R_386_32/R_386_PC32在elf的.rel.text部分中的含义 [英] meaning of R_386_32/R_386_PC32 in .rel.text section of elf
问题描述
要了解搬迁的概念,我编写了一个简单的chk.c程序,如下所示:
to understand the concept of relocation, i wrote a simple chk.c program as follows :
1 #include<stdio.h>
2 main(){
3 int x,y,sum;
4 x = 3;
5 y = 4;
6 sum = x + y;
7 printf("sum = %d\n",sum);
8 }
使用"objdump -d chk.o"的等效汇编代码是:
its equivalent assembly code, using "objdump -d chk.o" is :
00000000 <main>:
0: 55 push %ebp
1: 89 e5 mov %esp,%ebp
3: 83 e4 f0 and $0xfffffff0,%esp
6: 83 ec 20 sub $0x20,%esp
9: c7 44 24 1c 03 00 00 movl $0x3,0x1c(%esp)
10: 00
11: c7 44 24 18 04 00 00 movl $0x4,0x18(%esp)
18: 00
19: 8b 44 24 18 mov 0x18(%esp),%eax
1d: 8b 54 24 1c mov 0x1c(%esp),%edx
21: 8d 04 02 lea (%edx,%eax,1),%eax
24: 89 44 24 14 mov %eax,0x14(%esp)
28: b8 00 00 00 00 mov $0x0,%eax
2d: 8b 54 24 14 mov 0x14(%esp),%edx
31: 89 54 24 04 mov %edx,0x4(%esp)
35: 89 04 24 mov %eax,(%esp)
38: e8 fc ff ff ff call 39 <main+0x39>
3d: c9 leave
3e: c3 ret
使用readelf看到的
和.rel.text部分如下:
and .rel.text section seen using readelf is as follows :
Relocation section '.rel.text' at offset 0x360 contains 2 entries:
Offset Info Type Sym.Value Sym. Name
00000029 00000501 R_386_32 00000000 .rodata
00000039 00000902 R_386_PC32 00000000 printf
基于此,我有以下问题:
i have following questions based on this :
1)从.rel.text节的第二个条目开始,我能够理解,必须将.text节中偏移量0x39的值(此处为0xfcffffff)替换为与该符号的索引9相关联的符号地址表格(&表示为printf).但是我不能在这里清楚地理解0x02(ELF32_R_TYPE)的含义. R_386_PC32在这里指定了什么?任何人都可以清楚地解释其含义.
1) from 2nd entry in .rel.text section, i am able to understand that value at offset 0x39 in .text section (which is 0xfcffffff here) has to be replaced with address of a symbol associated with index 9 of symbol table (& that comes out to be printf). But i am not able to clearly understand the meaning of 0x02 (ELF32_R_TYPE) here. What does R_386_PC32 specify here ? Can anyone please explain its meaning clearly.
2)我也无法理解第一个条目.在.text节中偏移量为0x29的位置需要替换的内容,以及在此处不清楚的原因.同样,我想在这里知道R_386_32的含义.我找到了一个pdf elf_format.pdf,但是我无法从中清楚地了解.rel.text部分中"Type"的含义.
2) i am also not able to understand the 1st entry. what needs to be replaced at offset of 0x29 in .text section and why is not clear here. Again i want to know the meaning of R_386_32 here. i found one pdf elf_format.pdf, but i am not able to clearly understand the meaning of "Type" in .rel.text section from that.
3)我也想知道Assembly inst"lea(%edx,%eax,1),%eax"的含义.尽管我发现一个很好的链接( LEA指令的目的是什么?)描述了lea的含义,但是lea的格式(3个arg的内括号)不清楚.
3) Also i want to know the meaning of assembly inst "lea (%edx,%eax,1),%eax". Though i found a very good link (What's the purpose of the LEA instruction?) describing the meaning of lea, but the format of lea (what are 3 arg's inside brackets) is not clear.
如果任何人都可以清楚地解释上述问题的答案,将不胜感激.尽管我在Google上进行了很多尝试,但我仍在努力寻找这些问题的答案.
if anyone can clearly explain the answers of above questions, it will be greatly appreciated. i am still struggling to find the answers to these questions,though i have tried a lot with google.
另一个问题.我已经在下面显示了偏移量5和9的符号表条目.
one more question. i have shown the symbol table entries for both offset 5 and 9 below.
Num: Value Size Type Bind Vis Ndx Name
5: 00000000 0 SECTION LOCAL DEFAULT 5
9: 00000000 0 NOTYPE GLOBAL DEFAULT UND printf'
.rel.text表中第一个条目的信息字段是0x05,它指示符号表的索引.我已经显示了上面索引5的符号表条目,但是无法理解它如何告诉我们.rodata.
The info field for the first entry in .rel.text table is 0x05 which indicates the index of symbol table. I have shown the symbol table entry for index 5 above, but not able to understand how that tells us that it is for .rodata .
推荐答案
1),2):R_386_32是将符号的绝对32位地址放入指定位置的重定位内存位置. R_386_PC32是一种重定位,它将符号的 PC相对于PC的32位地址放入指定的存储位置.如此处所示,R_386_32对于静态数据很有用,因为编译器只是将重定位的符号地址加载到某个寄存器中,然后将其视为指针. R_386_PC32对于函数引用很有用,因为它可以用作call的直接参数.有关示例,请参见 elf_machdep.c 重定位的处理方式.
1), 2): R_386_32 is a relocation that places the absolute 32-bit address of the symbol into the specified memory location. R_386_PC32 is a relocation that places the PC-relative 32-bit address of the symbol into the specified memory location. R_386_32 is useful for static data, as shown here, since the compiler just loads the relocated symbol address into some register and then treats it as a pointer. R_386_PC32 is useful for function references since it can be used as an immediate argument to call. See elf_machdep.c for an example of how the relocations are processed.
3)lea (%edx,%eax,1),%eax如果用C语法表示,则仅表示%eax = %edx + 1*%eax.在这里,它基本上是用来代替add操作码的.
3) lea (%edx,%eax,1),%eax means simply %eax = %edx + 1*%eax if expressed in C syntax. Here, it's basically being used as a substitute for the add opcode.
这是一个示例.
假定您的代码从0x401000开始加载到内存中,字符串"sum = %d\n"在0x401800(在.rodata部分的开头)结束,并且printf在libc中的0x1400ab80.
Suppose your code gets loaded into memory starting at 0x401000, that the string "sum = %d\n" ends up at 0x401800 (at the start of the .rodata section), and that printf is at 0x1400ab80, in libc.
然后,将R_386_32重定位到0x29将把字节00 18 40 00放置在0x401029(仅复制符号的绝对地址),从而使指令位于0x401028
Then, the R_386_32 relocation at 0x29 will place the bytes 00 18 40 00 at 0x401029 (simply copying the absolute address of the symbol), making the instruction at 0x401028
401028: b8 00 18 40 00 mov $0x401800,%eax
R_386_PC32重定位在0x39处将字节43 9b c0 13放置在0x401039(值0x1400ab80-0x40103d = 0x13c09b43以十六进制表示)
The R_386_PC32 relocation at 0x39 places the bytes 43 9b c0 13 at 0x401039 (the value 0x1400ab80 - 0x40103d = 0x13c09b43 in hex), making that instruction
401038: e8 43 9b c0 13 call $0x1400ab80 <printf>
我们减去0x40103d来计算%pc的值(这是call之后的指令的地址).
We subtract 0x40103d to account for the value of %pc (which is the address of the instruction after call).
这篇关于R_386_32/R_386_PC32在elf的.rel.text部分中的含义的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
