如何解读ELF可执行文件中的动态符号表？ [英] How to interpret the dynamic symbol table in an ELF executable?

问题描述

我正在寻找解释ELF可执行文件的动态符号表（.dynsym）。我可以使用'value'属性成功解释符号表 .symtab （每个符号16个字节）来表示符号的地址，'name'属性表示字符串开始的偏移量在 .strtab 部分。但是我无法使用相同的方法解释动态符号表（.dynsym）。我用阿里的博客[1]作为参考。

I was looking at interpreting the dynamic symbol table (.dynsym) of an ELF executable file. I could successfully interpret the symbol table .symtab (16 bytes for each symbol) using the 'value' attribute to denote the address of the symbol and 'name' attribute to denote the offset of the start of string in .strtab section. But I'm unable to interpret the dynamic symbol table (.dynsym) using the same method. I used Ali's blog [1] for reference.

我看了另一个阿里的博客[2]，但是我不明白如何解释动态符号表使用哈希表。显然，它不是与符号表使用的映射相同。我应该如何解释动态符号表（.dynsym）？

I looked at another blog of Ali's [2] but I'm not understand as to how to interpret the dynamic symbol table using the hash table. Clearly it isn't the same mapping as used by the symbol table. How should I interpret the dynamic symbol table (.dynsym)?

另外，我正在查看的ELF可执行文件有两个部分，即 .hash 和 .gnu.hash 。我参考哈希值的哪个部分？

Also, the ELF executable which I'm looking at has two sections, namely .hash and .gnu.hash. Which section do I refer for the hash values?

[1] http://blogs.oracle.com/ali/entry/inside_elf_symbol_tables

[2] http://blogs.oracle.com/ali/entry/gnu_hash_elf_sections

感谢和问候，< br>
Hrishikesh Murali

Thanks and Regards,
Hrishikesh Murali

推荐答案

从ELF规范中，使用以下结构定义每个符号：

From ELF specification, each symbol is defined using the following structure:

typedef struct {
      Elf32_Word
      Elf32_Addr
      Elf32_Word
      unsigned char
      unsigned char
      Elf32_Half
} Elf32_Sym;

所以一般来说这将是16个字节。动态和静态符号表使用相同的结构，因此解析此表对于静态和链接来说是一样的。当然，值的含义并不总是相同的。

So in general this will be 16 bytes. The dynamic and static symbol table use the same structure, so parsing this table is just the same for static and linking. Of course the meaning of the values aren't always the same.

您可以通过两种方式达到符号表中的符号。首先，如果您已经知道符号索引，那么可以直接转到该索引。但是有些时候你没有符号索引，你只有一个符号名称，实际上你想检查符号表是否有一个符号与该名称的定义。在第二种情况下，您可以使用散列部分。这些用于快速检查符号表中是否存在符号：symbol-name - > hash - > symb_index - >检查symbol_table [symb_index] == symbol-name。

You can reach a symbol in the symbol table by two means. First, if you already know the symbol index you can just go to that index. But some times you doesn't have the symbol index, you have only a symbol name and in fact you wanna check if the symbol table has a definition for a symbol with that name. In this second situation you use the hash sections. Those are used to quick check if a symbol is present in a symbol table: symbol-name -> hash -> symb_index -> check if symbol_table[symb_index] == symbol-name.

这篇关于如何解读ELF可执行文件中的动态符号表？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！