Linux下ELF文件类型分为以下几种:
1、可重定位文件,例如SimpleSection.o;
2、可执行文件,例如/bin/bash;
3、共享目标文件,例如/lib/libc.so。
再接下来的文章中,我们会使用objdump,readelf,hexdump,nm等来分析一个Linux中可重定位文件SimpleSection.o。
首先附上SimpleSection.c源代码:
int printf( const char* format, ... );
int global_init_var = 84;
int global_uninit_var;
void func1( int i )
{
printf( "%d\n", i );
}
int main(void)
{
static int static_var = 85;
static int static_var2;
int a = 1;
int b;
func1( static_var + static_var2 + a + b );
return a;
}
使用命令:
gcc -c SimpleSection.c
得到SimpleSection.o,下面我们首先附上SimpleSection.o的二进制内容以及整体轮廓。
使用命令:
hexdump -C SimpleSection.o,得到SimpleSection.o的二进制内容。
计算机科学中,二进制0 1可以代表代码,字母,数字(十进制数和十六进制数)。
00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 01 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 |..>.............|
00000020 00 00 00 00 00 00 00 00 88 01 00 00 00 00 00 00 |................|
00000030 00 00 00 00 40 00 00 00 00 00 40 00 0d 00 0a 00 |....@.....@.....|
00000040 55 48 89 e5 48 83 ec 10 89 7d fc 8b 45 fc 89 c6 |UH..H....}..E...|
00000050 bf 00 00 00 00 b8 00 00 00 00 e8 00 00 00 00 c9 |................|
00000060 c3 55 48 89 e5 48 83 ec 10 c7 45 f8 01 00 00 00 |.UH..H....E.....|
00000070 8b 15 00 00 00 00 8b 05 00 00 00 00 01 d0 03 45 |...............E|
00000080 f8 03 45 fc 89 c7 e8 00 00 00 00 8b 45 f8 c9 c3 |..E.........E...|
00000090 54 00 00 00 55 00 00 00 25 64 0a 00 00 47 43 43 |T...U...%d...GCC|
000000a0 3a 20 28 55 62 75 6e 74 75 2f 4c 69 6e 61 72 6f |: (Ubuntu/Linaro|
000000b0 20 34 2e 36 2e 33 2d 31 75 62 75 6e 74 75 35 29 | 4.6.3-1ubuntu5)|
000000c0 20 34 2e 36 2e 33 00 00 14 00 00 00 00 00 00 00 | 4.6.3..........|
000000d0 01 7a 52 00 01 78 10 01 1b 0c 07 08 90 01 00 00 |.zR..x..........|
000000e0 1c 00 00 00 1c 00 00 00 00 00 00 00 21 00 00 00 |............!...|
000000f0 00 41 0e 10 86 02 43 0d 06 5c 0c 07 08 00 00 00 |.A....C..\......|
00000100 1c 00 00 00 3c 00 00 00 00 00 00 00 2f 00 00 00 |....<......./...|
00000110 00 41 0e 10 86 02 43 0d 06 6a 0c 07 08 00 00 00 |.A....C..j......|
00000120 00 2e 73 79 6d 74 61 62 00 2e 73 74 72 74 61 62 |..symtab..strtab|
00000130 00 2e 73 68 73 74 72 74 61 62 00 2e 72 65 6c 61 |..shstrtab..rela|
00000140 2e 74 65 78 74 00 2e 64 61 74 61 00 2e 62 73 73 |.text..data..bss|
00000150 00 2e 72 6f 64 61 74 61 00 2e 63 6f 6d 6d 65 6e |..rodata..commen|
00000160 74 00 2e 6e 6f 74 65 2e 47 4e 55 2d 73 74 61 63 |t..note.GNU-stac|
00000170 6b 00 2e 72 65 6c 61 2e 65 68 5f 66 72 61 6d 65 |k..rela.eh_frame|
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001c0 00 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 |........ .......|
000001d0 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001e0 40 00 00 00 00 00 00 00 50 00 00 00 00 00 00 00 |@.......P.......|
000001f0 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|
00000200 00 00 00 00 00 00 00 00 1b 00 00 00 04 00 00 00 |................|
00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000220 b0 06 00 00 00 00 00 00 78 00 00 00 00 00 00 00 |........x.......|
00000230 0b 00 00 00 01 00 00 00 08 00 00 00 00 00 00 00 |................|
00000240 18 00 00 00 00 00 00 00 26 00 00 00 01 00 00 00 |........&.......|
00000250 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000260 90 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 |................|
00000270 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|
00000280 00 00 00 00 00 00 00 00 2c 00 00 00 08 0