Courses/Computer Science/CPSC 355.W2014/Lecture Notes/ELFCont

From wiki.ucalgary.ca
< Courses‎ | Computer Science‎ | CPSC 355.W2014‎ | Lecture Notes
Revision as of 18:34, 3 February 2014 by Locasto (talk | contribs) (The ELF Format / Code and Data Container)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The ELF Format / Code and Data Container

Continue examination of the ELF structure (via readelf(1) and objdump(1)) and how to create one (without C or gcc).

When you give a source file to a compiler, it produces an executable artifact in a certain format. It turns your code and data into a format the OS will recognize and feed to the CPU.

Let us first consider a great work of beauty and art:

https://code.google.com/p/corkami/wiki/ELF101


We continue with our simple 'fx' program and this time ask readelf to just dump the section header table (with is nicer and easier to read than readelf -t )

(eye@mordor l10)$ readelf -S -W fx
There are 38 section headers, starting at offset 0x1138:
Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0  0
  [ 1] .interp           PROGBITS        08048134 000134 000013 00   A  0   0  1
  [ 2] .note.ABI-tag     NOTE            08048148 000148 000020 00   A  0   0  4
  [ 3] .note.gnu.build-id NOTE            08048168 000168 000024 00   A  0   0  4
  [ 4] .gnu.hash         GNU_HASH        0804818c 00018c 000024 04   A  5   0  4
  [ 5] .dynsym           DYNSYM          080481b0 0001b0 000070 10   A  6   1  4
  [ 6] .dynstr           STRTAB          08048220 000220 00005b 00   A  0   0  1
  [ 7] .gnu.version      VERSYM          0804827c 00027c 00000e 02   A  5   0  2
  [ 8] .gnu.version_r    VERNEED         0804828c 00028c 000020 00   A  6   1  4
  [ 9] .rel.dyn          REL             080482ac 0002ac 000010 08   A  5   0  4
  [10] .rel.plt          REL             080482bc 0002bc 000020 08   A  5  12  4
  [11] .init             PROGBITS        080482dc 0002dc 000030 00  AX  0   0  4
  [12] .plt              PROGBITS        0804830c 00030c 000050 04  AX  0   0  4
  [13] .text             PROGBITS        08048360 000360 0001ec 00  AX  0   0 16
  [14] .fini             PROGBITS        0804854c 00054c 00001c 00  AX  0   0  4
  [15] .rodata           PROGBITS        08048568 000568 000018 00   A  0   0  4
  [16] .eh_frame_hdr     PROGBITS        08048580 000580 000024 00   A  0   0  4
  [17] .eh_frame         PROGBITS        080485a4 0005a4 00007c 00   A  0   0  4
  [18] .ctors            PROGBITS        08049620 000620 000008 00  WA  0   0  4
  [19] .dtors            PROGBITS        08049628 000628 000008 00  WA  0   0  4
  [20] .jcr              PROGBITS        08049630 000630 000004 00  WA  0   0  4
  [21] .dynamic          DYNAMIC         08049634 000634 0000c8 08  WA  6   0  4
  [22] .got              PROGBITS        080496fc 0006fc 000004 04  WA  0   0  4
  [23] .got.plt          PROGBITS        08049700 000700 00001c 04  WA  0   0  4
  [24] .data             PROGBITS        0804971c 00071c 000008 00  WA  0   0  4
  [25] .bss              NOBITS          08049740 000724 000048 00  WA  0   0 32
  [26] .comment          PROGBITS        00000000 000724 000058 01  MS  0   0  1
  [27] .debug_aranges    PROGBITS        00000000 00077c 000020 00      0   0  1
  [28] .debug_pubnames   PROGBITS        00000000 00079c 00002e 00      0   0  1
  [29] .debug_info       PROGBITS        00000000 0007ca 000357 00      0   0  1
  [30] .debug_abbrev     PROGBITS        00000000 000b21 00011b 00      0   0  1
  [31] .debug_line       PROGBITS        00000000 000c3c 0000c0 00      0   0  1
  [32] .debug_frame      PROGBITS        00000000 000cfc 000034 00      0   0  4
  [33] .debug_str        PROGBITS        00000000 000d30 00022f 01  MS  0   0  1
  [34] .debug_pubtypes   PROGBITS        00000000 000f5f 00006f 00      0   0  1
  [35] .shstrtab         STRTAB          00000000 000fce 000169 00      0   0  1
  [36] .symtab           SYMTAB          00000000 001728 0004d0 10     37  53  4
  [37] .strtab           STRTAB          00000000 001bf8 00022c 00      0   0  1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)
(eye@mordor l10)$ 

The number of sections may be surprising to you, especially since the program we wrote was very small in terms of both code and data. And so you have another lesson in how the compiler interposes on your programming experience: it is generating quite a bit of additional information *not* present in your source file.

One of the reasons there are so many sections is because we compiled the program with the -g option, which produces "debugging" information like type information, line numbers, etc. (sections 27 to 34).