ELF解析(part one)
Posted llguanli
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ELF解析(part one)相关的知识,希望对你有一定的参考价值。
the contents
class elf { //date structure Elf32_Ehdr ehdr; Elf32_Shdr shdr; Elf32_Phdr phdr; // void elf( void); void ~elf( void); void ehdr(void); void shdr(void); void phdr(void); void StringTable(void); void SymbolTable(void); void Relocation(void); };
void elf::elf( void)
void elf::elf( void) { /** * Recently, I read some data about elf ,executable and link format. There are some experiences I hope * to share, record it.And I know work behind closed doors is never a good way, So welcome to your * advice at anytime,both in technique and in ENGLISH. * the references is as following: * ELF_format.pdf * ...... * actually ,read those articles is a better choice than this text. * In this article I will not introduce some concepts in detail, but introduce some examples * that help me understand its operating principles. */ }
void elf::ehdr(void)
void elf::ehdr(void) { //what is elf header? /** * Any elf file have a elf header, that represent information about how to analyzing this file. * it structure is */ typedef struct elf32_hdr { unsigned char e_ident[EI_NIDENT]; /* magic + "ELF"*/ Elf32_Half e_type; /* */ Elf32_Half e_machine; /* */ Elf32_Word e_version; /* */ Elf32_Addr e_entry; /* Entry point of the program.For relocatable object file, it is zero*/ Elf32_Off e_phoff; /* program header tables‘ offset from the begin of the file to the first byte of this table*/ Elf32_Off e_shoff; /* section header tables‘ offset from the begin of the file to this table*/ Elf32_Word e_flags; /* */ Elf32_Half e_ehsize; /* size of the ELF head*/ Elf32_Half e_phentsize; /* size of a entry of program header*/ Elf32_Half e_phnum; /* number of program header*/ Elf32_Half e_shentsize; /* size of the section header entry*/ Elf32_Half e_shnum; /* number of section header*/ Elf32_Half e_shstrndx; /* help section header table to find it‘s section header strings table, */ } Elf32_Ehdr; /* * now , To help our analysis, we need to create a simply example. */ #include <stdio.h> int main() { printf("aaaaa\n"); return 0; } /* * compile it,and check it */ [[email protected] blog]# gcc main.c -o main [[email protected] blog]# readelf -h main ELF Header: Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 Class: ELF32 Data: 2 s complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: Intel 80386 Version: 0x1 Entry point address: 0x80482b0 Start of program headers: 52 (bytes into file) Start of section headers: 1912 (bytes into file) Flags: 0x0 Size of this header: 52 (bytes) Size of program headers: 32 (bytes) Number of program headers: 7 Size of section headers: 40 (bytes) Number of section headers: 28 Section header string table index: 25 /* * those informations are all from the structure above.see some interesting part: * * "Type: EXEC (Executable file)" * --it tell us this file is a excutable file.Actually, elf file include three types : * EXEC, DYN( shared object file), and REL(relocatable file). * * "Entry point address: 0x80482b0" * --Entry point, gives the virtual address to which the system first transfers control, thus * starting the process. * * "Size of this header: 52 (bytes)" * --gives the size of this elf header. * * "Section header string table index: 25 " * --this is a funy member.It tell us 25th section is a string table which contain of the section headers‘ name. * */ }
void elf::shdr(void)
void elf::shdr(void) { //what is section header table?/* * A elf file is consist of many container, called section. In another word, The section is meaning for a container. * It maybe contain text, data and whatever it needed. when necessary, we will use those to * building our process demo, just as build a house with some bricks. * first at all, let me see it structure */ typedef struct { Elf32_Word sh_name; /* the section‘s name, a index into the section header string table section. just "shstrtab"*/ Elf32_Word sh_type; Elf32_Word sh_flags; /* attributes,*/ Elf32_Addr sh_addr; /* address of process‘s memory image*/ Elf32_Off sh_offset; /* section‘s offset in this program file. section postion by bytes*/ Elf32_Word sh_size; /* size of a section*/ Elf32_Word sh_link; /* a index into a section header table section,interpretation depends on the section type. Actually it index into the associated section*/ Elf32_Word sh_info; /* interpretation depends on the section type*/ Elf32_Word sh_addralign; /* some section have address alignment constraint */ Elf32_Word sh_entsize; /* some setction be divided to a smaller entry*/ } Elf32_Shdr; /* * just as we did above, see this */ [[email protected] blog]# readelf main -S There are 28 section headers, starting at offset 0x778: Section Headers: [Nr] Name Type Addr Off Size ES Flg Lk Inf Al [ 0] NULL 00000000 000000 000000 00 0 0 0 [ 1] .interp PROGBITS 08048114 000114 000013 00 A 0 0 1 [ 2] .note.ABI-tag NOTE 08048128 000128 000020 00 A 0 0 4 [ 3] .gnu.hash GNU_HASH 08048148 000148 000020 04 A 4 0 4 [ 4] .dynsym DYNSYM 08048168 000168 000050 10 A 5 1 4 [ 5] .dynstr STRTAB 080481b8 0001b8 00004a 00 A 0 0 1 [ 6] .gnu.version VERSYM 08048202 000202 00000a 02 A 4 0 2 [ 7] .gnu.version_r VERNEED 0804820c 00020c 000020 00 A 5 1 4 [ 8] .rel.dyn REL 0804822c 00022c 000008 08 A 4 0 4 [ 9] .rel.plt REL 08048234 000234 000018 08 A 4 11 4 [10] .init PROGBITS 0804824c 00024c 000017 00 AX 0 0 4 [11] .plt PROGBITS 08048264 000264 000040 04 AX 0 0 4 [12] .text PROGBITS 080482b0 0002b0 0001a8 00 AX 0 0 16 [13] .fini PROGBITS 08048458 000458 00001c 00 AX 0 0 4 [14] .rodata PROGBITS 08048474 000474 000012 00 A 0 0 4 [15] .eh_frame PROGBITS 08048488 000488 000004 00 A 0 0 4 [16] .ctors PROGBITS 0804948c 00048c 000008 00 WA 0 0 4 [17] .dtors PROGBITS 08049494 000494 000008 00 WA 0 0 4 [18] .jcr PROGBITS 0804949c 00049c 000004 00 WA 0 0 4 [19] .dynamic DYNAMIC 080494a0 0004a0 0000c8 08 WA 5 0 4 [20] .got PROGBITS 08049568 000568 000004 04 WA 0 0 4 [21] .got.plt PROGBITS 0804956c 00056c 000018 04 WA 0 0 4 [22] .data PROGBITS 08049584 000584 000004 00 WA 0 0 4 [23] .bss NOBITS 08049588 000588 000008 00 WA 0 0 4 [24] .comment PROGBITS 00000000 000588 000114 00 0 0 1 [25] .shstrtab STRTAB 00000000 00069c 0000db 00 0 0 1 [26] .symtab SYMTAB 00000000 000bd8 000440 10 27 48 4 [27] .strtab STRTAB 00000000 001018 000258 00 0 0 1 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings) I (info), L (link order), G (group), x (unknown) O (extra OS processing required) o (OS specific), p (processor specific) /* * there are 28 bricks.See some interesting parts: * "[ 0] NULL 00000000 000000 000000 00 0 0 0" * --this is to section table, just like NULL is to pointer. we use this as a * NULL section to check invalid index of section table. * "[ 1] .interp PROGBITS 08048114 000114 000013 00 A 0 0 1" * --tell system where to find this file‘s loader, which help to link shared library * into process demo. It is normally necessary to those files that use shared * library. * * " * [ 4] .dynsym DYNSYM 08048168 000168 000050 10 A 5 1 4 * [ 5] .dynstr STRTAB 080481b8 0001b8 00004a 00 A 0 0 1 * [ 8] .rel.dyn REL 0804822c 00022c 000008 08 A 4 0 4 * [ 9] .rel.plt REL 08048234 000234 000018 08 A 4 11 4 * [11] .plt PROGBITS 08048264 000264 000040 04 AX 0 0 4 * [20] .got PROGBITS 08049568 000568 000004 04 WA 0 0 4 * [21] .got.plt PROGBITS 0804956c 00056c 000018 04 WA 0 0 4 * " * --about dynamic link, they will tell a very funny story. if possible, I will try to * explain it in next part. * "[12] .text PROGBITS 080482b0 0002b0 0001a8 00 AX 0 0 16" * --your program, (instruction). * * "[23] .bss NOBITS 08049588 000588 000008 00 WA 0 0 4" * --this section holds uninitialized data, and occupies no file space. * * "[24] .comment PROGBITS 00000000 000588 000114 00 0 0 1" * --this section holds version control information.see this */ [[email protected] blog]# hexdump main -C -s 0x588 -n 276 00000588 00 47 43 43 3a 20 28 47 4e 55 29 20 34 2e 31 2e |.GCC: (GNU) 4.1.| 00000598 32 20 32 30 30 38 30 37 30 34 20 28 52 65 64 20 |2 20080704 (Red | 000005a8 48 61 74 20 34 2e 31 2e 32 2d 34 34 29 00 00 47 |Hat 4.1.2-44)..G| 000005b8 43 43 3a 20 28 47 4e 55 29 20 34 2e 31 2e 32 20 |CC: (GNU) 4.1.2 | 000005c8 32 30 30 38 30 37 30 34 20 28 52 65 64 20 48 61 |20080704 (Red Ha| 000005d8 74 20 34 2e 31 2e 32 2d 34 34 29 00 00 47 43 43 |t 4.1.2-44)..GCC| 000005e8 3a 20 28 47 4e 55 29 20 34 2e 31 2e 32 20 32 30 |: (GNU) 4.1.2 20| 000005f8 30 38 30 37 30 34 20 28 52 65 64 20 48 61 74 20 |080704 (Red Hat | 00000608 34 2e 31 2e 32 2d 34 34 29 00 00 47 43 43 3a 20 |4.1.2-44)..GCC: | 00000618 28 47 4e 55 29 20 34 2e 31 2e 32 20 32 30 30 38 |(GNU) 4.1.2 2008| 00000628 30 37 30 34 20 28 52 65 64 20 48 61 74 20 34 2e |0704 (Red Hat 4.| 00000638 31 2e 32 2d 34 34 29 00 00 47 43 43 3a 20 28 47 |1.2-44)..GCC: (G| 00000648 4e 55 29 20 34 2e 31 2e 32 20 32 30 30 38 30 37 |NU) 4.1.2 200807| 00000658 30 34 20 28 52 65 64 20 48 61 74 20 34 2e 31 2e |04 (Red Hat 4.1.| 00000668 32 2d 34 34 29 00 00 47 43 43 3a 20 28 47 4e 55 |2-44)..GCC: (GNU| 00000678 29 20 34 2e 31 2e 32 20 32 30 30 38 30 37 30 34 |) 4.1.2 20080704| 00000688 20 28 52 65 64 20 48 61 74 20 34 2e 31 2e 32 2d | (Red Hat 4.1.2-| 00000698 34 34 29 00 |44).| /* * * " [25] .shstrtab STRTAB 00000000 00069c 0000db 00 0 0 1" * --a string table for section header. */ [[email protected] blog]# hexdump main -C -s 0x69c -n 219 0000069c 00 2e 73 79 6d 74 61 62 00 2e 73 74 72 74 61 62 |..symtab..strtab| 000006ac 00 2e 73 68 73 74 72 74 61 62 00 2e 69 6e 74 65 |..shstrtab..inte| 000006bc 72 70 00 2e 6e 6f 74 65 2e 41 42 49 2d 74 61 67 |rp..note.ABI-tag| 000006cc 00 2e 67 6e 75 2e 68 61 73 68 00 2e 64 79 6e 73 |..gnu.hash..dyns| 000006dc 79 6d 00 2e 64 79 6e 73 74 72 00 2e 67 6e 75 2e |ym..dynstr..gnu.| 000006ec 76 65 72 73 69 6f 6e 00 2e 67 6e 75 2e 76 65 72 |version..gnu.ver| 000006fc 73 69 6f 6e 5f 72 00 2e 72 65 6c 2e 64 79 6e 00 |sion_r..rel.dyn.| 0000070c 2e 72 65 6c 2e 70 6c 74 00 2e 69 6e 69 74 00 2e |.rel.plt..init..| 0000071c 74 65 78 74 00 2e 66 69 6e 69 00 2e 72 6f 64 61 |text..fini..roda| 0000072c 74 61 00 2e 65 68 5f 66 72 61 6d 65 00 2e 63 74 |ta..eh_frame..ct| 0000073c 6f 72 73 00 2e 64 74 6f 72 73 00 2e 6a 63 72 00 |ors..dtors..jcr.| 0000074c 2e 64 79 6e 61 6d 69 63 00 2e 67 6f 74 00 2e 67 |.dynamic..got..g| 0000075c 6f 74 2e 70 6c 74 00 2e 64 61 74 61 00 2e 62 73 |ot.plt..data..bs| 0000076c 73 00 2e 63 6f 6d 6d 65 6e 74 00 |s..comment.| 00000777 /* * "[27] .strtab STRTAB 00000000 001018 000258 00 0 0 1" * --a string table for other string. * --may be see this will useful. From our */ [[email protected] blog]# hexdump main -C -s 0x1018 -n 600 00001018 00 63 61 6c 6c 5f 67 6d 6f 6e 5f 73 74 61 72 74 |.call_gmon_start| 00001028 00 63 72 74 73 74 75 66 66 2e 63 00 5f 5f 43 54 |.crtstuff.c.__CT| 00001038 4f 52 5f 4c 49 53 54 5f 5f 00 5f 5f 44 54 4f 52 |OR_LIST__.__DTOR| 00001048 5f 4c 49 53 54 5f 5f 00 5f 5f 4a 43 52 5f 4c 49 |_LIST__.__JCR_LI| 00001058 53 54 5f 5f 00 64 74 6f 72 5f 69 64 78 2e 35 37 |ST__.dtor_idx.57| 00001068 39 30 00 63 6f 6d 70 6c 65 74 65 64 2e 35 37 38 |90.completed.578| 00001078 38 00 5f 5f 64 6f 5f 67 6c 6f 62 61 6c 5f 64 74 |8.__do_global_dt| 00001088 6f 72 73 5f 61 75 78 00 66 72 61 6d 65 5f 64 75 |ors_aux.frame_du| 00001098 6d 6d 79 00 5f 5f 43 54 4f 52 5f 45 4e 44 5f 5f |mmy.__CTOR_END__| 000010a8 00 5f 5f 46 52 41 4d 45 5f 45 4e 44 5f 5f 00 5f |.__FRAME_END__._| 000010b8 5f 4a 43 52 5f 45 4e 44 5f 5f 00 5f 5f 64 6f 5f |_JCR_END__.__do_| 000010c8 67 6c 6f 62 61 6c 5f 63 74 6f 72 73 5f 61 75 78 |global_ctors_aux| 000010d8 00 6d 61 69 6e 2e 63 00 5f 5f 70 72 65 69 6e 69 |.main.c.__preini| 000010e8 74 5f 61 72 72 61 79 5f 73 74 61 72 74 00 5f 5f |t_array_start.__| 000010f8 66 69 6e 69 5f 61 72 72 61 79 5f 65 6e 64 00 5f |fini_array_end._| 00001108 47 4c 4f 42 41 4c 5f 4f 46 46 53 45 54 5f 54 41 |GLOBAL_OFFSET_TA| 00001118 42 4c 45 5f 00 5f 5f 70 72 65 69 6e 69 74 5f 61 |BLE_.__preinit_a| 00001128 72 72 61 79 5f 65 6e 64 00 5f 5f 66 69 6e 69 5f |rray_end.__fini_| 00001138 61 72 72 61 79 5f 73 74 61 72 74 00 5f 5f 69 6e |array_start.__in| 00001148 69 74 5f 61 72 72 61 79 5f 65 6e 64 00 5f 5f 69 |it_array_end.__i| 00001158 6e 69 74 5f 61 72 72 61 79 5f 73 74 61 72 74 00 |nit_array_start.| 00001168 5f 44 59 4e 41 4d 49 43 00 64 61 74 61 5f 73 74 |_DYNAMIC.data_st| 00001178 61 72 74 00 5f 5f 6c 69 62 63 5f 63 73 75 5f 66 |art.__libc_csu_f| 00001188 69 6e 69 00 5f 73 74 61 72 74 00 5f 5f 67 6d 6f |ini._start.__gmo| 00001198 6e 5f 73 74 61 72 74 5f 5f 00 5f 4a 76 5f 52 65 |n_start__._Jv_Re| 000011a8 67 69 73 74 65 72 43 6c 61 73 73 65 73 00 5f 66 |gisterClasses._f| 000011b8 70 5f 68 77 00 5f 66 69 6e 69 00 5f 5f 6c 69 62 |p_hw._fini.__lib| 000011c8 63 5f 73 74 61 72 74 5f 6d 61 69 6e 40 40 47 4c |[email protected]@GL| 000011d8 49 42 43 5f 32 2e 30 00 5f 49 4f 5f 73 74 64 69 |IBC_2.0._IO_stdi| 000011e8 6e 5f 75 73 65 64 00 5f 5f 64 61 74 61 5f 73 74 |n_used.__data_st| 000011f8 61 72 74 00 5f 5f 64 73 6f 5f 68 61 6e 64 6c 65 |art.__dso_handle| 00001208 00 5f 5f 44 54 4f 52 5f 45 4e 44 5f 5f 00 5f 5f |.__DTOR_END__.__| 00001218 6c 69 62 63 5f 63 73 75 5f 69 6e 69 74 00 5f 5f |libc_csu_init.__| 00001228 62 73 73 5f 73 74 61 72 74 00 5f 65 6e 64 00 70 |bss_start._end.p| 00001238 75 74 73 40 40 47 4c 49 42 43 5f 32 2e 30 00 5f |[email protected]@GLIBC_2.0._| 00001248 65 64 61 74 61 00 5f 5f 69 36 38 36 2e 67 65 74 |edata.__i686.get| 00001258 5f 70 63 5f 74 68 75 6e 6b 2e 62 78 00 6d 61 69 |_pc_thunk.bx.mai| 00001268 6e 00 5f 69 6e 69 74 00 |n._init.| /* * * "[26] .symtab SYMTAB 00000000 000bd8 000440 10 27 48 4" * --full name is symbol table, it is just like a identity card for elf file‘s object. */ }
void elf::phdr(void)
void elf::phdr(void) { //next part }
void elf::StringTable(void)
void elf::StringTable(void) { //what is a string table? How come we need it?/* * normally, if we want to create a identity card for a people, we maybe need to restore some attributes * about it. For examples: name, sex, age, and the like. To sex and age, it is easy to assess it‘s size and * allocate some space. But for name, we are in trouble, because we couldn‘t know it‘s size. */ /* * Let me see a trick for deal this problem. if there are three object to store. * 1: zhang Mr. , man, 24 * 2: Li Mrs. , woman, 30 * 3: Dr. loooooooooooooooooong, man, 35 * you may be create a struct like this */ struct IDCard{ char name[ the_longest_name]; int sex; int age; }; /* * That‘s awful, we will waste many memory space. * Ok, the second way, you create the following struct: */ struct IDCard { char *name_index; int sex; int age; }; struct String { char[ len1+ len2 + len3]; //all strings are stored in this. }; /* * this is a funny way. That‘s the reason why we need a section called by StringTable. */ }
void elf::SymbolTable(void)
void elf::SymbolTable(void) { //What is symbol Table ?How come we need it? /* * Image this, there are many functions in a program and they call each other. * some of them have been used by other function, some of them are waiting * for use( for example: relocatable file, dynamic link file),How can we describe it? */ /* * struct, struct is good for this.we could define object to record its‘s information. * Actually , the symbol table is more useful. It not only working for describe some functions, * but also other object. The follow is its struct: */ typedef struct elf32_sym{ Elf32_Word st_name; /* a index into string table*/ Elf32_Addr st_value; /* point the position of this symbol‘s define*/ Elf32_Word st_size; unsigned char st_info; /* bind(global/local) and type( function, file, ....),*/ unsigned char st_other; /* reserved*/ Elf32_Half st_shndx; /* */ } Elf32_Sym; /* * see a examples: */ [[email protected] blog]# readelf -s main Symbol table ‘.dynsym‘ contains 5 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 2: 00000000 415 FUNC GLOBAL DEFAULT UND [email protected]_2.0 (2) 3: 00000000 399 FUNC GLOBAL DEFAULT UND [email protected]_2.0 (2) 4: 08048478 4 OBJECT GLOBAL DEFAULT 14 _IO_stdin_used Symbol table ‘.symtab‘ contains 68 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 08048114 0 SECTION LOCAL DEFAULT 1 2: 08048128 0 SECTION LOCAL DEFAULT 2 3: 08048148 0 SECTION LOCAL DEFAULT 3 4: 08048168 0 SECTION LOCAL DEFAULT 4 5: 080481b8 0 SECTION LOCAL DEFAULT 5 6: 08048202 0 SECTION LOCAL DEFAULT 6 7: 0804820c 0 SECTION LOCAL DEFAULT 7 8: 0804822c 0 SECTION LOCAL DEFAULT 8 9: 08048234 0 SECTION LOCAL DEFAULT 9 10: 0804824c 0 SECTION LOCAL DEFAULT 10 11: 08048264 0 SECTION LOCAL DEFAULT 11 12: 080482b0 0 SECTION LOCAL DEFAULT 12 13: 08048458 0 SECTION LOCAL DEFAULT 13 14: 08048474 0 SECTION LOCAL DEFAULT 14 15: 08048488 0 SECTION LOCAL DEFAULT 15 16: 0804948c 0 SECTION LOCAL DEFAULT 16 17: 08049494 0 SECTION LOCAL DEFAULT 17 18: 0804949c 0 SECTION LOCAL DEFAULT 18 19: 080494a0 0 SECTION LOCAL DEFAULT 19 20: 08049568 0 SECTION LOCAL DEFAULT 20 21: 0804956c 0 SECTION LOCAL DEFAULT 21 22: 08049584 0 SECTION LOCAL DEFAULT 22 23: 08049588 0 SECTION LOCAL DEFAULT 23 24: 00000000 0 SECTION LOCAL DEFAULT 24 25: 080482d4 0 FUNC LOCAL DEFAULT 12 call_gmon_start 26: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 27: 0804948c 0 OBJECT LOCAL DEFAULT 16 __CTOR_LIST__ 28: 08049494 0 OBJECT LOCAL DEFAULT 17 __DTOR_LIST__ 29: 0804949c 0 OBJECT LOCAL DEFAULT 18 __JCR_LIST__ 30: 08049588 4 OBJECT LOCAL DEFAULT 23 dtor_idx.5790 31: 0804958c 1 OBJECT LOCAL DEFAULT 23 completed.5788 32: 08048300 0 FUNC LOCAL DEFAULT 12 __do_global_dtors_aux 33: 08048360 0 FUNC LOCAL DEFAULT 12 frame_dummy 34: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 35: 08049490 0 OBJECT LOCAL DEFAULT 16 __CTOR_END__ 36: 08048488 0 OBJECT LOCAL DEFAULT 15 __FRAME_END__ 37: 0804949c 0 OBJECT LOCAL DEFAULT 18 __JCR_END__ 38: 08048430 0 FUNC LOCAL DEFAULT 12 __do_global_ctors_aux 39: 00000000 0 FILE LOCAL DEFAULT ABS main.c 40: 0804948c 0 NOTYPE LOCAL HIDDEN 16 __preinit_array_start 41: 0804948c 0 NOTYPE LOCAL HIDDEN 16 __fini_array_end 42: 0804956c 0 OBJECT LOCAL HIDDEN 21 _GLOBAL_OFFSET_TABLE_ 43: 0804948c 0 NOTYPE LOCAL HIDDEN 16 __preinit_array_end 44: 0804948c 0 NOTYPE LOCAL HIDDEN 16 __fini_array_start 45: 0804948c 0 NOTYPE LOCAL HIDDEN 16 __init_array_end 46: 0804948c 0 NOTYPE LOCAL HIDDEN 16 __init_array_start 47: 080494a0 0 OBJECT LOCAL HIDDEN 19 _DYNAMIC 48: 08049584 0 NOTYPE WEAK DEFAULT 22 data_start 49: 080483b0 5 FUNC GLOBAL DEFAULT 12 __libc_csu_fini 50: 080482b0 0 FUNC GLOBAL DEFAULT 12 _start 51: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 52: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 53: 08048474 4 OBJECT GLOBAL DEFAULT 14 _fp_hw 54: 08048458 0 FUNC GLOBAL DEFAULT 13 _fini 55: 00000000 415 FUNC GLOBAL DEFAULT UND [email protected]@GLIBC_ 56: 08048478 4 OBJECT GLOBAL DEFAULT 14 _IO_stdin_used 57: 08049584 0 NOTYPE GLOBAL DEFAULT 22 __data_start 58: 0804847c 0 OBJECT GLOBAL HIDDEN 14 __dso_handle 59: 08049498 0 OBJECT GLOBAL HIDDEN 17 __DTOR_END__ 60: 080483c0 105 FUNC GLOBAL DEFAULT 12 __libc_csu_init 61: 08049588 0 NOTYPE GLOBAL DEFAULT ABS __bss_start 62: 08049590 0 NOTYPE GLOBAL DEFAULT ABS _end 63: 00000000 399 FUNC GLOBAL DEFAULT UND [email protected]@GLIBC_2.0 64: 08049588 0 NOTYPE GLOBAL DEFAULT ABS _edata 65: 08048429 0 FUNC GLOBAL HIDDEN 12 __i686.get_pc_thunk.bx 66: 08048384 43 FUNC GLOBAL DEFAULT 12 main 67: 0804824c 0 FUNC GLOBAL DEFAULT 10 _init }
void elf::Relocation(void)
void elf::Relocation(void) { //next part }
以上是关于ELF解析(part one)的主要内容,如果未能解决你的问题,请参考以下文章
Android 逆向使用 Python 解析 ELF 文件 ( Capstone 反汇编 ELF 文件中的机器码数据 | 完整代码示例 ) ★★★
Android 逆向使用 Python 代码解析 ELF 文件 ( PyCharm 中创建 Python 程序 | 导入 ELFFile 库 | 解析 ELF 文件 )
Android 逆向使用 Python 代码解析 ELF 文件 ( PyCharm 中进行断点调试 | ELFFile 实例对象分析 )
-bash: /usr/bin/ls: /lib64/ld-linux-x86-64.so.2: bad ELF interpreter: No such file or directory(代码片段