linux中的readelf命令简介

最新推荐文章于 2024-09-29 20:34:34 发布

涛歌依旧

最新推荐文章于 2024-09-29 20:34:34 发布

阅读量1.5w

点赞数 2

分类专栏： s2: 软件进阶 s2: Linux杂项

本文链接：https://blog.csdn.net/stpeace/article/details/47092013

版权

s2: 软件进阶同时被 2 个专栏收录

1053 篇文章 77 订阅

订阅专栏

s2: Linux杂项

461 篇文章 69 订阅

订阅专栏

之前我们玩过file命令，了解了ELF文件，其实就是Executable & Linkable Format, 是一种文件格式，我们常见的目标文件、动态库和可执行文件，都属于这个类型。在本文中，我们仅仅以可执行文件为例来进行介绍readelf命令，这个命令的作用就是读取ELF文件中信息，也可以用man命令窥其全貌。下面，我们一起来看看：

main.c中的内容为：

#include <stdio.h>

int add(int x, int y)
{
	return x + y;
}

int aaa;
int bbb = 1;
char szTest[] = "good";

int main()
{
	int ccc = 2;
	return 0;
}

生成a.out文件，用readelf文件读取一下，得到：

[taoge@localhost learn_readelf]$ gcc main.c
[taoge@localhost learn_readelf]$ strip a.out 
[taoge@localhost learn_readelf]$ readelf -a a.out 
ELF Header:
  Magic:   7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00 
  Class:                             ELF32
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - Linux
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Intel 80386
  Version:                           0x1
  Entry point address:               0x80482e0
  Start of program headers:          52 (bytes into file)
  Start of section headers:          1876 (bytes into file)
  Flags:                             0x0
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         8
  Size of section headers:           40 (bytes)
  Number of section headers:         30
  Section header string table index: 27

Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0  0
  [ 1] .interp           PROGBITS        08048134 000134 000013 00   A  0   0  1
  [ 2] .note.ABI-tag     NOTE            08048148 000148 000020 00   A  0   0  4
  [ 3] .note.gnu.build-i NOTE            08048168 000168 000024 00   A  0   0  4
  [ 4] .gnu.hash         GNU_HASH        0804818c 00018c 000020 04   A  5   0  4
  [ 5] .dynsym           DYNSYM          080481ac 0001ac 000040 10   A  6   1  4
  [ 6] .dynstr           STRTAB          080481ec 0001ec 000045 00   A  0   0  1
  [ 7] .gnu.version      VERSYM          08048232 000232 000008 02   A  5   0  2
  [ 8] .gnu.version_r    VERNEED         0804823c 00023c 000020 00   A  6   1  4
  [ 9] .rel.dyn          REL             0804825c 00025c 000008 08   A  5   0  4
  [10] .rel.plt          REL             08048264 000264 000010 08   A  5  12  4
  [11] .init             PROGBITS        08048274 000274 000030 00  AX  0   0  4
  [12] .plt              PROGBITS        080482a4 0002a4 000030 04  AX  0   0  4
  [13] .text             PROGBITS        080482e0 0002e0 00017c 00  AX  0   0 16
  [14] .fini             PROGBITS        0804845c 00045c 00001c 00  AX  0   0  4
  [15] .rodata           PROGBITS        08048478 000478 00000c 00   A  0   0  4
  [16] .eh_frame_hdr     PROGBITS        08048484 000484 000024 00   A  0   0  4
  [17] .eh_frame         PROGBITS        080484a8 0004a8 00007c 00   A  0   0  4
  [18] .ctors            PROGBITS        08049524 000524 000008 00  WA  0   0  4
  [19] .dtors            PROGBITS        0804952c 00052c 000008 00  WA  0   0  4
  [20] .jcr              PROGBITS        08049534 000534 000004 00  WA  0   0  4
  [21] .dynamic          DYNAMIC         08049538 000538 0000c8 08  WA  6   0  4
  [22] .got              PROGBITS        08049600 000600 000004 04  WA  0   0  4
  [23] .got.plt          PROGBITS        08049604 000604 000014 04  WA  0   0  4
  [24] .data             PROGBITS        08049618 000618 000010 00  WA  0   0  4
  [25] .bss              NOBITS          08049628 000628 00000c 00  WA  0   0  4
  [26] .comment          PROGBITS        00000000 000628 00002d 01  MS  0   0  1
  [27] .shstrtab         STRTAB          00000000 000655 0000fc 00      0   0  1
  [28] .symtab           SYMTAB          00000000 000c04 000440 10     29  45  4
  [29] .strtab           STRTAB          00000000 001044 0001fd 00      0   0  1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)

There are no section groups in this file.

Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  PHDR           0x000034 0x08048034 0x08048034 0x00100 0x00100 R E 0x4
  INTERP         0x000134 0x08048134 0x08048134 0x00013 0x00013 R   0x1
      [Requesting program interpreter: /lib/ld-linux.so.2]
  LOAD           0x000000 0x08048000 0x08048000 0x00524 0x00524 R E 0x1000
  LOAD           0x000524 0x08049524 0x08049524 0x00104 0x00110 RW  0x1000
  DYNAMIC        0x000538 0x08049538 0x08049538 0x000c8 0x000c8 RW  0x4
  NOTE           0x000148 0x08048148 0x08048148 0x00044 0x00044 R   0x4
  GNU_EH_FRAME   0x000484 0x08048484 0x08048484 0x00024 0x00024 R   0x4
  GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x4

 Section to Segment mapping:
  Segment Sections...
   00     
   01     .interp 
   02     .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 
   03     .ctors .dtors .jcr .dynamic .got .got.plt .data .bss 
   04     .dynamic 
   05     .note.ABI-tag .note.gnu.build-id 
   06     .eh_frame_hdr 
   07     

Dynamic section at offset 0x538 contains 20 entries:
  Tag        Type                         Name/Value
 0x00000001 (NEEDED)                     Shared library: [libc.so.6]
 0x0000000c (INIT)                       0x8048274
 0x0000000d (FINI)                       0x804845c
 0x6ffffef5 (GNU_HASH)                   0x804818c
 0x00000005 (STRTAB)                     0x80481ec
 0x00000006 (SYMTAB)                     0x80481ac
 0x0000000a (STRSZ)                      69 (bytes)
 0x0000000b (SYMENT)                     16 (bytes)
 0x00000015 (DEBUG)                      0x0
 0x00000003 (PLTGOT)                     0x8049604
 0x00000002 (PLTRELSZ)                   16 (bytes)
 0x00000014 (PLTREL)                     REL
 0x00000017 (JMPREL)                     0x8048264
 0x00000011 (REL)                        0x804825c
 0x00000012 (RELSZ)                      8 (bytes)
 0x00000013 (RELENT)                     8 (bytes)
 0x6ffffffe (VERNEED)                    0x804823c
 0x6fffffff (VERNEEDNUM)                 1
 0x6ffffff0 (VERSYM)                     0x8048232
 0x00000000 (NULL)                       0x0

Relocation section '.rel.dyn' at offset 0x25c contains 1 entries:
 Offset     Info    Type            Sym.Value  Sym. Name
08049600  00000106 R_386_GLOB_DAT    00000000   __gmon_start__

Relocation section '.rel.plt' at offset 0x264 contains 2 entries:
 Offset     Info    Type            Sym.Value  Sym. Name
08049610  00000107 R_386_JUMP_SLOT   00000000   __gmon_start__
08049614  00000207 R_386_JUMP_SLOT   00000000   __libc_start_main

There are no unwind sections in this file.

Symbol table '.dynsym' contains 4 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
     0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 00000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
     2: 00000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.0 (2)
     3: 0804847c     4 OBJECT  GLOBAL DEFAULT   15 _IO_stdin_used

Symbol table '.symtab' contains 68 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
     0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 08048134     0 SECTION LOCAL  DEFAULT    1 
     2: 08048148     0 SECTION LOCAL  DEFAULT    2 
     3: 08048168     0 SECTION LOCAL  DEFAULT    3 
     4: 0804818c     0 SECTION LOCAL  DEFAULT    4 
     5: 080481ac     0 SECTION LOCAL  DEFAULT    5 
     6: 080481ec     0 SECTION LOCAL  DEFAULT    6 
     7: 08048232     0 SECTION LOCAL  DEFAULT    7 
     8: 0804823c     0 SECTION LOCAL  DEFAULT    8 
     9: 0804825c     0 SECTION LOCAL  DEFAULT    9 
    10: 08048264     0 SECTION LOCAL  DEFAULT   10 
    11: 08048274     0 SECTION LOCAL  DEFAULT   11 
    12: 080482a4     0 SECTION LOCAL  DEFAULT   12 
    13: 080482e0     0 SECTION LOCAL  DEFAULT   13 
    14: 0804845c     0 SECTION LOCAL  DEFAULT   14 
    15: 08048478     0 SECTION LOCAL  DEFAULT   15 
    16: 08048484     0 SECTION LOCAL  DEFAULT   16 
    17: 080484a8     0 SECTION LOCAL  DEFAULT   17 
    18: 08049524     0 SECTION LOCAL  DEFAULT   18 
    19: 0804952c     0 SECTION LOCAL  DEFAULT   19 
    20: 08049534     0 SECTION LOCAL  DEFAULT   20 
    21: 08049538     0 SECTION LOCAL  DEFAULT   21 
    22: 08049600     0 SECTION LOCAL  DEFAULT   22 
    23: 08049604     0 SECTION LOCAL  DEFAULT   23 
    24: 08049618     0 SECTION LOCAL  DEFAULT   24 
    25: 08049628     0 SECTION LOCAL  DEFAULT   25 
    26: 00000000     0 SECTION LOCAL  DEFAULT   26 
    27: 00000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    28: 08049524     0 OBJECT  LOCAL  DEFAULT   18 __CTOR_LIST__
    29: 0804952c     0 OBJECT  LOCAL  DEFAULT   19 __DTOR_LIST__
    30: 08049534     0 OBJECT  LOCAL  DEFAULT   20 __JCR_LIST__
    31: 08048310     0 FUNC    LOCAL  DEFAULT   13 __do_global_dtors_aux
    32: 08049628     1 OBJECT  LOCAL  DEFAULT   25 completed.5963
    33: 0804962c     4 OBJECT  LOCAL  DEFAULT   25 dtor_idx.5965
    34: 08048370     0 FUNC    LOCAL  DEFAULT   13 frame_dummy
    35: 00000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    36: 08049528     0 OBJECT  LOCAL  DEFAULT   18 __CTOR_END__
    37: 08048520     0 OBJECT  LOCAL  DEFAULT   17 __FRAME_END__
    38: 08049534     0 OBJECT  LOCAL  DEFAULT   20 __JCR_END__
    39: 08048430     0 FUNC    LOCAL  DEFAULT   13 __do_global_ctors_aux
    40: 00000000     0 FILE    LOCAL  DEFAULT  ABS main.c
    41: 08049604     0 OBJECT  LOCAL  DEFAULT   23 _GLOBAL_OFFSET_TABLE_
    42: 08049524     0 NOTYPE  LOCAL  DEFAULT   18 __init_array_end
    43: 08049524     0 NOTYPE  LOCAL  DEFAULT   18 __init_array_start
    44: 08049538     0 OBJECT  LOCAL  DEFAULT   21 _DYNAMIC
    45: 08049618     0 NOTYPE  WEAK   DEFAULT   24 data_start
    46: 08049630     4 OBJECT  GLOBAL DEFAULT   25 aaa
    47: 080483c0     5 FUNC    GLOBAL DEFAULT   13 __libc_csu_fini
    48: 080482e0     0 FUNC    GLOBAL DEFAULT   13 _start
    49: 00000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
    50: 00000000     0 NOTYPE  WEAK   DEFAULT  UND _Jv_RegisterClasses
    51: 08048478     4 OBJECT  GLOBAL DEFAULT   15 _fp_hw
    52: 0804845c     0 FUNC    GLOBAL DEFAULT   14 _fini
    53: 00000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@@GLIBC_
    54: 0804847c     4 OBJECT  GLOBAL DEFAULT   15 _IO_stdin_used
    55: 08049618     0 NOTYPE  GLOBAL DEFAULT   24 __data_start
    56: 08048480     0 OBJECT  GLOBAL HIDDEN    15 __dso_handle
    57: 08049530     0 OBJECT  GLOBAL HIDDEN    19 __DTOR_END__
    58: 080483d0    90 FUNC    GLOBAL DEFAULT   13 __libc_csu_init
    59: 08049620     5 OBJECT  GLOBAL DEFAULT   24 szTest
    60: 08048394    14 FUNC    GLOBAL DEFAULT   13 add
    61: 08049628     0 NOTYPE  GLOBAL DEFAULT  ABS __bss_start
    62: 0804961c     4 OBJECT  GLOBAL DEFAULT   24 bbb
    63: 08049634     0 NOTYPE  GLOBAL DEFAULT  ABS _end
    64: 08049628     0 NOTYPE  GLOBAL DEFAULT  ABS _edata
    65: 0804842a     0 FUNC    GLOBAL HIDDEN    13 __i686.get_pc_thunk.bx
    66: 080483a2    20 FUNC    GLOBAL DEFAULT   13 main
    67: 08048274     0 FUNC    GLOBAL DEFAULT   11 _init

Histogram for `.gnu.hash' bucket list length (total of 2 buckets):
 Length  Number     % of total  Coverage
      0  1          ( 50.0%)
      1  1          ( 50.0%)    100.0%

Version symbols section '.gnu.version' contains 4 entries:
 Addr: 0000000008048232  Offset: 0x000232  Link: 5 (.dynsym)
  000:   0 (*local*)       0 (*local*)       2 (GLIBC_2.0)     1 (*global*)   

Version needs section '.gnu.version_r' contains 1 entries:
 Addr: 0x000000000804823c  Offset: 0x00023c  Link: 6 (.dynstr)
  000000: Version: 1  File: libc.so.6  Cnt: 1
  0x0010:   Name: GLIBC_2.0  Flags: none  Version: 2

Notes at offset 0x00000148 with length 0x00000020:
  Owner		Data size	Description
  GNU		0x00000010	NT_GNU_ABI_TAG (ABI version tag)

Notes at offset 0x00000168 with length 0x00000024:
  Owner		Data size	Description
  GNU		0x00000014	NT_GNU_BUILD_ID (unique build ID bitstring)
[taoge@localhost learn_readelf]$

可以看到文件的一些基本信息。对了，我们之前学过strip命令，对a.out来strip，我们将strip前后用readelf得到的结果分别存于a.txt和b.txt中，然后用Windows上的BeyondCompare可视化比较工具进行比较，发现a.txt和b.txt的主要区别是：b.txt比a.txt少了如下内容：

Symbol table '.symtab' contains 68 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
     0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 08048134     0 SECTION LOCAL  DEFAULT    1 
     2: 08048148     0 SECTION LOCAL  DEFAULT    2 
     3: 08048168     0 SECTION LOCAL  DEFAULT    3 
     4: 0804818c     0 SECTION LOCAL  DEFAULT    4 
     5: 080481ac     0 SECTION LOCAL  DEFAULT    5 
     6: 080481ec     0 SECTION LOCAL  DEFAULT    6 
     7: 08048232     0 SECTION LOCAL  DEFAULT    7 
     8: 0804823c     0 SECTION LOCAL  DEFAULT    8 
     9: 0804825c     0 SECTION LOCAL  DEFAULT    9 
    10: 08048264     0 SECTION LOCAL  DEFAULT   10 
    11: 08048274     0 SECTION LOCAL  DEFAULT   11 
    12: 080482a4     0 SECTION LOCAL  DEFAULT   12 
    13: 080482e0     0 SECTION LOCAL  DEFAULT   13 
    14: 0804845c     0 SECTION LOCAL  DEFAULT   14 
    15: 08048478     0 SECTION LOCAL  DEFAULT   15 
    16: 08048484     0 SECTION LOCAL  DEFAULT   16 
    17: 080484a8     0 SECTION LOCAL  DEFAULT   17 
    18: 08049524     0 SECTION LOCAL  DEFAULT   18 
    19: 0804952c     0 SECTION LOCAL  DEFAULT   19 
    20: 08049534     0 SECTION LOCAL  DEFAULT   20 
    21: 08049538     0 SECTION LOCAL  DEFAULT   21 
    22: 08049600     0 SECTION LOCAL  DEFAULT   22 
    23: 08049604     0 SECTION LOCAL  DEFAULT   23 
    24: 08049618     0 SECTION LOCAL  DEFAULT   24 
    25: 08049628     0 SECTION LOCAL  DEFAULT   25 
    26: 00000000     0 SECTION LOCAL  DEFAULT   26 
    27: 00000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    28: 08049524     0 OBJECT  LOCAL  DEFAULT   18 __CTOR_LIST__
    29: 0804952c     0 OBJECT  LOCAL  DEFAULT   19 __DTOR_LIST__
    30: 08049534     0 OBJECT  LOCAL  DEFAULT   20 __JCR_LIST__
    31: 08048310     0 FUNC    LOCAL  DEFAULT   13 __do_global_dtors_aux
    32: 08049628     1 OBJECT  LOCAL  DEFAULT   25 completed.5963
    33: 0804962c     4 OBJECT  LOCAL  DEFAULT   25 dtor_idx.5965
    34: 08048370     0 FUNC    LOCAL  DEFAULT   13 frame_dummy
    35: 00000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    36: 08049528     0 OBJECT  LOCAL  DEFAULT   18 __CTOR_END__
    37: 08048520     0 OBJECT  LOCAL  DEFAULT   17 __FRAME_END__
    38: 08049534     0 OBJECT  LOCAL  DEFAULT   20 __JCR_END__
    39: 08048430     0 FUNC    LOCAL  DEFAULT   13 __do_global_ctors_aux
    40: 00000000     0 FILE    LOCAL  DEFAULT  ABS main.c
    41: 08049604     0 OBJECT  LOCAL  DEFAULT   23 _GLOBAL_OFFSET_TABLE_
    42: 08049524     0 NOTYPE  LOCAL  DEFAULT   18 __init_array_end
    43: 08049524     0 NOTYPE  LOCAL  DEFAULT   18 __init_array_start
    44: 08049538     0 OBJECT  LOCAL  DEFAULT   21 _DYNAMIC
    45: 08049618     0 NOTYPE  WEAK   DEFAULT   24 data_start
    46: 08049630     4 OBJECT  GLOBAL DEFAULT   25 aaa
    47: 080483c0     5 FUNC    GLOBAL DEFAULT   13 __libc_csu_fini
    48: 080482e0     0 FUNC    GLOBAL DEFAULT   13 _start
    49: 00000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
    50: 00000000     0 NOTYPE  WEAK   DEFAULT  UND _Jv_RegisterClasses
    51: 08048478     4 OBJECT  GLOBAL DEFAULT   15 _fp_hw
    52: 0804845c     0 FUNC    GLOBAL DEFAULT   14 _fini
    53: 00000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@@GLIBC_
    54: 0804847c     4 OBJECT  GLOBAL DEFAULT   15 _IO_stdin_used
    55: 08049618     0 NOTYPE  GLOBAL DEFAULT   24 __data_start
    56: 08048480     0 OBJECT  GLOBAL HIDDEN    15 __dso_handle
    57: 08049530     0 OBJECT  GLOBAL HIDDEN    19 __DTOR_END__
    58: 080483d0    90 FUNC    GLOBAL DEFAULT   13 __libc_csu_init
    59: 08049620     5 OBJECT  GLOBAL DEFAULT   24 szTest
    60: 08048394    14 FUNC    GLOBAL DEFAULT   13 add
    61: 08049628     0 NOTYPE  GLOBAL DEFAULT  ABS __bss_start
    62: 0804961c     4 OBJECT  GLOBAL DEFAULT   24 bbb
    63: 08049634     0 NOTYPE  GLOBAL DEFAULT  ABS _end
    64: 08049628     0 NOTYPE  GLOBAL DEFAULT  ABS _edata
    65: 0804842a     0 FUNC    GLOBAL HIDDEN    13 __i686.get_pc_thunk.bx
    66: 080483a2    20 FUNC    GLOBAL DEFAULT   13 main
    67: 08048274     0 FUNC    GLOBAL DEFAULT   11 _init

我们看看，这里面不就一些符号信息么？比如add, aaa, bbb, szTest等。也就是说， strip之后，这些东西没有了。恩，没错，你应该想起来了，之前说过， strip之后，nm不到结果（就因为strip过）。我们再次来验证一下：

[taoge@localhost learn_readelf]$ file a.out 
a.out: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
[taoge@localhost learn_readelf]$ nm a.out 
nm: a.out: no symbols
[taoge@localhost learn_readelf]$

readelf就是为了读取ELF文件的信息，具体每个字段的含义，我就不细说了。