readelf命令用来查看ELF文件,Linux系统中的目标文件,可执行文件,以及.s0动态链接库,都是ELF文件格式。
-S(大写)
汇总显示ELF文件的所有section header的信息
$ readelf -S hh1.o
There are 12 section headers, starting at offset 0x21c:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 00000000 000034 000020 00 AX 0 0 4
[ 2] .rel.text REL 00000000 0001a8 000010 08 I 9 1 4
[ 3] .data PROGBITS 00000000 000054 000000 00 WA 0 0 1
[ 4] .bss NOBITS 00000000 000054 000000 00 WA 0 0 1
[ 5] .rodata PROGBITS 00000000 000054 000006 00 A 0 0 4
[ 6] .comment PROGBITS 00000000 00005a 000024 01 MS 0 0 1
[ 7] .note.GNU-stack PROGBITS 00000000 00007e 000000 00 0 0 1
[ 8] .ARM.attributes ARM_ATTRIBUTES 00000000 00007e 00002f 00 0 0 1
[ 9] .symtab SYMTAB 00000000 0000b0 0000e0 10 10 12 4
[10] .strtab STRTAB 00000000 000190 000017 00 0 0 1
[11] .shstrtab STRTAB 00000000 0001b8 000061 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
y (purecode), p (processor specific)
-t
详细显示section header
$ readelf -t hh1.o
There are 12 section headers, starting at offset 0x21c:
Section Headers:
[Nr] Name
Type Addr Off Size ES Lk Inf Al
Flags
[ 0]
NULL 00000000 000000 000000 00 0 0 0
[00000000]:
[ 1] .text
PROGBITS 00000000 000034 000020 00 0 0 4
[00000006]: ALLOC, EXEC
[ 2] .rel.text
REL 00000000 0001a8 000010 08 9 1 4
[00000040]: INFO LINK
[ 3] .data
PROGBITS 00000000 000054 000000 00 0 0 1
[00000003]: WRITE, ALLOC
[ 4] .bss
NOBITS 00000000 000054 000000 00 0 0 1
[00000003]: WRITE, ALLOC
[ 5] .rodata
PROGBITS 00000000 000054 000006 00 0 0 4
[00000002]: ALLOC
[ 6] .comment
PROGBITS 00000000 00005a 000024 01 0 0 1
[00000030]: MERGE, STRINGS
[ 7] .note.GNU-stack
PROGBITS 00000000 00007e 000000 00 0 0 1
[00000000]:
[ 8] .ARM.attributes
ARM_ATTRIBUTES 00000000 00007e 00002f 00 0 0 1
[00000000]:
[ 9] .symtab
SYMTAB 00000000 0000b0 0000e0 10 10 12 4
[00000000]:
[10] .strtab
STRTAB 00000000 000190 000017 00 0 0 1
[00000000]:
[11] .shstrtab
STRTAB 00000000 0001b8 000061 00 0 0 1
[00000000]:
-s(小写)
显示符号表 symbol table
$ readelf -s hh1.o
Symbol table '.symtab' contains 14 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 0 FILE LOCAL DEFAULT ABS hh1.c
2: 00000000 0 SECTION LOCAL DEFAULT 1
3: 00000000 0 SECTION LOCAL DEFAULT 3
4: 00000000 0 SECTION LOCAL DEFAULT 4
5: 00000000 0 SECTION LOCAL DEFAULT 5
6: 00000000 0 NOTYPE LOCAL DEFAULT 5 $d
7: 00000000 0 NOTYPE LOCAL DEFAULT 1 $a
8: 0000001c 0 NOTYPE LOCAL DEFAULT 1 $d
9: 00000000 0 SECTION LOCAL DEFAULT 7
10: 00000000 0 SECTION LOCAL DEFAULT 6
11: 00000000 0 SECTION LOCAL DEFAULT 8
12: 00000000 32 FUNC GLOBAL DEFAULT 1 main
13: 00000000 0 NOTYPE GLOBAL DEFAULT UND puts
-x
以十六进制的形式,显示某个section的内容
$ readelf -x 5 hh1.o
Hex dump of section '.rodata':
0x00000000 61626364 6500 abcde.
$ readelf -x 10 hh1.o
Hex dump of section '.strtab':
0x00000000 00686831 2e630024 64002461 006d6169 .hh1.c.$d.$a.mai
0x00000010 6e007075 747300 n.puts.
-h
显示elf文件头。
-r
显示重定位表(.rel...段)的信息。
-a
显示所有信息。
-----------程序员的分割线-------------
readelf命令能够查看任意section的内容,如果要将.text的内容做反汇编,就还是要用objdump -d命令。