我的Linux可执行程序中的段00是什么(64位) [英] what is segment 00 in my Linux executable program (64 bits)

问题描述

这是一个非常简单的汇编程序，执行后只需返回 12 .

Here is a very simple assembly program, just return 12 after executed.

$ cat a.asm
        global _start

        section .text
_start: mov rax, 60    ; system call for exit
        mov rdi, 12    ; exit code 12
        syscall

它可以正确构建和执行:

It can be built and executed correctly:

$ nasm -f elf64 a.asm && ld a.o && ./a.out || echo $?
12

但是a.out的大小很大，超过了4k:

But the size of a.out is big, it is more than 4k:

$ wc -c a.out
4664 a.out

我试图通过阅读小精灵的内容来理解它:

I try to understand it by reading elf content:

$ readelf -l a.out

Elf file type is EXEC (Executable file)
Entry point 0x401000
There are 2 program headers, starting at offset 64

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  LOAD           0x0000000000000000 0x0000000000400000 0x0000000000400000
                 0x00000000000000b0 0x00000000000000b0  R      0x1000
  LOAD           0x0000000000001000 0x0000000000401000 0x0000000000401000
                 0x000000000000000c 0x000000000000000c  R E    0x1000

 Section to Segment mapping:
  Segment Sections...
   00     
   01     .text 

奇怪的是，段00被0x1000对齐，我认为这意味着该段至少将占用4096个字节.

it is strange, segment 00 is aligned by 0x1000, I think it means such segment at least will occupy 4096 bytes.

我的问题是00段是什么?

My question is what is this segment 00?

(nasm版本2.14.02，ld版本2.34，操作系统为Ubuntu 20.04.1)

(nasm version 2.14.02, ld version 2.34, os is Ubuntu 20.04.1)

推荐答案

由于它从文件偏移量零开始，因此可能是填充"文件.引入段以提高ELF的加载效率.实际上， .text 段已在文件中对齐，因为它应该在内存中.

Since it starts at file offset zero, it is probably a "padding" segment introduced to make the loading of the ELF more efficient. The .text segment will, in fact, be already aligned in the file as it should be in memory.

您可以强制ld not 用 -n 对齐内存中和文件中的部分.您还可以使用 -s 去除符号.
这样会将大小减少到大约352个字节.

You can force ld not to align sections both in memory and in the file with -n. You can also strip the symbols with -s.
This will reduce the size to about 352 bytes.

现在，ELF包含:

• ELF标头(必需)
• 程序头表(需要)
• 代码(需要)
• 字符串表(可能不需要)
• 节表(可能不需要)

可以删除字符串表，但是显然 strips 无法做到这一点.我已经手动删除了 .shstrtab 部分数据和所有部分标题，以将大小缩小到144个字节.考虑到64个字节来自ELF标头，60个字节来自单个程序标头，而12个字节来自您的代码；总共136个字节.
额外的8个字节是填充字节，在代码段的末尾有4个字节(易于删除)，在程序标头的末尾有1个字节(这需要一些修补).

The string table can be removed, but apparently strips can't do that. I've removed the .shstrtab section data and all the section headers manually to shrink the size down to 144 bytes. Consider that 64 bytes come from the ELF header, 60 from the single program header and 12 from your code; for a total of 136 bytes.
The extra 8 bytes are padding, 4 bytes at the end of the code section (easy to remove), and one at the end of the program header (which requires a bit of patching).

这篇关于我的Linux可执行程序中的段00是什么(64位)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！