一个可执行的C程序中的段 [英] segments within a executable C program
本文介绍了一个可执行的C程序中的段的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我读到有关章节和片段。看来你可以列出节和段之间的映射关系如下图所示。
$ readelf -l测试ELF文件类型是EXEC(可执行文件)
切入点0x8048330
有9个程序头,起始偏移52程序头:
型胶印VirtAddr PhysAddr FileSiz MemSiz FLG对齐
PHDR 0x000034 0x08048034 0x08048034 0x00120 0x00120řË为0x4
INTERP 0x000154 0x08048154 0x08048154 0x00013 0x00013 - [R为0x1
[请求程序间preTER:/lib/ld-linux.so.2]
LOAD 0x000000处0x08048000 0x08048000 0x0065c 0x0065cřË为0x1000
LOAD 0x000f14 0x08049f14 0x08049f14 0x00104 0x00110 RW为0x1000
动态0x000f28 0x08049f28 0x08049f28 0x000c8 0x000c8 RW为0x4
注0x000168 0x08048168 0x08048168 0x00044 0x00044 - [R为0x4
GNU_EH_FRAME 0x000564 0x08048564 0x08048564 0x00034 0x00034 - [R为0x4
GNU_STACK 0x000000处00000000 00000000 0x00000 0x00000 RW为0x4
GNU_RELRO 0x000f14 0x08049f14 0x08049f14 0x000ec 0x000ec - [R为0x1 科段映射:
段段...
00
01 .interp
02 .interp .note.ABI标签.note.gnu.build-ID的.gnu.hash显.dynsym的.dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .PLT的.text调用.fini。 rodata .eh_frame_hdr .eh_frame
03 .ctors .dtors .jcr。动态.GOT .got.plt。数据的.bss
04。动态
05 .note.ABI标签.note.gnu.build-ID
06 .eh_frame_hdr
07
08 .ctors .dtors .jcr。动态.GOT
我的问题,
- 我不明白是什么程序头是什么意思?他们是如何与段?
- 部分段映射是明确的。但是,可能有人的名字呢?我看到的只是数字。我确定了code SEG(03),数据SEG(02)和堆栈(07)。
解决方案
要了解 readelf 的输出,将帮助您了解一个<$ C格式$ C> ELF 文件。请参考此文档。
据了解如何跨preT的 readelf 此<一个输出href=\"http://www.linuxforums.org/articles/understanding-elf-using-readelf-and-objdump_125.html\">link可能会有所帮助。
至于你的问题2,此链接介绍的段。在该文件中搜索各段存放程序和控制信息:寻找到段名描述的区域
。这文档描述了细分如下:
各段存放程序和控制信息:
的.bss本节认为有助于未初始化的数据
程序的内存映像。根据定义,系统初始化
用零数据时,程序开始运行。本节的
SHT_NOBITS类型。属性类型为SHF_ALLOC和SHF_WRITE。 的.comment该section保存着版本控制信息。本节的
键入SHT_PROGBITS。无属性类型使用。 .ctors此节包含初始化的指针的C ++构造
功能。本节类型SHT_PROGBITS的。属性
类型是SHF_ALLOC和SHF_WRITE。 。数据本节认为有助于程序的初始化数据
内存映像。本节类型SHT_PROGBITS的。属性
类型是SHF_ALLOC和SHF_WRITE。 .data1本节认为有助于程序的初始化数据
内存映像。本节类型SHT_PROGBITS的。属性
类型是SHF_ALLOC和SHF_WRITE。 的.debug本节适用于符号调试信息。内容
未指定。本节类型SHT_PROGBITS的。没有
属性类型被使用。 .dtors此节包含初始化的指针到C ++的析构函数
功能。本节类型SHT_PROGBITS的。属性
类型是SHF_ALLOC和SHF_WRITE。 。动态此部分包含动态链接信息。本节的
属性将包括SHF_ALLOC位。无论SHF_WRITE
位被设置为特定处理器。本节型
SHT_DYNAMIC。见上面的属性。 的.dynstr本节包含所需的动态连接字符串,最常用
这再次present与符号表关联的名称字符串
条目。本节类型SHT_STRTAB的。属性类型
采用的是SHF_ALLOC。 显.dynsym本节包含动态链接符号表。本节
是类型SHT_DYNSYM的。使用的属性是SHF_ALLOC。 调用.fini本节认为有助于可执行指令
进程终止code。当一个程序正常退出系统
安排在本节执行code。本节的
键入SHT_PROGBITS。使用的属性是SHF_ALLOC和
SHF_EXECINSTR。 .gnu.version
此节包含的版本符号表,ElfN_Half数组
元素。本节类型SHT_GNU_versym的。属性
使用类型为SHF_ALLOC。 .gnu.version_d
此节包含的版本符号定义的表
ElfN_Verdef结构。本节类型SHT_GNU_verdef的。
使用的属性类型SHF_ALLOC。 .gnu.version_r
此节包含的版本符号需要的元素,的表
ElfN_Verneed结构。本节类型SHT_GNU_versym的。
使用的属性类型SHF_ALLOC。 即.got该section保存着全局偏移表。本节型
SHT_PROGBITS。这些属性是特定处理器。 .hash此节包含一个符号哈希表。本节型
SHT_HASH。使用的属性是SHF_ALLOC。 .init本节认为有助于可执行指令
进程初始化code。当一个程序开始运行
系统安排本节之前调用执行code
主程序入口点。本节类型SHT_PROGBITS的。
使用的属性是SHF_ALLOC和SHF_EXECINSTR。 .interp本节保持节目间preTER的路径名。如果
文件有一个可装载段包含一节,该节的
属性将包括SHF_ALLOC位。否则,该位将
离开。本节类型SHT_PROGBITS的。 .line本节适用于符号调试行号信息,
它描述了程序的源和之间的对应关系
该机code。内容是不确定的。本节的
键入SHT_PROGBITS。无属性类型使用。 。注意这部分持有注意部分格式的信息。这个
部分类型SHT_NOTE的。无属性类型使用。 OpenBSD系统
本地可执行文件通常包含一个.note.openbsd.ident节
表明身份,内核绕过任何兼容性ELF
二进制模拟试验加载文件时。 .note.GNU堆栈
这部分是在Linux中的目标文件用于声明堆栈
属性。本节类型SHT_PROGBITS的。唯一的
使用的属性是SHF_EXECINSTR。这表明对GNU链接
该对象文件需要可执行栈。 .PLT这部分保存过程链接表。本节的
键入SHT_PROGBITS。这些属性是特定处理器。 如下所述.relNAME本节包含重定位信息。如果
该文件有一个可装载段,包括搬迁,则
节的属性将包括SHF_ALLOC位。否则,
位将关闭。按照惯例,NAME是由部供给
到了搬迁申请。因此,对于一个的.text部分搬迁
通常将有名称.rel.text。本节型
SHT_REL。 如下所述.relaNAME本节包含重定位信息。如果
该文件有一个可装载段,包括搬迁,则
节的属性将包括SHF_ALLOC位。否则,
位将关闭。按照惯例,NAME是由部供给
到了搬迁申请。因此,对于一个的.text部分搬迁
通常将有名称.rela.text。本节型
SHT_RELA。 .RODATA此节包含只读通常有助于数据
不可写的段过程映像中。本节型
SHT_PROGBITS。使用的属性是SHF_ALLOC。 .rodata1此节包含只读通常有助于数据
不可写的段过程映像中。本节型
SHT_PROGBITS。使用的属性是SHF_ALLOC。 .shstrtab此节包含节名。本节型
SHT_STRTAB。无属性类型使用。 .strtab此节包含字符串,一般是重新present琴弦
与符号表关联的名称。如果文件中有一个
可装入段包括符号串的表,该
节的属性将包括SHF_ALLOC位。否则,
位将关闭。本节类型SHT_STRTAB的。 的.symtab此节包含一个符号表。如果该文件有一个可装载
段,其包括符号表中,节的属性
将包括SHF_ALLOC位。否则,该位将被关闭。
本节类型SHT_SYMTAB的。 的.text该section保存着的文,或可执行的指令,
程序。本节类型SHT_PROGBITS的。使用的属性
是SHF_ALLOC和SHF_EXECINSTR。
I was reading about sections and segments. Seems you could list the mapping between sections and segments as below.
$ readelf -l test
Elf file type is EXEC (Executable file)
Entry point 0x8048330
There are 9 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x08048034 0x08048034 0x00120 0x00120 R E 0x4
INTERP 0x000154 0x08048154 0x08048154 0x00013 0x00013 R 0x1
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD 0x000000 0x08048000 0x08048000 0x0065c 0x0065c R E 0x1000
LOAD 0x000f14 0x08049f14 0x08049f14 0x00104 0x00110 RW 0x1000
DYNAMIC 0x000f28 0x08049f28 0x08049f28 0x000c8 0x000c8 RW 0x4
NOTE 0x000168 0x08048168 0x08048168 0x00044 0x00044 R 0x4
GNU_EH_FRAME 0x000564 0x08048564 0x08048564 0x00034 0x00034 R 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
GNU_RELRO 0x000f14 0x08049f14 0x08049f14 0x000ec 0x000ec R 0x1
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
04 .dynamic
05 .note.ABI-tag .note.gnu.build-id
06 .eh_frame_hdr
07
08 .ctors .dtors .jcr .dynamic .got
My questions,
- I couldn't understand what the program headers mean? How are they related to segments?
- Section to segment mapping is clear. But could someone name it? I see only numbers. I identified the code seg (03), data seg (02) and stack (07).
解决方案
To understand the output of readelf it will help for you to understand the format of an ELF file. Please reference this document.
As far as understanding how to interpret the output of readelf this link may be of help.
As to your question 2, this link describes the segments. In that document search for "Various sections hold program and control information:" to find the area where the segment names are described.
That document describes the segments as follows:
Various sections hold program and control information:
.bss This section holds uninitialized data that contributes to the
program's memory image. By definition, the system initializes the
data with zeros when the program begins to run. This section is of
type SHT_NOBITS. The attribute types are SHF_ALLOC and SHF_WRITE.
.comment This section holds version control information. This section is of
type SHT_PROGBITS. No attribute types are used.
.ctors This section holds initialized pointers to the C++ constructor
functions. This section is of type SHT_PROGBITS. The attribute
types are SHF_ALLOC and SHF_WRITE.
.data This section holds initialized data that contribute to the program's
memory image. This section is of type SHT_PROGBITS. The attribute
types are SHF_ALLOC and SHF_WRITE.
.data1 This section holds initialized data that contribute to the program's
memory image. This section is of type SHT_PROGBITS. The attribute
types are SHF_ALLOC and SHF_WRITE.
.debug This section holds information for symbolic debugging. The contents
are unspecified. This section is of type SHT_PROGBITS. No
attribute types are used.
.dtors This section holds initialized pointers to the C++ destructor
functions. This section is of type SHT_PROGBITS. The attribute
types are SHF_ALLOC and SHF_WRITE.
.dynamic This section holds dynamic linking information. The section's
attributes will include the SHF_ALLOC bit. Whether the SHF_WRITE
bit is set is processor-specific. This section is of type
SHT_DYNAMIC. See the attributes above.
.dynstr This section holds strings needed for dynamic linking, most commonly
the strings that represent the names associated with symbol table
entries. This section is of type SHT_STRTAB. The attribute type
used is SHF_ALLOC.
.dynsym This section holds the dynamic linking symbol table. This section
is of type SHT_DYNSYM. The attribute used is SHF_ALLOC.
.fini This section holds executable instructions that contribute to the
process termination code. When a program exits normally the system
arranges to execute the code in this section. This section is of
type SHT_PROGBITS. The attributes used are SHF_ALLOC and
SHF_EXECINSTR.
.gnu.version
This section holds the version symbol table, an array of ElfN_Half
elements. This section is of type SHT_GNU_versym. The attribute
type used is SHF_ALLOC.
.gnu.version_d
This section holds the version symbol definitions, a table of
ElfN_Verdef structures. This section is of type SHT_GNU_verdef.
The attribute type used is SHF_ALLOC.
.gnu.version_r
This section holds the version symbol needed elements, a table of
ElfN_Verneed structures. This section is of type SHT_GNU_versym.
The attribute type used is SHF_ALLOC.
.got This section holds the global offset table. This section is of type
SHT_PROGBITS. The attributes are processor specific.
.hash This section holds a symbol hash table. This section is of type
SHT_HASH. The attribute used is SHF_ALLOC.
.init This section holds executable instructions that contribute to the
process initialization code. When a program starts to run the
system arranges to execute the code in this section before calling
the main program entry point. This section is of type SHT_PROGBITS.
The attributes used are SHF_ALLOC and SHF_EXECINSTR.
.interp This section holds the pathname of a program interpreter. If the
file has a loadable segment that includes the section, the section's
attributes will include the SHF_ALLOC bit. Otherwise, that bit will
be off. This section is of type SHT_PROGBITS.
.line This section holds line number information for symbolic debugging,
which describes the correspondence between the program source and
the machine code. The contents are unspecified. This section is of
type SHT_PROGBITS. No attribute types are used.
.note This section holds information in the "Note Section" format. This
section is of type SHT_NOTE. No attribute types are used. OpenBSD
native executables usually contain a .note.openbsd.ident section to
identify themselves, for the kernel to bypass any compatibility ELF
binary emulation tests when loading the file.
.note.GNU-stack
This section is used in Linux object files for declaring stack
attributes. This section is of type SHT_PROGBITS. The only
attribute used is SHF_EXECINSTR. This indicates to the GNU linker
that the object file requires an executable stack.
.plt This section holds the procedure linkage table. This section is of
type SHT_PROGBITS. The attributes are processor specific.
.relNAME This section holds relocation information as described below. If
the file has a loadable segment that includes relocation, the
section's attributes will include the SHF_ALLOC bit. Otherwise the
bit will be off. By convention, "NAME" is supplied by the section
to which the relocations apply. Thus a relocation section for .text
normally would have the name .rel.text. This section is of type
SHT_REL.
.relaNAME This section holds relocation information as described below. If
the file has a loadable segment that includes relocation, the
section's attributes will include the SHF_ALLOC bit. Otherwise the
bit will be off. By convention, "NAME" is supplied by the section
to which the relocations apply. Thus a relocation section for .text
normally would have the name .rela.text. This section is of type
SHT_RELA.
.rodata This section holds read-only data that typically contributes to a
nonwritable segment in the process image. This section is of type
SHT_PROGBITS. The attribute used is SHF_ALLOC.
.rodata1 This section holds read-only data that typically contributes to a
nonwritable segment in the process image. This section is of type
SHT_PROGBITS. The attribute used is SHF_ALLOC.
.shstrtab This section holds section names. This section is of type
SHT_STRTAB. No attribute types are used.
.strtab This section holds strings, most commonly the strings that represent
the names associated with symbol table entries. If the file has a
loadable segment that includes the symbol string table, the
section's attributes will include the SHF_ALLOC bit. Otherwise the
bit will be off. This section is of type SHT_STRTAB.
.symtab This section holds a symbol table. If the file has a loadable
segment that includes the symbol table, the section's attributes
will include the SHF_ALLOC bit. Otherwise the bit will be off.
This section is of type SHT_SYMTAB.
.text This section holds the "text", or executable instructions, of a
program. This section is of type SHT_PROGBITS. The attributes used
are SHF_ALLOC and SHF_EXECINSTR.
这篇关于一个可执行的C程序中的段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
