节区头表
节区头的数据结构为Elf32_Shdr,大小为40字节,其数据结构如下:
/* Section header. */
typedef struct
{
Elf32_Word sh_name; /* Section name (string tbl index) */
Elf32_Word sh_type; /* Section type */
Elf32_Word sh_flags; /* Section flags */
Elf32_Addr sh_addr; /* Section virtual addr at execution */
Elf32_Off sh_offset; /* Section file offset */
Elf32_Word sh_size; /* Section size in bytes */
Elf32_Word sh_link; /* Link to another section */
Elf32_Word sh_info; /* Additional section information */
Elf32_Word sh_addralign; /* Section alignment */
Elf32_Word sh_entsize; /* Entry size if section holds table */
} Elf32_Shdr;
注意:32bit和64bit的节区头没有实质性区别
sh_name
该成员的值为一个指向节区头字符表节的索引,通过该索引可以在节区头字符表节中找到节区的名称。
本文实例中,由手拆ELF一得知字符表的的索引为0x001c(文件头的e_shstrndx成员),即SectionHeaderTable[0x1c] = SectionHeaderTable[28],对应为.shstrtab,通过.shstrtab的sh_offset成员找到节区首地址p(本文实际案例中char *p = 0x18ab),通过p[sh_name]即p[0x1b]可找到对应的节区名称。
sh_type
该成员归类节区的内容和语义,标明节区是什么类型,有什么作用。
/* Legal values for sh_type (section type). */
#define SHT_NULL 0 /* Section header table entry unused */
#define SHT_PROGBITS 1 /* Program data */
#define SHT_SYMTAB 2 /* Symbol table */
#define SHT_STRTAB 3 /* String table */
#define SHT_RELA 4 /* Relocation entries with addends */
#define SHT_HASH 5 /* Symbol hash table */
#define SHT_DYNAMIC 6 /* Dynamic linking information */
#define SHT_NOTE 7 /* Notes */
#define SHT_NOBITS 8 /* Program space with no data (bss) */
#define SHT_REL 9 /* Relocation entries, no addends */
#define SHT_SHLIB 10 /* Reserved */
#define SHT_DYNSYM 11 /* Dynamic linker symbol table */
#define SHT_INIT_ARRAY 14 /* Array of constructors */
#define SHT_FINI_ARRAY 15 /* Array of destructors */
#define SHT_PREINIT_ARRAY 16 /* Array of pre-constructors */
#define SHT_GROUP 17 /* Section group */
#define SHT_SYMTAB_SHNDX 18 /* Extended section indeces */
#define SHT_NUM 19 /* Number of defined types. */
#define SHT_LOOS 0x60000000 /* Start OS-specific. */
#define SHT_GNU_ATTRIBUTES 0x6ffffff5 /* Object attributes. */
#define SHT_GNU_HASH 0x6ffffff6 /* GNU-style hash table. */
#define SHT_GNU_LIBLIST 0x6ffffff7 /* Prelink library list */
#define SHT_CHECKSUM 0x6ffffff8 /* Checksum for DSO content. */
#define SHT_LOSUNW 0x6ffffffa /* Sun-specific low bound. */
#define SHT_SUNW_move 0x6ffffffa
#define SHT_SUNW_COMDAT 0x6ffffffb
#define SHT_SUNW_syminfo 0x6ffffffc
#define SHT_GNU_verdef 0x6ffffffd /* Version definition section. */
#define SHT_GNU_verneed 0x6ffffffe /* Version needs section. */
#define SHT_GNU_versym 0x6fffffff /* Version symbol table. */
#define SHT_HISUNW 0x6fffffff /* Sun-specific high bound. */
#define SHT_HIOS 0x6fffffff /* End OS-specific type */
#define SHT_LOPROC 0x70000000 /* Start of processor-specific */
#define SHT_HIPROC 0x7fffffff /* End of processor-specific */
#define SHT_LOUSER 0x80000000 /* Start of application-specific */
#define SHT_HIUSER 0x8fffffff /* End of application-specific */
| macro | description |
|---|---|
| SHT_NULL | This value marks the section header as inactive. It does not have an associated section. Other members of the section header have undefined values. |
| SHT_PROGBITS | This section holds information defined by the program, whose format and meaning are determined solely by the program. |
| SHT_SYMTAB | This section holds a symbol table. Typically, SHT_SYMTAB provides symbols for link editing, though it may also be used for dynamic linking. As a complete symbol table, it may contain many symbols unnecessary for dynamic linking. An object file can also contain a SHT_DYNSYM section. |
| SHT_STRTAB | This section holds a string table. An object file may have multiple string table sections. |
| SHT_RELA | This section holds relocation entries with explicit addends, such as type Elf32_Rela for the 32-bit class of object files. An object may have multiple relocation sections. |
| SHT_HASH | This section holds a symbol hash table. An object participating in dynamic linking must contain a symbol hash table. An object file may have only one hash table. |
| SHT_DYNAMIC | This section holds information for dynamic linking. An object file may have only one dynamic section. |
| SHT_NOTE | This section holds information that marks the file in some way. |
| SHT_NOBITS | A section of this type occupies no space in the file but otherwise resembles SHT_PROGBITS. Although this section contains no bytes, the sh_offset member contains the conceptual file offset. |
| SHT_REL | This section holds relocation offsets without explicit addends, such as type Elf32_Rel for the 32-bit class of object files. An object file may have multiple relocation sections. |
| SHT_SHLIB | This section is reserved but has unspecified semantics. |
| SHT_DYNSYM | This section holds a minimal set of dynamic linking symbols. An object file can also contain a SHT_SYMTAB section. |
| SHT_LOPROC | This value up to and including SHT_HIPROC is reserved for processor-specific semantics. |
| SHT_HIPROC | This value down to and including SHT_LOPROC is reserved for processor-specific semantics. |
| SHT_LOUSER | This value specifies the lower bound of the range of indices reserved for application programs. |
| SHT_HIUSER | This value specifies the upper bound of the range of indices reserved for application programs. Section types between SHT_LOUSER and SHT_HIUSER may be used by the application, without conflicting with current or future system-defined section types. |
sh_flags
Sections support one-bit flags that describe miscellaneous attributes. If a flag bit is set in sh_flags, the attribute is “on” for the section. Otherwise, the attribute is “off” or does not apply. Undefined attributes are set to zero.
/* Legal values for sh_flags (section flags). */
#define SHF_WRITE (1 << 0) /* Writable */
#define SHF_ALLOC (1 << 1) /* Occupies memory during execution */
#define SHF_EXECINSTR (1 << 2) /* Executable */
#define SHF_MERGE (1 << 4) /* Might be merged */
#define SHF_STRINGS (1 << 5) /* Contains nul-terminated strings */
#define SHF_INFO_LINK (1 << 6) /* `sh_info' contains SHT index */
#define SHF_LINK_ORDER (1 << 7) /* Preserve order after combining */
#define SHF_OS_NONCONFORMING (1 << 8) /* Non-standard OS specific handling
required */
#define SHF_GROUP (1 << 9) /* Section is member of a group. */
#define SHF_TLS (1 << 10) /* Section hold thread-local data. */
#define SHF_COMPRESSED (1 << 11) /* Section with compressed data. */
#define SHF_MASKOS 0x0ff00000 /* OS-specific. */
#define SHF_MASKPROC 0xf0000000 /* Processor-specific */
#define SHF_ORDERED (1 << 30) /* Special ordering requirement
(Solaris). */
#define SHF_EXCLUDE (1U << 31) /* Section is excluded unless
referenced or allocated (Solaris).*/
| macro | description |
|---|---|
| SHF_WRITE | This section contains data that should be writable during process execution. |
| SHF_ALLOC | This section occupies memory during process execution. Some control sections do not reside in the memory image of an object file. This attribute is off for those sections. |
| SHF_EXECINSTR | This section contains executable machine instructions. |
| SHF_MASKPROC | All bits included in this mask are reserved for processor-specific semantics. |
sh_addr
If this section appears in the memory image of a process, this member holds the address at which the section’s first byte should reside. Otherwise, the member contains zero.
sh_offset
This member’s value holds the byte offset from the beginning of the file to the first byte in the section. One section type, SHT_NOBITS, occupies no space in the file, and its sh_offset member locates the conceptual placement in the file.
sh_size
This member holds the section’s size in bytes. Unless the section type is SHT_NOBITS, the section occupies sh_size bytes in the file. A section of type SHT_NOBITS may have a nonzero size, but it occupies no space in the file.
sh_link
This member holds a section header table index link, whose interpretation depends on the section type.
sh_info
This member holds extra information, whose interpretation depends on the section type.
sh_addralign
Some sections have address alignment constraints. If a section holds a doubleword, the system must ensure doubleword alignment for the entire section. That is, the value of sh_addr must be congruent to zero, modulo the value of sh_addralign. Only zero and positive integral powers of two are allowed. Values of zero or one mean the section has no alignment constraints.
sh_entsize
Some sections hold a table of fixed-sized entries, such as a symbol table. For such a section, this member gives the size in bytes for each entry. This member contains zero if the section does not hold a table of fixed-size entries.
实例
手拆ELF(一) 知道节区表的偏移地址为0x000019a8,节区头大小为40字节,有29个节区头,节区头表大小为29*40=1160=0x488字节。
young@ubuntu:~/c/elf$ readelf -S elf32
There are 29 section headers, starting at offset 0x19a8:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .interp PROGBITS 00000154 000154 000013 00 A 0 0 1
[ 2] .note.ABI-tag NOTE 00000168 000168 000020 00 A 0 0 4
[ 3] .note.gnu.build-i NOTE 00000188 000188 000024 00 A 0 0 4
[ 4] .gnu.hash GNU_HASH 000001ac 0001ac 000020 04 A 5 0 4
[ 5] .dynsym DYNSYM 000001cc 0001cc 000130 10 A 6 1 4
[ 6] .dynstr STRTAB 000002fc 0002fc 000136 00 A 0 0 1
[ 7] .gnu.version VERSYM 00000432 000432 000026 02 A 5 0 2
[ 8] .gnu.version_r VERNEED 00000458 000458 0000a0 00 A 6 3 4
[ 9] .rel.dyn REL 000004f8 0004f8 000040 08 A 5 0 4
[10] .rel.plt REL 00000538 000538 000068 08 AI 5 22 4
[11] .init PROGBITS 000005a0 0005a0 000023 00 AX 0 0 4
[12] .plt PROGBITS 000005d0 0005d0 0000e0 04 AX 0 0 16
[13] .plt.got PROGBITS 000006b0 0006b0 000010 08 AX 0 0 8
[14] .text PROGBITS 000006c0 0006c0 000434 00 AX 0 0 16
[15] .fini PROGBITS 00000af4 000af4 000014 00 AX 0 0 4
[16] .rodata PROGBITS 00000b08 000b08 000089 00 A 0 0 4
[17] .eh_frame_hdr PROGBITS 00000b94 000b94 00005c 00 A 0 0 4
[18] .eh_frame PROGBITS 00000bf0 000bf0 000180 00 A 0 0 4
[19] .init_array INIT_ARRAY 00001e9c 000e9c 000004 04 WA 0 0 4
[20] .fini_array FINI_ARRAY 00001ea0 000ea0 000004 04 WA 0 0 4
[21] .dynamic DYNAMIC 00001ea4 000ea4 000108 08 WA 6 0 4
[22] .got PROGBITS 00001fac 000fac 000054 04 WA 0 0 4
[23] .data PROGBITS 00002000 001000 000008 00 WA 0 0 4
[24] .bss NOBITS 00002008 001008 000004 00 WA 0 0 1
[25] .comment PROGBITS 00000000 001008 000029 01 MS 0 0 1
[26] .symtab SYMTAB 00000000 001034 000520 10 27 43 4
[27] .strtab STRTAB 00000000 001554 000357 00 0 0 1
[28] .shstrtab STRTAB 00000000 0018ab 0000fc 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
p (processor specific)
| 节区名称 | 描述 |
|---|---|
| .interp |
| 节区类型 | 描述 |
|---|---|
| NULL | |
| DYNSYM | |
| GUN_HASH | |
| PROGBITS | |
| INIT_ARRAY | |
| FINIT_ARRAY | |
| NOBITS | |
| NOTE | |
| REL | |
| SYMTAB | |
| VERNEED | |
| VERSYM |
183
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
