注册 登录  
 加关注
查看详情
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

天马行空

宠辱不惊,闲看庭前花开花落;去留无意,漫观天外云展云舒……

 
 
 

日志

 
 
 
 

Linux 查看 elf可执行文件格式的两个命令  

2012-07-23 18:16:54|  分类: LINUX |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
本文引用: http://www.pczgc.com/linux/201109/41420.html 仅学习之用

应用 objdump 和readelf 两个下令 ,我们可以看到elf的各个节段的 信息尚有 运行时必要 那些动态链接库,elf中的汇编代码等等。 我就是想用来查察 这个elf运行必要 哪些 *.so 文件


#include<stdio.h>

int test()
{
return 0;
}
int main(void)
{
int i;
int j =0;

//printf ("sizeof (int)=%d\n",sizeof (int));
if ( i = j )
     printf ("\ntrue\n",i);
return 0;
}


gcc main.c 编译后,

widebright@widebright:~/桌面$ readelf -a a.out 
ELF Header:
Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 
Class:                             ELF32
Data:                              2's complement, little endian
Version:                           1 (current)
OS/ABI:                            UNIX - System V
ABI Version:                       0
Type:                              EXEC (Executable file)
Machine:                           Intel 80386
Version:                           0x1
Entry point address:               0x8048310
Start of program headers:          52 (bytes into file)
Start of section headers:          5996 (bytes into file)
Flags:                             0x0
Size of this header:               52 (bytes)
Size of program headers:           32 (bytes)
Number of program headers:         8
Size of section headers:           40 (bytes)
Number of section headers:         36
Section header string table index: 33

Section Headers:
[Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
[ 0]                   NULL            00000000 000000 000000 00      0   0 0
[ 1] .interp           PROGBITS        08048134 000134 000013 00   A 0   0 1
[ 2] .note.ABI-tag     NOTE            08048148 000148 000020 00   A 0   0 4
[ 3] .hash             HASH            08048168 000168 000028 04   A 5   0 4
[ 4] .gnu.hash         GNU_HASH        08048190 000190 000020 04   A 5   0 4
[ 5] .dynsym           DYNSYM          080481b0 0001b0 000050 10   A 6   1 4
[ 6] .dynstr           STRTAB          08048200 000200 00004c 00   A 0   0 1
[ 7] .gnu.version      VERSYM          0804824c 00024c 00000a 02   A 5   0 2
[ 8] .gnu.version_r    VERNEED         08048258 000258 000020 00   A 6   1 4
[ 9] .rel.dyn          REL             08048278 000278 000008 08   A 5   0 4
[10] .rel.plt          REL             08048280 000280 000018 08   A 5 12 4
[11] .init             PROGBITS        08048298 000298 000030 00 AX 0   0 4
[12] .plt              PROGBITS        080482c8 0002c8 000040 04 AX 0   0 4
[13] .text             PROGBITS        08048310 000310 0001ac 00 AX 0   0 16
[14] .fini             PROGBITS        080484bc 0004bc 00001c 00 AX 0   0 4
[15] .rodata           PROGBITS        080484d8 0004d8 00000f 00   A 0   0 4
[16] .eh_frame         PROGBITS        080484e8 0004e8 000004 00   A 0   0 4
[17] .ctors            PROGBITS        08049f0c 000f0c 000008 00 WA 0   0 4
[18] .dtors            PROGBITS        08049f14 000f14 000008 00 WA 0   0 4
[19] .jcr              PROGBITS        08049f1c 000f1c 000004 00 WA 0   0 4
[20] .dynamic          DYNAMIC         08049f20 000f20 0000d0 08 WA 6   0 4
[21] .got              PROGBITS        08049ff0 000ff0 000004 04 WA 0   0 4
[22] .got.plt          PROGBITS        08049ff4 000ff4 000018 04 WA 0   0 4
[23] .data             PROGBITS        0804a00c 00100c 000008 00 WA 0   0 4
[24] .bss              NOBITS          0804a014 001014 000008 00 WA 0   0 4
[25] .comment          PROGBITS        00000000 001014 0000fc 00      0   0 1
[26] .debug_aranges    PROGBITS        00000000 001110 000070 00      0   0 8
[27] .debug_pubnames   PROGBITS        00000000 001180 000025 00      0   0 1
[28] .debug_info       PROGBITS        00000000 0011a5 0001b5 00      0   0 1
[29] .debug_abbrev     PROGBITS        00000000 00135a 000083 00      0   0 1
[30] .debug_line       PROGBITS        00000000 0013dd 000180 00      0   0 1
[31] .debug_str        PROGBITS        00000000 00155d 00008e 01 MS 0   0 1
[32] .debug_ranges     PROGBITS        00000000 0015f0 000040 00      0   0 8
[33] .shstrtab         STRTAB          00000000 001630 000139 00      0   0 1
[34] .symtab           SYMTAB          00000000 001d0c 0004b0 10     35 54 4
[35] .strtab           STRTAB          00000000 0021bc 000213 00      0   0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)

There are no section groups in this file.



Dynamic section at offset 0xf20 contains 21 entries: 用 readelf -d 下令 可以单独查察 这个Dynamic section
Tag        Type                         Name/Value
0x00000001 (NEEDED)                     Shared library: [libc.so.6]   必要 的动态链接库
0x0000000c (INIT)                       0x8048298
0x0000000d (FINI)                       0x80484bc
0x00000004 (HASH)                       0x8048168
0x6ffffef5 (GNU_HASH)                   0x8048190
0x00000005 (STRTAB)                     0x8048200
0x00000006 (SYMTAB)                     0x80481b0
0x0000000a (STRSZ)                      76 (bytes)
0x0000000b (SYMENT)                     16 (bytes)
0x00000015 (DEBUG)                      0x0
0x00000003 (PLTGOT)                     0x8049ff4
0x00000002 (PLTRELSZ)                   24 (bytes)
0x00000014 (PLTREL)                     REL
0x00000017 (JMPREL)                     0x8048280
0x00000011 (REL)                        0x8048278
0x00000012 (RELSZ)                      8 (bytes)
0x00000013 (RELENT)                     8 (bytes)
0x6ffffffe (VERNEED)                    0x8048258
0x6fffffff (VERNEEDNUM)                 1
0x6ffffff0 (VERSYM)                     0x804824c
0x00000000 (NULL)                       0x0

Relocation section '.rel.dyn' at offset 0x278 contains 1 entries:
Offset     Info    Type            Sym.Value Sym. Name
08049ff0 00000106 R_386_GLOB_DAT    00000000   __gmon_start__

Relocation section '.rel.plt' at offset 0x280 contains 3 entries:
Offset     Info    Type            Sym.Value Sym. Name
0804a000 00000107 R_386_JUMP_SLOT   00000000   __gmon_start__
0804a004 00000207 R_386_JUMP_SLOT   00000000   __libc_start_main
0804a008 00000307 R_386_JUMP_SLOT   00000000   printf

There are no unwind sections in this file.

Symbol table '.dynsym' contains 5 entries:
   Num:    Value Size Type    Bind   Vis      Ndx Name
     0: 00000000     0 NOTYPE LOCAL DEFAULT UND 
     1: 00000000     0 NOTYPE WEAK   DEFAULT UND __gmon_start__
     2: 00000000     0 FUNC    GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (2)
     3: 00000000     0 FUNC    GLOBAL DEFAULT UND printf@GLIBC_2.0 (2)
     4: 080484dc     4 OBJECT GLOBAL DEFAULT   15 _IO_stdin_used

Symbol table '.symtab' contains 75 entries:
   Num:    Value Size Type    Bind   Vis      Ndx Name
。。。。。。
    67: 00000000     0 FUNC    GLOBAL DEFAULT UND printf@@GLIBC_2.0
    68: 0804a014     0 NOTYPE GLOBAL DEFAULT ABS __bss_start
    69: 080483c4    10 FUNC    GLOBAL DEFAULT   13 test
    70: 0804a01c     0 NOTYPE GLOBAL DEFAULT ABS _end
    71: 0804a014     0 NOTYPE GLOBAL DEFAULT ABS _edata
    72: 0804848a     0 FUNC    GLOBAL HIDDEN   13 __i686.get_pc_thunk.bx
    73: 080483ce    69 FUNC    GLOBAL DEFAULT   13 main
    74: 08048298     0 FUNC    GLOBAL DEFAULT   11 _init

---------------------------------------------------
widebright@widebright:~/桌面$ objdump -d a.out   反汇编

a.out:     file format elf32-i386


    ...

080482f8 <printf@plt>:
80482f8:    ff 25 08 a0 04 08        jmp    *0x804a008
80482fe:    68 10 00 00 00           push   $0x10
8048303:    e9 c0 ff ff ff           jmp    80482c8 <_init+0x30>

Disassembly of section .text:


080483ce <main>:
80483ce:    8d 4c 24 04              lea    0x4(%esp),%ecx
80483d2:    83 e4 f0                 and    $0xfffffff0,%esp
80483d5:    ff 71 fc                 pushl -0x4(%ecx)
80483d8:    55                       push   %ebp
80483d9:    89 e5                    mov    %esp,%ebp
80483db:    51                       push   %ecx
80483dc:    83 ec 24                 sub    $0x24,%esp
80483df:    c7 45 f4 00 00 00 00     movl   $0x0,-0xc(%ebp)
80483e6:    8b 45 f4                 mov    -0xc(%ebp),%eax
80483e9:    89 45 f8                 mov    %eax,-0x8(%ebp)
80483ec:    83 7d f8 00              cmpl   $0x0,-0x8(%ebp)
80483f0:    74 13                    je     8048405 <main+0x37>
80483f2:    8b 45 f8                 mov    -0x8(%ebp),%eax
80483f5:    89 44 24 04              mov    %eax,0x4(%esp)
80483f9:    c7 04 24 e0 84 04 08     movl   $0x80484e0,(%esp)
8048400:    e8 f3 fe ff ff           call   80482f8 <printf@plt> 
8048405:    b8 00 00 00 00           mov    $0x0,%eax
804840a:    83 c4 24                 add    $0x24,%esp
804840d:    59                       pop    %ecx
804840e:    5d                       pop    %ebp
804840f:    8d 61 fc                 lea    -0x4(%ecx),%esp
8048412:    c3                       ret    
8048413:    90                       nop    
8048414:    90                       nop    
8048415:    90                       nop    
8048416:    90                       nop    
8048417:    90                       nop    
8048418:    90                       nop    
8048419:    90                       nop    
804841a:    90                       nop    
804841b:    90                       nop    
804841c:    90                       nop    
804841d:    90                       nop    
804841e:    90                       nop    
804841f:    90                       nop    

======================================================
关于ELF技俩的链接 可以看


1. Intel平台下Linux中 ELF文件动态链接的加载、理会及实例说明): 加载

         IBM developerWorks 中国网站 ()

2. Linkers and Loaders

http://www.iecc.com/linker/

=======================================

2009-05-06 widebright 增补

上面两个下令 都是 gnu binutils器材附带的,也许比拟 有赞助 的尚有 addr2line 可以按照 你堕落 的堆栈所在找到对应的代码的行数吧。

http://www.gnu.org/software/binutils/

GNU Binutils

The GNU Binutils are a collection of binary tools. The main ones are:

  • ld - the GNU linker.
  • as - the GNU assembler.

But they also include:

  • addr2line - Converts addresses into filenames and line numbers.
  • ar - A utility for creating, modifying and extracting from archives.
  • c++filt - Filter to demangle encoded C++ symbols.
  • dlltool - Creates files for building and using DLLs.
  • gold - A new, faster, ELF only linker, still in beta test.
  • gprof - Displays profiling information.
  • nlmconv - Converts object code into an NLM.
  • nm - Lists symbols from object files.
  • objcopy - Copys and translates object files.
  • objdump - Displays information from object files.
  • ranlib - Generates an index to the contents of an archive.
  • readelf - Displays information from any ELF format object file.
  • size - Lists the section sizes of an object or archive file.
  • strings - Lists printable strings from files.
  • strip - Discards symbols.
  • windmc - A Windows compatible message compiler.
  • windres - A compiler for Windows resource files.
  评论这张
 
阅读(727)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2018