Courses/Computer Science/CPSC 355.W2014/Lecture Notes/ELFCont

= The ELF Format / Code and Data Container =

Continue examination of the ELF structure (via readelf(1) and objdump(1)) and how to create one (without C or gcc).

When you give a source file to a compiler, it produces an executable artifact in a certain format. It turns your code and data into a format the OS will recognize and feed to the CPU.

Let us first consider a great work of beauty and art:

https://code.google.com/p/corkami/wiki/ELF101


 * http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html
 * http://www.muppetlabs.com/~breadbox/software/ELF.txt
 * http://www.hackercurriculum.org/elf

We continue with our simple 'fx' program and this time ask readelf to just dump the section header table (with is nicer and easier to read than readelf -t )

(eye@mordor l10)$ readelf -S -W fx There are 38 section headers, starting at offset 0x1138: Section Headers: [Nr] Name             Type            Addr     Off    Size   ES Flg Lk Inf Al   [ 0]                   NULL            00000000 000000 000000 00      0   0  0 [ 1] .interp          PROGBITS        08048134 000134 000013 00   A  0   0  1 [ 2] .note.ABI-tag    NOTE            08048148 000148 000020 00   A  0   0  4 [ 3] .note.gnu.build-id NOTE           08048168 000168 000024 00   A  0   0  4 [ 4] .gnu.hash        GNU_HASH        0804818c 00018c 000024 04   A  5   0  4 [ 5] .dynsym          DYNSYM          080481b0 0001b0 000070 10   A  6   1  4 [ 6] .dynstr          STRTAB          08048220 000220 00005b 00   A  0   0  1 [ 7] .gnu.version     VERSYM          0804827c 00027c 00000e 02   A  5   0  2 [ 8] .gnu.version_r   VERNEED         0804828c 00028c 000020 00   A  6   1  4 [ 9] .rel.dyn         REL             080482ac 0002ac 000010 08   A  5   0  4 [10] .rel.plt         REL             080482bc 0002bc 000020 08   A  5  12  4 [11] .init            PROGBITS        080482dc 0002dc 000030 00  AX  0   0  4 [12] .plt             PROGBITS        0804830c 00030c 000050 04  AX  0   0  4 [13] .text            PROGBITS        08048360 000360 0001ec 00  AX  0   0 16 [14] .fini            PROGBITS        0804854c 00054c 00001c 00  AX  0   0  4 [15] .rodata          PROGBITS        08048568 000568 000018 00   A  0   0  4 [16] .eh_frame_hdr    PROGBITS        08048580 000580 000024 00   A  0   0  4 [17] .eh_frame        PROGBITS        080485a4 0005a4 00007c 00   A  0   0  4 [18] .ctors           PROGBITS        08049620 000620 000008 00  WA  0   0  4 [19] .dtors           PROGBITS        08049628 000628 000008 00  WA  0   0  4 [20] .jcr             PROGBITS        08049630 000630 000004 00  WA  0   0  4 [21] .dynamic         DYNAMIC         08049634 000634 0000c8 08  WA  6   0  4 [22] .got             PROGBITS        080496fc 0006fc 000004 04  WA  0   0  4 [23] .got.plt         PROGBITS        08049700 000700 00001c 04  WA  0   0  4 [24] .data            PROGBITS        0804971c 00071c 000008 00  WA  0   0  4 [25] .bss             NOBITS          08049740 000724 000048 00  WA  0   0 32 [26] .comment         PROGBITS        00000000 000724 000058 01  MS  0   0  1 [27] .debug_aranges   PROGBITS        00000000 00077c 000020 00      0   0  1 [28] .debug_pubnames  PROGBITS        00000000 00079c 00002e 00      0   0  1 [29] .debug_info      PROGBITS        00000000 0007ca 000357 00      0   0  1 [30] .debug_abbrev    PROGBITS        00000000 000b21 00011b 00      0   0  1 [31] .debug_line      PROGBITS        00000000 000c3c 0000c0 00      0   0  1 [32] .debug_frame     PROGBITS        00000000 000cfc 000034 00      0   0  4 [33] .debug_str       PROGBITS        00000000 000d30 00022f 01  MS  0   0  1 [34] .debug_pubtypes  PROGBITS        00000000 000f5f 00006f 00      0   0  1 [35] .shstrtab        STRTAB          00000000 000fce 000169 00      0   0  1 [36] .symtab          SYMTAB          00000000 001728 0004d0 10     37  53  4 [37] .strtab          STRTAB          00000000 001bf8 00022c 00      0   0  1 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings) I (info), L (link order), G (group), x (unknown) O (extra OS processing required) o (OS specific), p (processor specific) (eye@mordor l10)$

The number of sections may be surprising to you, especially since the program we wrote was very small in terms of both code and data. And so you have another lesson in how the compiler interposes on your programming experience: it is generating quite a bit of additional information *not* present in your source file.

One of the reasons there are so many sections is because we compiled the program with the -g option, which produces "debugging" information like type information, line numbers, etc. (sections 27 to 34).