其中ELF文件的一部分，必须加载到内存？ [英] which part of ELF file must be loaded into the memory?

问题描述

可执行文件的ELF文件有一个程序（段）报头和节头，可以通过 readelf -a 中可以看出，这里是一个例子：

An ELF file for executables has a program (segment) header and a section header, which can be seen through readelf -a, here is an example:

上面的两张图片分别是节头和程序（段）的头。可以看出，一个段首标是由几个部分标头，其用于装载程序到内存中的

The two pictures above are section header and program (segment) header, respectively. It can be seen that a segment header is composed of several section headers, which is used for loading program into the memory.

难道仅仅是必要的.text，.RODATA，.data和.bss段被加载到内存？

Is it only necessary for .text, .rodata, .data, .bss sections to be loaded into the memory?

是否所有在该段中用于对准的其他部分（例如.ctors，.dtors .jcr在第三链段）的

Are all of the other sections in the segment (e.g. .ctors, .dtors .jcr in the 3rd segment) used for aligning?

推荐答案

段和段是完全两个不同的概念。部分涉及存储在那里的​​数据的语义（即它所将用于）和实际上是不相关的，一旦一个程序或共享库链接，除了调试目的。你甚至可以完全删除该节头（或者是随机的垃圾覆盖它们）和程序仍然会正常工作。

Sections and segments are two different concepts completely. Sections pertain the the semantics of the data stored there (i.e. what it will be used for) and are actually irrelevant once a program or shared library is linked except for debugging purposes. You could even remove the section headers entirely (or overwrite them with random garbage) and a program would still work.

段（即程序头负载指令）是内核和/或动态链接实际上看起来加载程序时在。例如，你的情况，你有两个负载指令。第一个使文件的第一个4K（1页），以在地址0x08048000映射，并表示只在第一0x4b8字节这种映射，实际上要使用（其余是对齐）。第二导致文件的第一8K（2页），以在地址0x08049000进行映射。绝大多数是对齐。第一0xf14字节不是负载指令（只是对齐）的一部分，将被浪费。在0x08049f14开始，从文件中映射量0x108字节被实际使用，而另一个为0x10字节（达到量0x118的MEMSIZE）是由加载程序（内核或动态链接）零填充。这个跨度达0x0804a02c（在第二映射页）。第二映射页面的其余部分未使用/浪费（但的malloc 也许能够恢复它用作堆的一部分）。

Segments (i.e. program header load directives) are what the kernel and/or dynamic linker actually look at when loading a program. For example, in your case you have two load directives. The first one causes the first 4k (1 page) of the file to be mapped at address 0x08048000, and indicates that only the first 0x4b8 bytes of this mapping are actually to be used (the rest is alignment). The second causes the first 8k (2 pages) of the file to be mapped at address 0x08049000. The vast majority of that is alignment. The first 0xf14 bytes are not part of the load directive (just alignment) and will be wasted. Beginning at 0x08049f14, 0x108 bytes mapped from the file are actually used, and another 0x10 bytes (to reach the MemSize of 0x118) are zero-filled by the loader (kernel or dynamic linker). This spans up to 0x0804a02c (in the second mapped page). The rest of the second mapped page is unused/wasted (but malloc might be able to recover it for use as part of the heap).

最后，虽然部分头根本不会使用，许多不同部分的内容可能会被你的程序，而它的运行使用。需要注意的是的地址范围 .ctors 和 .dtors 横亘在第二负载映射的开始，所以他们是映射并在运行时通过程序访问（在运行时启动/退出code将用它们来运行全局构造和析构函数，如果C ++或GNU C$ C $与男星C /使用析构函数属性）。还要注意的是。数据起始地址0x0804a00c，在第二页映射。这使得被保护的第一页只读后，重定位应用（程序头的RELRO指令）。

Finally, while the section headers will not be used at all, the contents of many different sections may be used by your program while it's running. Note that the address ranges of .ctors and .dtors lie in the beginning of the second load mapping, so they are mapped and accessible by the program at runtime (the runtime startup/exit code will use them to run global constructors and destructors, if C++ or "GNU C" code with ctor/dtor attribute was used). Also note that .data starts at address 0x0804a00c, in the second mapped page. This allows the first page to be protected read-only after relocations are applied (the RELRO directive in the program header).

这篇关于其中ELF文件的一部分，必须加载到内存？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！