资源描述:
《Understanding_ELF_using_readelf_and_objdump.pdf》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、UnderstandingELFusingreadelfandobjdumpWhatisELF?ELF(ExecutableandLinkingFormat)isfileformatthatdefineshowanobjectfileiscomposedandorganized.Withthisinformation,yourkernelandthebinaryloaderknowhowtoloadthefile,wheretolookforthecode,wheretolooktheinitializ
2、eddata,whichsharedlibrarythatneedstobeloadedandsoon.Firstofall,youshouldknowaboutdifferentkindofELFobject:•Relocatablefile:anobjectfilethatholdscodeanddatasuitableforlinkingwithotherobjectfilestocreateanexecutableorasharedobjectfile.Inotherword,youcansay
3、thatrelocatablefileisafoundationforcreatingexecutablesandlibraries.Thisiskindoffileyougetifyoucompileasourcecodelikethis:$gcc-ctest.cThatwillproducetest.o,whichisarelocatablefile.Kernelmodule(eithersuffixedwith.oor.ko)isalsoaformofrelocatablefile.•Execut
4、ablefile:objectfilethatholdsaprogramsuitableforexecution.Yes,thatmeans,yourXMMSmp3player,yourvcdsoftwareplayer,evenyourtexteditorareallELFexecutablefiles.Thisisalsoafamiliarfileifyoucompileaprogram:$gcc-otesttest.cAfteryoumakesuretheexecutablebitof"test"
5、isenabled,youcanexecuteit.Thequestionis,whataboutshellscript?ShellscriptisNOTELFexecutable,buttheinterpreterIS.•Sharedobjectfile:Thisfileholdscodeanddatasuitableforlinkingintwocontexts:1.Thelinkeditormayprocessitwithotherrelocatableandsharedobjectfiletoc
6、reateanotherobjectfile.2.Thedynamiclinkercombinesitwithanexecutablefileandothersharedobjectstocreateaprocessimage.Insimplewords,thesearethefilesthatyouusuallyseewithsuffix.so(normallylocatedinside/usr/libonmostLinuxinstallation).Isthereanyotherwaytodetec
7、ttheELFtype?Yesthereis.IneveryELFobject,thereisafileheaderthatexplainswhatkindfileitis.Assumingyouhaveinstalledbinutilspackage,youcanusereadelftoreadthisheader.Forexample(commandresultsareshortenedtoshowrelatedfieldsonly):$readelf-h/bin/lsType:EXEC(Execu
8、tablefile)$readelf-h/usr/lib/crt1.oType:REL(Relocatablefile)$readelf-h/lib/libc-2.3.2.soType:DYN(Sharedobjectfile)"File"commandworkstooforobjectfileidentification,butIwon'tdiscussitfurther.Let'sfocusonreadelfandobjdump,sin
