ELF解析(part one)

Posted llguanli

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ELF解析(part one)相关的知识,希望对你有一定的参考价值。

 

the contents

class elf {
	//date structure
	Elf32_Ehdr	ehdr;
	Elf32_Shdr	shdr;
	Elf32_Phdr	phdr;
	
	//
	void elf( void);
	void ~elf( void);

	void ehdr(void);
	void shdr(void);
	void phdr(void);
	void StringTable(void);
	void SymbolTable(void);
	void Relocation(void);
};


void elf::elf( void)

void elf::elf( void)
{

/**
*	Recently, I read some data about elf ,executable and link format. There are some experiences I hope
*	to share,  record it.And I know work behind closed doors is never a good way, So welcome to your 
*	advice at anytime,both in technique and in ENGLISH.
*	the references is as following:
*		ELF_format.pdf
*		......
*	actually ,read those articles is a better choice than this text.
*	In this article I will not introduce some concepts in detail, but introduce some examples
*	that help me understand its operating principles.
*/
}


void elf::ehdr(void)

void elf::ehdr(void)
{
//what is elf header?
/**
*	Any elf file have a elf header, that represent information about how to analyzing this file.
*	it structure is 
*/
         typedef struct elf32_hdr {
                  unsigned char e_ident[EI_NIDENT];	/* magic + "ELF"*/
                  Elf32_Half e_type;				/* */
                  Elf32_Half e_machine;			/* */
                  Elf32_Word e_version;			/* */
                  Elf32_Addr e_entry; 	/* Entry point of the program.For relocatable object file, it is zero*/
                  Elf32_Off e_phoff;		/* program header tables‘ offset from the begin of the file to the first byte of this table*/
                  Elf32_Off e_shoff;		/* section header tables‘ offset from the begin of the file to this table*/
                  Elf32_Word e_flags; 	/* */
                  Elf32_Half e_ehsize;	/* size of the ELF head*/
                  Elf32_Half e_phentsize; /* size of a entry of program header*/
                  Elf32_Half e_phnum; /* number of program header*/
                  Elf32_Half e_shentsize; /* size of the section header entry*/
                  Elf32_Half e_shnum; /* number of section header*/
                  Elf32_Half e_shstrndx;	/* help section header table to find it‘s section header strings table, */
        } Elf32_Ehdr;
/*
*	now , To help our analysis, we need to create a simply example.
*/
#include <stdio.h>
int main()
{
	printf("aaaaa\n");
	return 0;
}
/*
*	compile it,and check it
*/
[[email protected] blog]# gcc main.c -o main
[[email protected] blog]# readelf -h main
ELF Header:
  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF32
  Data:                              2 s complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Intel 80386
  Version:                           0x1
  Entry point address:               0x80482b0
  Start of program headers:          52 (bytes into file)
  Start of section headers:          1912 (bytes into file)
  Flags:                             0x0
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         7
  Size of section headers:           40 (bytes)
  Number of section headers:         28
  Section header string table index: 25

/*
*	those informations are all from the structure above.see some interesting part:
*
*	"Type:                    EXEC (Executable file)"
*    --it tell us this file is a excutable file.Actually, elf file include three types :
*		EXEC, DYN( shared object file), and REL(relocatable file).
*
*	"Entry point address:      0x80482b0"
*	--Entry point, gives the virtual address to which the system first transfers control, thus
*		starting the process.
*	
*	"Size of this header:               52 (bytes)"
*	--gives the size of this elf header.
*	
*	"Section header string table index: 25 "
*	--this is a funy member.It tell us 25th section is a string table which contain of the section headers‘ name.
*
*/

}


void elf::shdr(void)

void elf::shdr(void)
{
//what is section header table?

/* * A elf file is consist of many container, called section. In another word, The section is meaning for a container. * It maybe contain text, data and whatever it needed. when necessary, we will use those to * building our process demo, just as build a house with some bricks. * first at all, let me see it structure */ typedef struct { Elf32_Word sh_name; /* the section‘s name, a index into the section header string table section. just "shstrtab"*/ Elf32_Word sh_type; Elf32_Word sh_flags; /* attributes,*/ Elf32_Addr sh_addr; /* address of process‘s memory image*/ Elf32_Off sh_offset; /* section‘s offset in this program file. section postion by bytes*/ Elf32_Word sh_size; /* size of a section*/ Elf32_Word sh_link; /* a index into a section header table section,interpretation depends on the section type. Actually it index into the associated section*/ Elf32_Word sh_info; /* interpretation depends on the section type*/ Elf32_Word sh_addralign; /* some section have address alignment constraint */ Elf32_Word sh_entsize; /* some setction be divided to a smaller entry*/ } Elf32_Shdr; /* * just as we did above, see this */ [[email protected] blog]# readelf main -S There are 28 section headers, starting at offset 0x778: Section Headers: [Nr] Name Type Addr Off Size ES Flg Lk Inf Al [ 0] NULL 00000000 000000 000000 00 0 0 0 [ 1] .interp PROGBITS 08048114 000114 000013 00 A 0 0 1 [ 2] .note.ABI-tag NOTE 08048128 000128 000020 00 A 0 0 4 [ 3] .gnu.hash GNU_HASH 08048148 000148 000020 04 A 4 0 4 [ 4] .dynsym DYNSYM 08048168 000168 000050 10 A 5 1 4 [ 5] .dynstr STRTAB 080481b8 0001b8 00004a 00 A 0 0 1 [ 6] .gnu.version VERSYM 08048202 000202 00000a 02 A 4 0 2 [ 7] .gnu.version_r VERNEED 0804820c 00020c 000020 00 A 5 1 4 [ 8] .rel.dyn REL 0804822c 00022c 000008 08 A 4 0 4 [ 9] .rel.plt REL 08048234 000234 000018 08 A 4 11 4 [10] .init PROGBITS 0804824c 00024c 000017 00 AX 0 0 4 [11] .plt PROGBITS 08048264 000264 000040 04 AX 0 0 4 [12] .text PROGBITS 080482b0 0002b0 0001a8 00 AX 0 0 16 [13] .fini PROGBITS 08048458 000458 00001c 00 AX 0 0 4 [14] .rodata PROGBITS 08048474 000474 000012 00 A 0 0 4 [15] .eh_frame PROGBITS 08048488 000488 000004 00 A 0 0 4 [16] .ctors PROGBITS 0804948c 00048c 000008 00 WA 0 0 4 [17] .dtors PROGBITS 08049494 000494 000008 00 WA 0 0 4 [18] .jcr PROGBITS 0804949c 00049c 000004 00 WA 0 0 4 [19] .dynamic DYNAMIC 080494a0 0004a0 0000c8 08 WA 5 0 4 [20] .got PROGBITS 08049568 000568 000004 04 WA 0 0 4 [21] .got.plt PROGBITS 0804956c 00056c 000018 04 WA 0 0 4 [22] .data PROGBITS 08049584 000584 000004 00 WA 0 0 4 [23] .bss NOBITS 08049588 000588 000008 00 WA 0 0 4 [24] .comment PROGBITS 00000000 000588 000114 00 0 0 1 [25] .shstrtab STRTAB 00000000 00069c 0000db 00 0 0 1 [26] .symtab SYMTAB 00000000 000bd8 000440 10 27 48 4 [27] .strtab STRTAB 00000000 001018 000258 00 0 0 1 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings) I (info), L (link order), G (group), x (unknown) O (extra OS processing required) o (OS specific), p (processor specific) /* * there are 28 bricks.See some interesting parts: * "[ 0] NULL 00000000 000000 000000 00 0 0 0" * --this is to section table, just like NULL is to pointer. we use this as a * NULL section to check invalid index of section table. * "[ 1] .interp PROGBITS 08048114 000114 000013 00 A 0 0 1" * --tell system where to find this file‘s loader, which help to link shared library * into process demo. It is normally necessary to those files that use shared * library. * * " * [ 4] .dynsym DYNSYM 08048168 000168 000050 10 A 5 1 4 * [ 5] .dynstr STRTAB 080481b8 0001b8 00004a 00 A 0 0 1 * [ 8] .rel.dyn REL 0804822c 00022c 000008 08 A 4 0 4 * [ 9] .rel.plt REL 08048234 000234 000018 08 A 4 11 4 * [11] .plt PROGBITS 08048264 000264 000040 04 AX 0 0 4 * [20] .got PROGBITS 08049568 000568 000004 04 WA 0 0 4 * [21] .got.plt PROGBITS 0804956c 00056c 000018 04 WA 0 0 4 * " * --about dynamic link, they will tell a very funny story. if possible, I will try to * explain it in next part. * "[12] .text PROGBITS 080482b0 0002b0 0001a8 00 AX 0 0 16" * --your program, (instruction). * * "[23] .bss NOBITS 08049588 000588 000008 00 WA 0 0 4" * --this section holds uninitialized data, and occupies no file space. * * "[24] .comment PROGBITS 00000000 000588 000114 00 0 0 1" * --this section holds version control information.see this */ [[email protected] blog]# hexdump main -C -s 0x588 -n 276 00000588 00 47 43 43 3a 20 28 47 4e 55 29 20 34 2e 31 2e |.GCC: (GNU) 4.1.| 00000598 32 20 32 30 30 38 30 37 30 34 20 28 52 65 64 20 |2 20080704 (Red | 000005a8 48 61 74 20 34 2e 31 2e 32 2d 34 34 29 00 00 47 |Hat 4.1.2-44)..G| 000005b8 43 43 3a 20 28 47 4e 55 29 20 34 2e 31 2e 32 20 |CC: (GNU) 4.1.2 | 000005c8 32 30 30 38 30 37 30 34 20 28 52 65 64 20 48 61 |20080704 (Red Ha| 000005d8 74 20 34 2e 31 2e 32 2d 34 34 29 00 00 47 43 43 |t 4.1.2-44)..GCC| 000005e8 3a 20 28 47 4e 55 29 20 34 2e 31 2e 32 20 32 30 |: (GNU) 4.1.2 20| 000005f8 30 38 30 37 30 34 20 28 52 65 64 20 48 61 74 20 |080704 (Red Hat | 00000608 34 2e 31 2e 32 2d 34 34 29 00 00 47 43 43 3a 20 |4.1.2-44)..GCC: | 00000618 28 47 4e 55 29 20 34 2e 31 2e 32 20 32 30 30 38 |(GNU) 4.1.2 2008| 00000628 30 37 30 34 20 28 52 65 64 20 48 61 74 20 34 2e |0704 (Red Hat 4.| 00000638 31 2e 32 2d 34 34 29 00 00 47 43 43 3a 20 28 47 |1.2-44)..GCC: (G| 00000648 4e 55 29 20 34 2e 31 2e 32 20 32 30 30 38 30 37 |NU) 4.1.2 200807| 00000658 30 34 20 28 52 65 64 20 48 61 74 20 34 2e 31 2e |04 (Red Hat 4.1.| 00000668 32 2d 34 34 29 00 00 47 43 43 3a 20 28 47 4e 55 |2-44)..GCC: (GNU| 00000678 29 20 34 2e 31 2e 32 20 32 30 30 38 30 37 30 34 |) 4.1.2 20080704| 00000688 20 28 52 65 64 20 48 61 74 20 34 2e 31 2e 32 2d | (Red Hat 4.1.2-| 00000698 34 34 29 00 |44).| /* * * " [25] .shstrtab STRTAB 00000000 00069c 0000db 00 0 0 1" * --a string table for section header. */ [[email protected] blog]# hexdump main -C -s 0x69c -n 219 0000069c 00 2e 73 79 6d 74 61 62 00 2e 73 74 72 74 61 62 |..symtab..strtab| 000006ac 00 2e 73 68 73 74 72 74 61 62 00 2e 69 6e 74 65 |..shstrtab..inte| 000006bc 72 70 00 2e 6e 6f 74 65 2e 41 42 49 2d 74 61 67 |rp..note.ABI-tag| 000006cc 00 2e 67 6e 75 2e 68 61 73 68 00 2e 64 79 6e 73 |..gnu.hash..dyns| 000006dc 79 6d 00 2e 64 79 6e 73 74 72 00 2e 67 6e 75 2e |ym..dynstr..gnu.| 000006ec 76 65 72 73 69 6f 6e 00 2e 67 6e 75 2e 76 65 72 |version..gnu.ver| 000006fc 73 69 6f 6e 5f 72 00 2e 72 65 6c 2e 64 79 6e 00 |sion_r..rel.dyn.| 0000070c 2e 72 65 6c 2e 70 6c 74 00 2e 69 6e 69 74 00 2e |.rel.plt..init..| 0000071c 74 65 78 74 00 2e 66 69 6e 69 00 2e 72 6f 64 61 |text..fini..roda| 0000072c 74 61 00 2e 65 68 5f 66 72 61 6d 65 00 2e 63 74 |ta..eh_frame..ct| 0000073c 6f 72 73 00 2e 64 74 6f 72 73 00 2e 6a 63 72 00 |ors..dtors..jcr.| 0000074c 2e 64 79 6e 61 6d 69 63 00 2e 67 6f 74 00 2e 67 |.dynamic..got..g| 0000075c 6f 74 2e 70 6c 74 00 2e 64 61 74 61 00 2e 62 73 |ot.plt..data..bs| 0000076c 73 00 2e 63 6f 6d 6d 65 6e 74 00 |s..comment.| 00000777 /* * "[27] .strtab STRTAB 00000000 001018 000258 00 0 0 1" * --a string table for other string. * --may be see this will useful. From our */ [[email protected] blog]# hexdump main -C -s 0x1018 -n 600 00001018 00 63 61 6c 6c 5f 67 6d 6f 6e 5f 73 74 61 72 74 |.call_gmon_start| 00001028 00 63 72 74 73 74 75 66 66 2e 63 00 5f 5f 43 54 |.crtstuff.c.__CT| 00001038 4f 52 5f 4c 49 53 54 5f 5f 00 5f 5f 44 54 4f 52 |OR_LIST__.__DTOR| 00001048 5f 4c 49 53 54 5f 5f 00 5f 5f 4a 43 52 5f 4c 49 |_LIST__.__JCR_LI| 00001058 53 54 5f 5f 00 64 74 6f 72 5f 69 64 78 2e 35 37 |ST__.dtor_idx.57| 00001068 39 30 00 63 6f 6d 70 6c 65 74 65 64 2e 35 37 38 |90.completed.578| 00001078 38 00 5f 5f 64 6f 5f 67 6c 6f 62 61 6c 5f 64 74 |8.__do_global_dt| 00001088 6f 72 73 5f 61 75 78 00 66 72 61 6d 65 5f 64 75 |ors_aux.frame_du| 00001098 6d 6d 79 00 5f 5f 43 54 4f 52 5f 45 4e 44 5f 5f |mmy.__CTOR_END__| 000010a8 00 5f 5f 46 52 41 4d 45 5f 45 4e 44 5f 5f 00 5f |.__FRAME_END__._| 000010b8 5f 4a 43 52 5f 45 4e 44 5f 5f 00 5f 5f 64 6f 5f |_JCR_END__.__do_| 000010c8 67 6c 6f 62 61 6c 5f 63 74 6f 72 73 5f 61 75 78 |global_ctors_aux| 000010d8 00 6d 61 69 6e 2e 63 00 5f 5f 70 72 65 69 6e 69 |.main.c.__preini| 000010e8 74 5f 61 72 72 61 79 5f 73 74 61 72 74 00 5f 5f |t_array_start.__| 000010f8 66 69 6e 69 5f 61 72 72 61 79 5f 65 6e 64 00 5f |fini_array_end._| 00001108 47 4c 4f 42 41 4c 5f 4f 46 46 53 45 54 5f 54 41 |GLOBAL_OFFSET_TA| 00001118 42 4c 45 5f 00 5f 5f 70 72 65 69 6e 69 74 5f 61 |BLE_.__preinit_a| 00001128 72 72 61 79 5f 65 6e 64 00 5f 5f 66 69 6e 69 5f |rray_end.__fini_| 00001138 61 72 72 61 79 5f 73 74 61 72 74 00 5f 5f 69 6e |array_start.__in| 00001148 69 74 5f 61 72 72 61 79 5f 65 6e 64 00 5f 5f 69 |it_array_end.__i| 00001158 6e 69 74 5f 61 72 72 61 79 5f 73 74 61 72 74 00 |nit_array_start.| 00001168 5f 44 59 4e 41 4d 49 43 00 64 61 74 61 5f 73 74 |_DYNAMIC.data_st| 00001178 61 72 74 00 5f 5f 6c 69 62 63 5f 63 73 75 5f 66 |art.__libc_csu_f| 00001188 69 6e 69 00 5f 73 74 61 72 74 00 5f 5f 67 6d 6f |ini._start.__gmo| 00001198 6e 5f 73 74 61 72 74 5f 5f 00 5f 4a 76 5f 52 65 |n_start__._Jv_Re| 000011a8 67 69 73 74 65 72 43 6c 61 73 73 65 73 00 5f 66 |gisterClasses._f| 000011b8 70 5f 68 77 00 5f 66 69 6e 69 00 5f 5f 6c 69 62 |p_hw._fini.__lib| 000011c8 63 5f 73 74 61 72 74 5f 6d 61 69 6e 40 40 47 4c |[email protected]@GL| 000011d8 49 42 43 5f 32 2e 30 00 5f 49 4f 5f 73 74 64 69 |IBC_2.0._IO_stdi| 000011e8 6e 5f 75 73 65 64 00 5f 5f 64 61 74 61 5f 73 74 |n_used.__data_st| 000011f8 61 72 74 00 5f 5f 64 73 6f 5f 68 61 6e 64 6c 65 |art.__dso_handle| 00001208 00 5f 5f 44 54 4f 52 5f 45 4e 44 5f 5f 00 5f 5f |.__DTOR_END__.__| 00001218 6c 69 62 63 5f 63 73 75 5f 69 6e 69 74 00 5f 5f |libc_csu_init.__| 00001228 62 73 73 5f 73 74 61 72 74 00 5f 65 6e 64 00 70 |bss_start._end.p| 00001238 75 74 73 40 40 47 4c 49 42 43 5f 32 2e 30 00 5f |[email protected]@GLIBC_2.0._| 00001248 65 64 61 74 61 00 5f 5f 69 36 38 36 2e 67 65 74 |edata.__i686.get| 00001258 5f 70 63 5f 74 68 75 6e 6b 2e 62 78 00 6d 61 69 |_pc_thunk.bx.mai| 00001268 6e 00 5f 69 6e 69 74 00 |n._init.| /* * * "[26] .symtab SYMTAB 00000000 000bd8 000440 10 27 48 4" * --full name is symbol table, it is just like a identity card for elf file‘s object. */ }


void elf::phdr(void)

void elf::phdr(void)
{
//next part
}


void elf::StringTable(void)

void elf::StringTable(void)
{
//what is a string table? How come we need it?

/* * normally, if we want to create a identity card for a people, we maybe need to restore some attributes * about it. For examples: name, sex, age, and the like. To sex and age, it is easy to assess it‘s size and * allocate some space. But for name, we are in trouble, because we couldn‘t know it‘s size. */ /* * Let me see a trick for deal this problem. if there are three object to store. * 1: zhang Mr. , man, 24 * 2: Li Mrs. , woman, 30 * 3: Dr. loooooooooooooooooong, man, 35 * you may be create a struct like this */ struct IDCard{ char name[ the_longest_name]; int sex; int age; }; /* * That‘s awful, we will waste many memory space. * Ok, the second way, you create the following struct: */ struct IDCard { char *name_index; int sex; int age; }; struct String { char[ len1+ len2 + len3]; //all strings are stored in this. }; /* * this is a funny way. That‘s the reason why we need a section called by StringTable. */ }


void elf::SymbolTable(void)

void elf::SymbolTable(void)
{
//What is symbol Table ?How come we need it?
/*
*	Image this, there are many functions in a program and they call each other.
*	some of them have been used by other function, some of them are waiting 
*	for use( for example: relocatable file, dynamic link file),How can we describe it?
*/

/*
*	struct, struct is good for this.we could define object to record its‘s information.
*	Actually , the symbol table is more useful. It not only working for describe some functions,
*	but also other object. The follow is its struct:
*/
typedef struct elf32_sym{
	  Elf32_Word	st_name;		/* a index into string table*/
	  Elf32_Addr	st_value;		/* point the position of this symbol‘s define*/
	  Elf32_Word	st_size;		
	  unsigned char st_info;		/* bind(global/local) and type( function, file, ....),*/
	  unsigned char st_other;		/* reserved*/
	  Elf32_Half	st_shndx;	/* */
} Elf32_Sym;

/*
*	see a examples:
*/
[[email protected] blog]# readelf -s main

Symbol table ‘.dynsym‘ contains 5 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
     0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 00000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
     2: 00000000   415 FUNC    GLOBAL DEFAULT  UND [email protected]_2.0 (2)
     3: 00000000   399 FUNC    GLOBAL DEFAULT  UND [email protected]_2.0 (2)
     4: 08048478     4 OBJECT  GLOBAL DEFAULT   14 _IO_stdin_used

Symbol table ‘.symtab‘ contains 68 entries:
   Num:    Value  Size Type    Bind   Vis      Ndx Name
     0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 08048114     0 SECTION LOCAL  DEFAULT    1 
     2: 08048128     0 SECTION LOCAL  DEFAULT    2 
     3: 08048148     0 SECTION LOCAL  DEFAULT    3 
     4: 08048168     0 SECTION LOCAL  DEFAULT    4 
     5: 080481b8     0 SECTION LOCAL  DEFAULT    5 
     6: 08048202     0 SECTION LOCAL  DEFAULT    6 
     7: 0804820c     0 SECTION LOCAL  DEFAULT    7 
     8: 0804822c     0 SECTION LOCAL  DEFAULT    8 
     9: 08048234     0 SECTION LOCAL  DEFAULT    9 
    10: 0804824c     0 SECTION LOCAL  DEFAULT   10 
    11: 08048264     0 SECTION LOCAL  DEFAULT   11 
    12: 080482b0     0 SECTION LOCAL  DEFAULT   12 
    13: 08048458     0 SECTION LOCAL  DEFAULT   13 
    14: 08048474     0 SECTION LOCAL  DEFAULT   14 
    15: 08048488     0 SECTION LOCAL  DEFAULT   15 
    16: 0804948c     0 SECTION LOCAL  DEFAULT   16 
    17: 08049494     0 SECTION LOCAL  DEFAULT   17 
    18: 0804949c     0 SECTION LOCAL  DEFAULT   18 
    19: 080494a0     0 SECTION LOCAL  DEFAULT   19 
    20: 08049568     0 SECTION LOCAL  DEFAULT   20 
    21: 0804956c     0 SECTION LOCAL  DEFAULT   21 
    22: 08049584     0 SECTION LOCAL  DEFAULT   22 
    23: 08049588     0 SECTION LOCAL  DEFAULT   23 
    24: 00000000     0 SECTION LOCAL  DEFAULT   24 
    25: 080482d4     0 FUNC    LOCAL  DEFAULT   12 call_gmon_start
    26: 00000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    27: 0804948c     0 OBJECT  LOCAL  DEFAULT   16 __CTOR_LIST__
    28: 08049494     0 OBJECT  LOCAL  DEFAULT   17 __DTOR_LIST__
    29: 0804949c     0 OBJECT  LOCAL  DEFAULT   18 __JCR_LIST__
    30: 08049588     4 OBJECT  LOCAL  DEFAULT   23 dtor_idx.5790
    31: 0804958c     1 OBJECT  LOCAL  DEFAULT   23 completed.5788
    32: 08048300     0 FUNC    LOCAL  DEFAULT   12 __do_global_dtors_aux
    33: 08048360     0 FUNC    LOCAL  DEFAULT   12 frame_dummy
    34: 00000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    35: 08049490     0 OBJECT  LOCAL  DEFAULT   16 __CTOR_END__
    36: 08048488     0 OBJECT  LOCAL  DEFAULT   15 __FRAME_END__
    37: 0804949c     0 OBJECT  LOCAL  DEFAULT   18 __JCR_END__
    38: 08048430     0 FUNC    LOCAL  DEFAULT   12 __do_global_ctors_aux
    39: 00000000     0 FILE    LOCAL  DEFAULT  ABS main.c
    40: 0804948c     0 NOTYPE  LOCAL  HIDDEN   16 __preinit_array_start
    41: 0804948c     0 NOTYPE  LOCAL  HIDDEN   16 __fini_array_end
    42: 0804956c     0 OBJECT  LOCAL  HIDDEN   21 _GLOBAL_OFFSET_TABLE_
    43: 0804948c     0 NOTYPE  LOCAL  HIDDEN   16 __preinit_array_end
    44: 0804948c     0 NOTYPE  LOCAL  HIDDEN   16 __fini_array_start
    45: 0804948c     0 NOTYPE  LOCAL  HIDDEN   16 __init_array_end
    46: 0804948c     0 NOTYPE  LOCAL  HIDDEN   16 __init_array_start
    47: 080494a0     0 OBJECT  LOCAL  HIDDEN   19 _DYNAMIC
    48: 08049584     0 NOTYPE  WEAK   DEFAULT   22 data_start
    49: 080483b0     5 FUNC    GLOBAL DEFAULT   12 __libc_csu_fini
    50: 080482b0     0 FUNC    GLOBAL DEFAULT   12 _start
    51: 00000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
    52: 00000000     0 NOTYPE  WEAK   DEFAULT  UND _Jv_RegisterClasses
    53: 08048474     4 OBJECT  GLOBAL DEFAULT   14 _fp_hw
    54: 08048458     0 FUNC    GLOBAL DEFAULT   13 _fini
    55: 00000000   415 FUNC    GLOBAL DEFAULT  UND [email protected]@GLIBC_
    56: 08048478     4 OBJECT  GLOBAL DEFAULT   14 _IO_stdin_used
    57: 08049584     0 NOTYPE  GLOBAL DEFAULT   22 __data_start
    58: 0804847c     0 OBJECT  GLOBAL HIDDEN   14 __dso_handle
    59: 08049498     0 OBJECT  GLOBAL HIDDEN   17 __DTOR_END__
    60: 080483c0   105 FUNC    GLOBAL DEFAULT   12 __libc_csu_init
    61: 08049588     0 NOTYPE  GLOBAL DEFAULT  ABS __bss_start
    62: 08049590     0 NOTYPE  GLOBAL DEFAULT  ABS _end
    63: 00000000   399 FUNC    GLOBAL DEFAULT  UND [email protected]@GLIBC_2.0
    64: 08049588     0 NOTYPE  GLOBAL DEFAULT  ABS _edata
    65: 08048429     0 FUNC    GLOBAL HIDDEN   12 __i686.get_pc_thunk.bx
    66: 08048384    43 FUNC    GLOBAL DEFAULT   12 main
    67: 0804824c     0 FUNC    GLOBAL DEFAULT   10 _init

}

 

void elf::Relocation(void)

void elf::Relocation(void)
{
//next part
}

 

以上是关于ELF解析(part one)的主要内容,如果未能解决你的问题,请参考以下文章

Android 逆向使用 Python 解析 ELF 文件 ( Capstone 反汇编 ELF 文件中的机器码数据 | 完整代码示例 ) ★★★

Android 逆向使用 Python 代码解析 ELF 文件 ( PyCharm 中创建 Python 程序 | 导入 ELFFile 库 | 解析 ELF 文件 )

Android 逆向使用 Python 代码解析 ELF 文件 ( PyCharm 中进行断点调试 | ELFFile 实例对象分析 )

-bash: /usr/bin/ls: /lib64/ld-linux-x86-64.so.2: bad ELF interpreter: No such file or directory(代码片段

手写ELF结构解析工具

二进制安全:ELF文件深度分析Linux二进制代码审计