在C中访问ELF符号表 [英] Accessing ELF symbol table in C

问题描述

我正在编写一个模仿elfdump -ecps

当前它正确地打印出了elf头，程序头和节头，但是我卡在了符号表的最后几部分.

It currently prints out the elf header, program headers, and section headers correctly, but I'm stuck on the last few parts of the symbol table.

所需的输出格式为:

Symbol Table Section:  .dynsym
 index    value      size      type bind oth ver shndx          name
   [0]  0x00000000 0x00000000  NOTY LOCL  D    0 UNDEF          
   [1]  0x00025c0c 0x00000000  FUNC GLOB  D    2 UNDEF          .udiv
   [2]  0x00025e00 0x00000140  OBJT WEAK  D    1 .bss           _iob
   [3]  0x00025b24 0x00000000  OBJT GLOB  P    1 .got           _GLOBAL_OFFSET_TABLE_
   [4]  0x00013a44 0x0000001c  FUNC GLOB  D    1 .init          _init
...

您能告诉我在哪里找到oth，ver，shndx和名称吗?

can you tell me where the oth, ver, shndx, and name are found?

到目前为止，我正在使用以下内容进行打印:

so far, I am printing it out with the following:

//for each entry in the symbol table
for(i=0; i<num_sym; i++)
{
    //read the current symbol
    fread(&mysym,sizeof(Elf32_Sym),1,fp);
idx=mysym.st_name;

    //multiple lines to get formatting correct
    //prints index in brackets right aligned
    char buf[12];
    sprintf(buf, "[%d]", i);
    printf("%10s", buf);

    //value
    printf("  0x%.8x", mysym.st_value);
    //size
    printf(" 0x%.8x", mysym.st_size);

    //type
    switch (ELF32_ST_TYPE(mysym.st_info)) {
        case 0:
            printf("  NOTY");
            break;
        case 1:
            printf("  OBJT");
            break;
        case 2:
            printf("  FUNC");
            break;
        case 3:
            printf("  SECT");
            break;
        case 4:
            printf("  FILE");
            break;

        default:
            break;
    }

    //bind
    switch(ELF32_ST_BIND(mysym.st_info))
    {
        case 0: printf(" LOCL");
            break;
        case 1: printf(" GLOB");
            break;
        case 2: printf(" WEAK");
            break;
        case 3: printf("  NUM");
            break;

        default:
            break;
    }
    //TODO: oth
    //TODO: ver
    //TODO: shndx
    //TODO: name

}

我一直在阅读 http://docs.oracle.com/cd/E19457-01/801-6737/801-6737.pdf (第5章)，但找不到任何有用的东西

I have been reading through http://docs.oracle.com/cd/E19457-01/801-6737/801-6737.pdf (chapter 5) but have not been able to find anything helpful

推荐答案

Symbol Table主要涵盖在您链接到该文档的第119页上的Symbol Table中.

This is mostly covered under Symbol Table starting on page 119 of that document you link to.

实际上具有您需要的结构:

typedef struct {
    Elf32_Word    st_name;
    Elf32_Addr    st_value;
    Elf32_Word    st_size;
    unsigned char st_info;
    unsigned char st_other;
    Elf32_Half    st_shndx;
} Elf32_Sym;

以及有关如何查找链接条目信息的详细信息(特别是从st_name结构字段中查找名称的方法).

along with details on how to find the information for linked entries (specifically the means for finding the name from the st_name structure field).

不幸的是，该文档似乎没有涵盖某些事物的来源(例如版本)，因此，当我尝试模拟具有可用源的另一个程序时，我 go 到来源-确实没有更多比那更确定:-)

Unfortunately, that document doesn't seem to cover where certain things come from (version, for example) so, when I'm trying to emulate another program that has the source available, I go to the source - there really isn't anything more definitive than that :-)

从该文件的第1665行开始，您找到elf_print_symtab()函数，该函数负责输出您感兴趣的信息.它调用get_versym()获取该信息，并从第1632行的代码中，您可以看到它为此使用了不同的部分(版本符号部分).

Starting on line 1665 of that file, you find the elf_print_symtab() function, which is responsible for outputting the information you're interested in. It calls get_versym() to get that information and, from that code on line 1632, you can see it uses a different section for that (the version symbol section).

而且，如此处，该节类型被认为是特定于操作系统的节类型，这就是为什么您不会在基本标准中找到它的原因，该基本标准仅涉及常见内容.

And, as can be seen here, that section type is considered one of the OS-specific ones, which is why you won't find it in the base standard, which concerns itself only with the common stuff.

这篇关于在C中访问ELF符号表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！