0000b0 04 A 2 0 4
[ 2] .dynsym DYNSYM 00000144 000144 000190 10 A 3 10 4
[ 3] .dynstr STRTAB 000002d4 0002d4 000045 00 A 0 0 1
[ 4] .rel.dyn REL 0000031c 00031c 000018 08 A 2 0 4
[ 5] .rel.plt REL 00000334 000334 000008 08 A 2 6 4
[ 6] .plt PROGBITS 0000033c 00033c 000020 04 AX 0 0 4
[ 7] .text PROGBITS 0000035c 00035c 000058 00 AX 0 0 4
[ 8] .rodata PROGBITS 000003b4 0003b4 000012 00 A 0 0 1
[ 9] .data PROGBITS 000013c8 0003c8 000008 00 WA 0 0 4
[10] .got PROGBITS 000013d0 0003d0 000014 04 WA 0 0 4
[11] .dynamic DYNAMIC 000013e4 0003e4 000090 08 WA 3 0 4
[12] .sbss PROGBITS 00001474 000474 000000 00 W 0 0 1
[13] .bss NOBITS 00001474 000474 000000 00 WA 0 0 4
[14] .comment PROGBITS 00000000 000474 000036 00 0 0 1
[15] .note NOTE 00000000 0004aa 000014 00 0 0 1
[16] .shstrtab STRTAB 00000000 0004be 000084 00 0 0 1
[17] .symtab SYMTAB 00000000 00083c 0001f0 10 18 16 4
[18] .strtab STRTAB 00000000 000a2c 00005a 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x00000000 0x00000000 0x003c6 0x003c6 R E 0x1000
LOAD 0x0003c8 0x000013c8 0x000013c8 0x000ac 0x000ac RW 0x1000
DYNAMIC 0x0003e4 0x000013e4 0x000013e4 0x00090 0x00090 RW 0x4
Section to Segment mapping:
Segment Sections...
00 .hash .dynsym .dynstr .rel.dyn .rel.plt .plt .text .rodata
01 .data .got .dynamic
02 .dynamic
Dynamic segment at offset 0x3e4 contains 14 entries:
Tag Type Name/Value
0x00000004 (HASH) 0x94
0x00000005 (STRTAB) 0x2d4
0x00000006 (SYMTAB) 0x144
0x0000000a (STRSZ) 69 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000003 (PLTGOT) 0x13d0
0x00000002 (PLTRELSZ) 8 (bytes)
0x00000014 (PLTREL) REL
0x00000017 (JMPREL) 0x334
0x00000011 (REL) 0x31c
0x00000012 (RELSZ) 24 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x6ffffffa (RELCOUNT) 2
0x00000000 (NULL) 0x0
Relocation section '.rel.dyn' at offset 0x31c contains 3 entries:
Offset Info Type Symbol's Value Symbol's Name
000013c8 00008 R_386_RELATIVE
000013cc 00008 R_386_RELATIVE
000013e0 01006 R_386_GLOB_DAT 000013cc t
Relocation section '.rel.plt' at offset 0x334 contains 1 entries:
Offset Info Type Symbol's Value Symbol's Name
000013dc 01107 R_386_JUMP_SLOT 00000000 printf
There are no unwind sections in this file.
Symbol table '.dynsym' contains 25 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000094 0 SECTION LOCAL DEFAULT 1
2: 00000144 0 SECTION LOCAL DEFAULT 2
3: 000002d4 0 SECTION LOCAL DEFAULT 3
4: 0000031c 0 SECTION LOCAL DEFAULT 4
5: 00000334 0 SECTION LOCAL DEFAULT 5
6: 0000033c 0 SECTION LOCAL DEFAULT 6
7: 0000035c 0 SECTION LOCAL DEFAULT 7
8: 000003b4 0 SECTION LOCAL DEFAULT 8
9: 000013c8 0 SECTION LOCAL DEFAULT 9
10: 000013d0 0 SECTION LOCAL DEFAULT 10
11: 000013e4 0 SECTION LOCAL DEFAULT 11
12: 00001474 0 SECTION LOCAL DEFAULT 12
13: 00001474 0 SECTION LOCAL DEFAULT 13
14: 00000000 0 SECTION LOCAL DEFAULT 14
15: 00000000 0 SECTION LOCAL DEFAULT 15
16: 000013cc 4 OBJECT GLOBAL DEFAULT 9 t
17: 00000000 0 NOTYPE GLOBAL DEFAULT UND printf
18: 000013e4 0 OBJECT GLOBAL DEFAULT ABS _DYNAMIC
19: 0000035c 41 FUNC GLOBAL DEFAULT 7 f
20: 00000388 43 FUNC GLOBAL DEFAULT 7 g
21: 00001474 0 OBJECT GLOBAL DEFAULT ABS __bss_start
22: 00001474 0 OBJECT GLOBAL DEFAULT ABS _edata
23: 000013d0 0 OBJECT GLOBAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_
24: 00001474 0 OBJECT GLOBAL DEFAULT ABS _end
Symbol table '.symtab' contains 31 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000094 0 SECTION LOCAL DEFAULT 1
2: 00000144 0 SECTION LOCAL DEFAULT 2
3: 000002d4 0 SECTION LOCAL DEFAULT 3
4: 0000031c 0 SECTION LOCAL DEFAULT 4
5: 00000334 0 SECTION LOCAL DEFAULT 5
6: 0000033c 0 SECTION LOCAL DEFAULT 6
7: 0000035c 0 SECTION LOCAL DEFAULT 7
8: 000003b4 0 SECTION LOCAL DEFAULT 8
9: 000013c8 0 SECTION LOCAL DEFAULT 9
10: 000013d0 0 SECTION LOCAL DEFAULT 10
11: 000013e4 0 SECTION LOCAL DEFAULT 11
12: 00001474 0 SECTION LOCAL DEFAULT 12
13: 00001474 0 SECTION LOCAL DEFAULT 13
14: 00000000 0 SECTION LOCAL DEFAULT 14
15: 00000000 0 SECTION LOCAL DEFAULT 15
16: 00000000 0 SECTION LOCAL DEFAULT 16
17: 00000000 0 SECTION LOCAL DEFAULT 17
18: 00000000 0 SECTION LOCAL DEFAULT 18
19: 00000000 0 FILE LOCAL DEFAULT ABS 1.c
20: 0000035c 0 NOTYPE LOCAL DEFAULT 7 gcc2_compiled.
21: 000013c8 4 OBJECT LOCAL DEFAULT 9 s
22: 000013cc 4 OBJECT GLOBAL DEFAULT 9 t
23: 00000000 0 NOTYPE GLOBAL DEFAULT UND printf
24: 000013e4 0 OBJECT GLOBAL DEFAULT ABS _DYNAMIC
25: 0000035c 41 FUNC GLOBAL DEFAULT 7 f
26: 00000388 43 FUNC GLOBAL DEFAULT 7 g
27: 00001474 0 OBJECT GLOBAL DEFAULT ABS __bss_start
28: 00001474 0 OBJECT GLOBAL DEFAULT ABS _edata
29: 000013d0 0 OBJECT GLOBAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_
30: 00001474 0 OBJECT GLOBAL DEFAULT ABS _end
Histogram for bucket list length (total of 17 buckets):
Length Number % of total Coverage
0 9 ( 52.9%)
1 7 ( 41.2%) 77.8%
2 1 ( 5.9%) 100.0%
No version information found in this file.
附件2
4.c
[root@proxy ~/3]# cat 2.c
#include <stdio.h>
extern char *t;
int main()
{
f();
g();
printf(t);
return 0;
}
[root@proxy ~/3]# gcc -c 2.c -o 2.o
[root@proxy ~/3]# gcc 2.o 1.so -o 4
[root@proxy ~/3]# objdump -dj .text 4
4: file format elf32-i386
Disassembly of section .text:
08048490 <_start>:
8048490: 31 ed xor %ebp,%ebp
8048492: 5e pop %esi
8048493: 89 e1 mov %esp,%ecx
8048495: 83 e4 f0 and $0xfffffff0,%esp
8048498: 50 push %eax
8048499: 54 push %esp
804849a: 52 push %edx
804849b: 68 00 86 04 08 push $0x8048600
80484a0: 68 ec 83 04 08 push $0x80483ec
80484a5: 51 push %ecx
80484a6: 56 push %esi
80484a7: 68 90 85 04 08 push $0x8048590
80484ac: e8 a3 ff ff ff call 8048454 <_init+0x68>
80484b1: f4 hlt
80484b2: 89 f6 mov %esi,%esi
080484b4 <call_gmon_start>:
80484b4: 55 push %ebp
80484b5: 89 e5 mov %esp,%ebp
80484b7: 53 push %ebx
80484b8: 50 push %eax
80484b9: e8 00 00 00 00 call 80484be <call_gmon_start+0xa>
80484be: 5b pop %ebx
80484bf: 81 c3 8e 11 00 00 add $0x118e,%ebx
80484c5: 8b 83 28 00 00 00 mov 0x28(%ebx),%eax
80484cb: 85 c0 test %eax,%eax
80484cd: 74 02 je 80484d1 <call_gmon_start+0x1d>
80484cf: ff d0 call *%eax
80484d1: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
80484d4: c9 leave
80484d5: c3 ret
80484d6: 89 f6 mov %esi,%esi
80484d8: 90 nop
80484d9: 90 nop
80484da: 90 nop
80484db: 90 nop
80484dc: 90 nop
80484dd: 90 nop
80484de: 90 nop
80484df: 90 nop
080484e0 <__do_global_dtors_aux>:
80484e0: 55 push %ebp
80484e1: 89 e5 mov %esp,%ebp
80484e3: 83 ec 08 sub $0x8,%esp
80484e6: 8b 15 34 96 04 08 mov 0x8049634,%edx
80484ec: 85 d2 test %edx,%edx
80484ee: 75 49 jne 8048539 <__do_global_dtors_aux+0x59>
80484f0: 8b 15 30 96 04 08 mov 0x8049630,%edx
80484f6: 8b 02 mov (%edx),%eax
80484f8: 85 c0 test %eax,%eax
80484fa: 74 1a je 8048516 <__do_global_dtors_aux+0x36>
80484fc: 8d 74 26 00 lea 0x0(%esi,1),%esi
8048500: 8d 42 04 lea 0x4(%edx),%eax
8048503: a3 30 96 04 08 mov %eax,0x8049630
8048508: ff 12 call *(%edx)
804850a: 8b 15 30 96 04 08 mov 0x8049630,%edx
8048510: 8b 0a mov (%edx),%ecx
8048512: 85 c9 test %ecx,%ecx
8048514: 75 ea jne 8048500 <__do_global_dtors_aux+0x20>
8048516: b8 44 84 04 08 mov $0x8048444,%eax
804851b: 85 c0 test %eax,%eax
804851d: 74 10 je 804852f <__do_global_dtors_aux+0x4f>
804851f: 83 ec 0c sub $0xc,%esp
8048522: 68 38 96 04 08 push $0x8049638
8048527: e8 18 ff ff ff call 8048444 <_init+0x58>
804852c: 83 c4 10 add $0x10,%esp
804852f: b8 01 00 00 00 mov $0x1,%eax
8048534: a3 34 96 04 08 mov %eax,0x8049634
8048539: 89 ec mov %ebp,%esp
804853b: 5d pop %ebp
804853c: c3 ret
804853d: 8d 76 00 lea 0x0(%esi),%esi
08048540 <fini_dummy>:
8048540: 55 push %ebp
8048541: 89 e5 mov %esp,%ebp
8048543: 83 ec 08 sub $0x8,%esp
8048546: 89 ec mov %ebp,%esp
8048548: 5d pop %ebp
8048549: c3 ret
804854a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
08048550 <frame_dummy>:
8048550: 55 push %ebp
8048551: b8 24 84 04 08 mov $0x8048424,%eax
8048556: 89 e5 mov %esp,%ebp
8048558: 83 ec 08 sub $0x8,%esp
804855b: 85 c0 test %eax,%eax
804855d: 74 15 je 8048574 <frame_dummy+0x24>
804855f: 83 ec 08 sub $0x8,%esp
8048562: 68 4c 97 04 08 push $0x804974c
8048567: 68 38 96 04 08 push $0x8049638
804856c: e8 b3 fe ff ff call 8048424 <_init+0x38>
8048571: 83 c4 10 add $0x10,%esp
8048574: 89 ec mov %ebp,%esp
8048576: 5d pop %ebp
8048577: c3 ret
8048578: 90 nop
8048579: 8d b4 26 00 00 00 00 lea 0x0(%esi,1),%esi
08048580 <init_dummy>:
8048580: 55 push %ebp
8048581: 89 e5 mov %esp,%ebp
8048583: 83 ec 08 sub $0x8,%esp
8048586: 89 ec mov %ebp,%esp
8048588: 5d pop %ebp
8048589: c3 ret
804858a: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
08048590 <main>:
8048590: 55 push %ebp
8048591: 89 e5 mov %esp,%ebp
8048593: 83 ec 08 sub $0x8,%esp
8048596: e8 79 fe ff ff call 8048414 <_init+0x28>
804859b: e8 94 fe ff ff call 8048434 <_init+0x48>
80485a0: 83 ec 0c sub $0xc,%esp
80485a3: ff 35 48 97 04 08 pushl 0x8049748
80485a9: e8 b6 fe ff ff call 8048464 <_init+0x78>
80485ae: 83 c4 10 add $0x10,%esp
80485b1: b8 00 00 00 00 mov $0x0,%eax
80485b6: c9 leave
80485b7: c3 ret
80485b8: 90 nop
80485b9: 90 nop
80485ba: 90 nop
80485bb: 90 nop
80485bc: 90 nop
80485bd: 90 nop
80485be: 90 nop
80485bf: 90 nop
080485c0 <__do_global_ctors_aux>:
80485c0: 55 push %ebp
80485c1: 89 e5 mov %esp,%ebp
80485c3: 53 push %ebx
80485c4: 83 ec 04 sub $0x4,%esp
80485c7: a1 3c 96 04 08 mov 0x804963c,%eax
80485cc: bb 3c 96 04 08 mov $0x804963c,%ebx
80485d1: 83 f8 ff cmp $0xffffffff,%eax
80485d4: 74 16 je 80485ec <__do_global_ctors_aux+0x2c>
80485d6: 8d 76 00 lea 0x0(%esi),%esi
80485d9: 8d bc 27 00 00 00 00 lea 0x0(%edi,1),%edi
80485e0: 83 eb 04 sub $0x4,%ebx
80485e3: ff d0 call *%eax
80485e5: 8b 03 mov (%ebx),%eax
80485e7: 83 f8 ff cmp $0xffffffff,%eax
80485ea: 75 f4 jne 80485e0 <__do_global_ctors_aux+0x20>
80485ec: 58 pop %eax
80485ed: 5b pop %ebx
80485ee: 5d pop %ebp
80485ef: c3 ret
080485f0 <init_dummy>:
80485f0: 55 push %ebp
80485f1: 89 e5 mov %esp,%ebp
80485f3: 83 ec 08 sub $0x8,%esp
80485f6: 89 ec mov %ebp,%esp
80485f8: 5d pop %ebp
80485f9: c3 ret
80485fa: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
[root@proxy ~/3]# readelf -a 4
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x8048490
Start of program headers: 52 (bytes into file)
Start of section headers: 11028 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 6
Size of section headers: 40 (bytes)
Number of section headers: 30
Section header string table index: 27
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .interp PROGBITS 080480f4 0000f4 000013 00 A 0 0 1
[ 2] .note.ABI-tag NOTE 08048108 000108 000020 00 A 0 0 4
[ 3] .hash HASH 08048128 000128 000054 04 A 4 0 4
[ 4] .dynsym DYNSYM 0804817c 00017c 000100 10 A 5 1 4
[ 5] .dynstr STRTAB 0804827c 00027c 0000d7 00 A 0 0 1
[ 6] .gnu.version VERSYM 08048354 000354 000020 02 A 4 0 2
[ 7] .gnu.version_r VERNEED 08048374 000374 000030 00 A 5 1 4
[ 8] .rel.dyn REL 080483a4 0003a4 000010 08 A 4 0 4
[ 9] .rel.plt REL 080483b4 0003b4 000038 08 A 4 b 4
[10] .init PROGBITS 080483ec 0003ec 000018 00 AX 0 0 4
[11] .plt PROGBITS 08048404 000404 000080 04 AX 0 0 4
[12] .text PROGBITS 08048490 000490 000170 00 AX 0 0 16
[13] .fini PROGBITS 08048600 000600 00001e 00 AX 0 0 4
[14] .rodata PROGBITS 08048620 000620 000008 00 A 0 0 4
[15] .data PROGBITS 08049628 000628 000010 00 WA 0 0 4
[16] .eh_frame PROGBITS 08049638 000638 000004 00 WA 0 0 4
[17] .ctors PROGBITS 0804963c 00063c 000008 00 WA 0 0 4
[18] .dtors PROGBITS 08049644 000644 000008 00 WA 0 0 4
[19] .got PROGBITS 0804964c 00064c 00002c 04 WA 0 0 4
[20] .dynamic DYNAMIC 08049678 000678 0000d0 08 WA 5 0 4
[21] .sbss PROGBITS 08049748 000748 000000 00 W 0 0 1
[22] .bss NOBITS 08049748 000748 00001c 00 WA 0 0 4
[23] .stab PROGBITS 00000000 000748 0007a4 0c 24 0 4
[24] .stabstr STRTAB 00000000 000eec 001983 00 0 0 1
[25] .comment PROGBITS 00000000 00286f 000144 00 0 0 1
[26] .note NOTE 00000000 0029b3 000078 00 0 0 1
[27] .shstrtab STRTAB 00000000 002a2b 0000e9 00 0 0 1
[28] .symtab SYMTAB 00000000 002fc4 000510 10 29 3b 4
[29] .strtab STRTAB 00000000 0034d4 00022e 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x08048034 0x08048034 0x000c0 0x000c0 R E 0x4
INTERP 0x0000f4 0x080480f4 0x080480f4 0x00013 0x00013 R 0x1
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD 0x000000 0x08048000 0x08048000 0x00628 0x00628 R E 0x1000
LOAD 0x000628 0x08049628 0x08049628 0x00120 0x0013c RW 0x1000
DYNAMIC 0x000678 0x08049678 0x08049678 0x000d0 0x000d0 RW 0x4
NOTE 0x000108 0x08048108 0x08048108 0x00020 0x00020 R 0x4
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata
03 .data .eh_frame .ctors .dtors .got .dynamic .bss
04 .dynamic
05 .note.ABI-tag
Dynamic segment at offset 0x678 contains 21 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [1.so]
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000c (INIT) 0x80483ec
0x0000000d (FINI) 0x8048600
0x00000004 (HASH) 0x8048128
0x00000005 (STRTAB) 0x804827c
0x00000006 (SYMTAB) 0x804817c
0x0000000a (STRSZ) 193 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000015 (DEBUG) 0x0
0x00000003 (PLTGOT) 0x804964c
0x00000002 (PLTRELSZ) 56 (bytes)
0x00000014 (PLTREL) REL
0x00000017 (JMPREL) 0x80483b4
0x00000011 (REL) 0x80483a4
0x00000012 (RELSZ) 16 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x6ffffffe (VERNEED) 0x8048374
0x6fffffff (VERNEEDNUM) 1
0x6ffffff0 (VERSYM) 0x8048354
0x00000000 (NULL) 0x0
Relocation section '.rel.dyn' at offset 0x3a4 contains 2 entries:
Offset Info Type Symbol's Value Symbol's Name
08049674 00f06 R_386_GLOB_DAT 00000000 __gmon_start__
08049748 00105 R_386_COPY 08049748 t
Relocation section '.rel.plt' at offset 0x3b4 contains 7 entries:
Offset Info Type Symbol's Value Symbol's Name
08049658 00307 R_386_JUMP_SLOT 08048414 f
0804965c 00407 R_386_JUMP_SLOT 08048424 __register_frame_info
08049660 00507 R_386_JUMP_SLOT 08048434 g
08049664 00607 R_386_JUMP_SLOT 08048444 __deregister_frame_info
08049668 00807 R_386_JUMP_SLOT 08048454 __libc_start_main
0804966c 00907 R_386_JUMP_SLOT 08048464 printf
08049670 00a07 R_386_JUMP_SLOT 08048474 __cxa_finalize
There are no unwind sections in this file.
Symbol table '.dynsym' contains 16 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 08049748 4 OBJECT GLOBAL DEFAULT 22 t
2: 08049678 0 OBJECT GLOBAL DEFAULT ABS _DYNAMIC
3: 08048414 41 FUNC GLOBAL DEFAULT UND f
4: 08048424 129 FUNC WEAK DEFAULT UND __register_frame_info@GLIBC_2.0 (2)
5: 08048434 43 FUNC GLOBAL DEFAULT UND g
6: 08048444 172 FUNC WEAK DEFAULT UND __deregister_frame_info@GLIBC_2.0 (2)
7: 08049748 0 OBJECT GLOBAL DEFAULT ABS __bss_start
8: 08048454 202 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (2)
9: 08048464 50 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.0 (2)
10: 08048474 157 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.1.3 (3)
11: 08049748 0 OBJECT GLOBAL DEFAULT ABS _edata
12: 0804964c 0 OBJECT GLOBAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_
13: 08049764 0 OBJECT GLOBAL DEFAULT ABS _end
14: 08048624 4 OBJECT GLOBAL DEFAULT 14 _IO_stdin_used
15: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
Symbol table '.symtab' contains 81 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 080480f4 0 SECTION LOCAL DEFAULT 1
2: 08048108 0 SECTION LOCAL DEFAULT 2
3: 08048128 0 SECTION LOCAL DEFAULT 3
4: 0804817c 0 SECTION LOCAL DEFAULT 4
5: 0804827c 0 SECTION LOCAL DEFAULT 5
6: 08048354 0 SECTION LOCAL DEFAULT 6
7: 08048374 0 SECTION LOCAL DEFAULT 7
8: 080483a4 0 SECTION LOCAL DEFAULT 8
9: 080483b4 0 SECTION LOCAL DEFAULT 9
10: 080483ec 0 SECTION LOCAL DEFAULT 10
11: 08048404 0 SECTION LOCAL DEFAULT 11
12: 08048490 0 SECTION LOCAL DEFAULT 12
13: 08048600 0 SECTION LOCAL DEFAULT 13
14: 08048620 0 SECTION LOCAL DEFAULT 14
15: 08049628 0 SECTION LOCAL DEFAULT 15
16: 08049638 0 SECTION LOCAL DEFAULT 16
17: 0804963c 0 SECTION LOCAL DEFAULT 17
18: 08049644 0 SECTION LOCAL DEFAULT 18
19: 0804964c 0 SECTION LOCAL DEFAULT 19
20: 08049678 0 SECTION LOCAL DEFAULT 20
21: 08049748 0 SECTION LOCAL DEFAULT 21
22: 08049748 0 SECTION LOCAL DEFAULT 22
23: 00000000 0 SECTION LOCAL DEFAULT 23
24: 00000000 0 SECTION LOCAL DEFAULT 24
25: 00000000 0 SECTION LOCAL DEFAULT 25
26: 00000000 0 SECTION LOCAL DEFAULT 26
27: 00000000 0 SECTION LOCAL DEFAULT 27
28: 00000000 0 SECTION LOCAL DEFAULT 28
29: 00000000 0 SECTION LOCAL DEFAULT 29
30: 00000000 0 FILE LOCAL DEFAULT ABS initfini.c
31: 080484b4 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
32: 080484b4 0 FUNC LOCAL DEFAULT 12 call_gmon_start
33: 00000000 0 FILE LOCAL DEFAULT ABS init.c
34: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
35: 080484e0 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
36: 08049630 0 OBJECT LOCAL DEFAULT 15 p.0
37: 08049644 0 OBJECT LOCAL DEFAULT 18 __DTOR_LIST__
38: 08049634 0 OBJECT LOCAL DEFAULT 15 completed.1
39: 080484e0 0 FUNC LOCAL DEFAULT 12 __do_global_dtors_aux
40: 08049638 0 OBJECT LOCAL DEFAULT 16 __EH_FRAME_BEGIN__
41: 08048540 0 FUNC LOCAL DEFAULT 12 fini_dummy
42: 0804974c 24 OBJECT LOCAL DEFAULT 22 object.2
43: 08048550 0 FUNC LOCAL DEFAULT 12 frame_dummy
44: 08048580 0 FUNC LOCAL DEFAULT 12 init_dummy
45: 08049638 0 OBJECT LOCAL DEFAULT 15 force_to_data
46: 0804963c 0 OBJECT LOCAL DEFAULT 17 __CTOR_LIST__
47: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
48: 080485c0 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
49: 080485c0 0 FUNC LOCAL DEFAULT 12 __do_global_ctors_aux
50: 08049640 0 OBJECT LOCAL DEFAULT 17 __CTOR_END__
51: 080485f0 0 FUNC LOCAL DEFAULT 12 init_dummy
52: 08049638 0 OBJECT LOCAL DEFAULT 15 force_to_data
53: 08049648 0 OBJECT LOCAL DEFAULT 18 __DTOR_END__
54: 08049638 0 OBJECT LOCAL DEFAULT 16 __FRAME_END__
55: 00000000 0 FILE LOCAL DEFAULT ABS initfini.c
56: 08048600 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
57: 00000000 0 FILE LOCAL DEFAULT ABS 2.c
58: 08048590 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
59: 08049748 4 OBJECT GLOBAL DEFAULT 22 t
60: 08049678 0 OBJECT GLOBAL DEFAULT ABS _DYNAMIC
61: 08048414 41 FUNC GLOBAL DEFAULT UND f
62: 08048424 129 FUNC WEAK DEFAULT UND __register_frame_info@@GLIBC_2.0
63: 08048620 4 NOTYPE GLOBAL DEFAULT 14 _fp_hw
64: 08048434 43 FUNC GLOBAL DEFAULT UND g
65: 080483ec 0 FUNC GLOBAL DEFAULT 10 _init
66: 08048444 172 FUNC WEAK DEFAULT UND __deregister_frame_info@@GLIBC_2.0
67: 08048490 0 FUNC GLOBAL DEFAULT 12 _start
68: 08049748 0 OBJECT GLOBAL DEFAULT ABS __bss_start
69: 08048590 40 FUNC GLOBAL DEFAULT 12 main
70: 08048454 202 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.0
71: 08049628 0 NOTYPE WEAK DEFAULT 15 data_start
72: 08048464 50 FUNC GLOBAL DEFAULT UND printf@@GLIBC_2.0
73: 08048600 0 FUNC GLOBAL DEFAULT 13 _fini
74: 08048474 157 FUNC WEAK DEFAULT UND __cxa_finalize@@GLIBC_2.1.3
75: 08049748 0 OBJECT GLOBAL DEFAULT ABS _edata
76: 0804964c 0 OBJECT GLOBAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_
77: 08049764 0 OBJECT GLOBAL DEFAULT ABS _end
78: 08048624 4 OBJECT GLOBAL DEFAULT 14 _IO_stdin_used
79: 08049628 0 NOTYPE GLOBAL DEFAULT 15 __data_start
80: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
Histogram for bucket list length (total of 3 buckets):
Length Number % of total Coverage
0 0 ( 0.0%)
1 0 ( 0.0%) 0.0%
2 0 ( 0.0%) 0.0%
3 1 ( 33.3%) 20.0%
4 0 ( 0.0%) 20.0%
5 0 ( 0.0%) 20.0%
6 2 ( 66.7%) 100.0%
Version symbols section '.gnu.version' contains 16 entries:
Addr: 0000000008048354 Offset: 0x000354 Link: 4 (.dynsym)
000: 0 (*local*) 0 (*local*) 1 (*global*) 0 (*local*)
004: 2 (GLIBC_2.0) 0 (*local*) 2 (GLIBC_2.0) 1 (*global*)
008: 2 (GLIBC_2.0) 2 (GLIBC_2.0) 3 (GLIBC_2.1.3) 1 (*global*)
00c: 1 (*global*) 1 (*global*) 1 (*global*) 0 (*local*)
Version needs section '.gnu.version_r' contains 1 entries:
Addr: 0x0000000008048374 Offset: 0x000374 Link to section: 5 (.dynstr)
000000: Version: 1 File: libc.so.6 Cnt: 2
0x0010: Name: GLIBC_2.1.3 Flags: none Version: 3
0x0020: Name: GLIBC_2.0 Flags: none Version: 2
本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/ruixj/archive/2009/08/04/4407806.aspx