源代码举例
$ cat test_elf.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#define HEAP_SIZE (100 * 1024)
#define MAGIC_NUM 0x58
int main(int argc, char *argv[])
{
char *buf = malloc(HEAP_SIZE);
memset(buf, MAGIC_NUM, HEAP_SIZE);
printf("malloc buffer 0x%p\n", buf);
while (1)
sleep(10000);
return 0;
}
编译
$ gcc -static test_elf.c -o test_elf
读取 Segments 程序头
$ readelf -l test_elf
Elf file type is EXEC (Executable file)
Entry point 0x400580
There are 6 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
0x000000000007dbd2 0x000000000007dbd2 R E 0x10000
LOAD 0x000000000007e830 0x000000000048e830 0x000000000048e830
0x00000000000057f8 0x000000000000ae98 RW 0x10000
NOTE 0x0000000000000190 0x0000000000400190 0x0000000000400190
0x0000000000000044 0x0000000000000044 R 0x4
TLS 0x000000000007e830 0x000000000048e830 0x000000000048e830
0x0000000000000020 0x0000000000000068 R 0x8
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x10
GNU_RELRO 0x000000000007e830 0x000000000048e830 0x000000000048e830
0x00000000000037d0 0x00000000000037d0 R 0x1
Section to Segment mapping:
Segment Sections...
00 .note.gnu.build-id .note.ABI-tag .rela.plt .init .plt .text __libc_freeres_fn .fini .rodata .stapsdt.base .eh_frame .gcc_except_table
01 .tdata .init_array .fini_array .data.rel.ro .got .got.plt .data __libc_subfreeres __libc_IO_vtables __libc_atexit .bss __libc_freeres_ptrs
02 .note.gnu.build-id .note.ABI-tag
03 .tdata .tbss
04
05 .tdata .init_array .fini_array .data.rel.ro .got
读取Section 节
$ readelf -S test_elf
There are 31 section headers, starting at offset 0x9e7f8:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .note.gnu.bu[...] NOTE 0000000000400190 00000190
0000000000000024 0000000000000000 A 0 0 4
[ 2] .note.ABI-tag NOTE 00000000004001b4 000001b4
0000000000000020 0000000000000000 A 0 0 4
[ 3] .rela.plt RELA 00000000004001d8 000001d8
00000000000000a8 0000000000000018 AI 28 19 8
[ 4] .init PROGBITS 0000000000400280 00000280
0000000000000018 0000000000000000 AX 0 0 4
[ 5] .plt PROGBITS 00000000004002a0 000002a0
0000000000000070 0000000000000000 AX 0 0 16
[ 6] .text PROGBITS 0000000000400340 00000340
0000000000057154 0000000000000000 AX 0 0 64
[ 7] __libc_freeres_fn PROGBITS 00000000004574a0 000574a0
0000000000000b24 0000000000000000 AX 0 0 16
[ 8] .fini PROGBITS 0000000000457fc4 00057fc4
0000000000000014 0000000000000000 AX 0 0 4
[ 9] .rodata PROGBITS 0000000000457fe0 00057fe0
000000000001a0d8 0000000000000000 A 0 0 16
[10] .stapsdt.base PROGBITS 00000000004720b8 000720b8
0000000000000001 0000000000000000 A 0 0 1
[11] .eh_frame PROGBITS 00000000004720c0 000720c0
000000000000ba24 0000000000000000 A 0 0 8
[12] .gcc_except_table PROGBITS 000000000047dae4 0007dae4
00000000000000ee 0000000000000000 A 0 0 1
[13] .tdata PROGBITS 000000000048e830 0007e830
0000000000000020 0000000000000000 WAT 0 0 8
[14] .tbss NOBITS 000000000048e850 0007e850
0000000000000048 0000000000000000 WAT 0 0 8
[15] .init_array INIT_ARRAY 000000000048e850 0007e850
0000000000000010 0000000000000008 WA 0 0 8
[16] .fini_array FINI_ARRAY 000000000048e860 0007e860
0000000000000008 0000000000000008 WA 0 0 8
[17] .data.rel.ro PROGBITS 000000000048e868 0007e868
0000000000003348 0000000000000000 WA 0 0 8
[18] .got PROGBITS 0000000000491bb0 00081bb0
0000000000000438 0000000000000008 WA 0 0 8
[19] .got.plt PROGBITS 0000000000491fe8 00081fe8
0000000000000050 0000000000000008 WA 0 0 8
[20] .data PROGBITS 0000000000492038 00082038
0000000000001910 0000000000000000 WA 0 0 8
[21] __libc_subfreeres PROGBITS 0000000000493948 00083948
0000000000000048 0000000000000000 WAR 0 0 8
[22] __libc_IO_vtables PROGBITS 0000000000493990 00083990
0000000000000690 0000000000000000 WA 0 0 8
[23] __libc_atexit PROGBITS 0000000000494020 00084020
0000000000000008 0000000000000000 WAR 0 0 8
[24] .bss NOBITS 0000000000494028 00084028
0000000000005680 0000000000000000 WA 0 0 8
[25] __libc_freer[...] NOBITS 00000000004996a8 00084028
0000000000000020 0000000000000000 WA 0 0 8
[26] .comment PROGBITS 0000000000000000 00084028
000000000000002b 0000000000000001 MS 0 0 1
[27] .note.stapsdt NOTE 0000000000000000 00084054
00000000000013a4 0000000000000000 0 0 4
[28] .symtab SYMTAB 0000000000000000 000853f8
00000000000124f8 0000000000000018 29 1954 8
[29] .strtab STRTAB 0000000000000000 000978f0
0000000000006dc4 0000000000000000 0 0 1
[30] .shstrtab STRTAB 0000000000000000 0009e6b4
0000000000000144 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
R (retain), D (mbind), p (processor specific)
执行
$ ./test_elf
malloc buffer 0x0x24b04750
$ ps -aux | grep test_elf
user 1615 0.0 0.0 832 4 pts/2 S+ 08:45 0:00 ./test_elf
user 1617 0.0 0.0 6340 1980 pts/1 S+ 08:45 0:00 grep --color=auto test_elf
查看内存映射
$ cat /proc/1615/maps
00400000-0047e000 r-xp 00000000 08:03 525804 /home/user/test/test-elf/test_elf
0048e000-00492000 r--p 0007e000 08:03 525804 /home/user/test/test-elf/test_elf
00492000-00495000 rw-p 00082000 08:03 525804 /home/user/test/test-elf/test_elf
00495000-0049a000 rw-p 00000000 00:00 0
24b03000-24b25000 rw-p 00000000 00:00 0 [heap]
ffff936e0000-ffff936e2000 r--p 00000000 00:00 0 [vvar]
ffff936e2000-ffff936e3000 r-xp 00000000 00:00 0 [vdso]
fffffced0000-fffffcef1000 rw-p 00000000 00:00 0 [stack]
$
参考
Linux 二进制文件格式 ELF 入门
https://mp.weixin.qq.com/s?__biz=MzI0OTIzOTMzMA==&mid=2247488011&idx=1&sn=dd10c68cb928c7eb3777e4b7f7b0444f&chksm=e995d046dee25950feddb17f51f9c869ddbce3e94e567e340e07bcf00922f345032c5d6c173b&scene=21#wechat_redirect
奔跑吧 Linux内核 第二版 卷1 基础架构
扫一扫
7661
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
