第13课 elf文件结构-段 节 信息
2018-11-07 本文已影响0人
曾经灬
常用节名.png
ELF文件结构:
linux elf文件、windows pe文件
Android操作系统内核采用Linux内核框架实现 Android ELF文件
ELF文件整体结构:
ELF Header-->ELF文件头的位置是固定的
Segment Header Table-->ELF程序头描述的是段的相关信息
.init
.text
.rodata
.data
.symtab 符号表
.line
.strtab 字符串表
Section Header Table-->ELF节头表描述的是节区的信息
动态用段(代码执行),静态用节(静态分析)
readelf的使用:
-a
-h //查看ELF文件头信息
-l
-S
-e
-s
ELF文件头信息
D:\Android\ATool>readelf -h user
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: ARM
Version: 0x1
Entry point address: 0x854c
Start of program headers: 52 (bytes into file)
Start of section headers: 8556 (bytes into file)
Flags: 0x5000000, Version5 EABI
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 8
Size of section headers: 40 (bytes)
Number of section headers: 24
Section header string table index: 23
ELF文件节信息
D:\Android\ATool>readelf -S user
There are 24 section headers, starting at offset 0x216c:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .interp PROGBITS 00008134 000134 000013 00 A 0 0 1
[ 2] .dynsym DYNSYM 00008148 000148 000100 10 A 3 1 4
[ 3] .dynstr STRTAB 00008248 000248 0000d1 00 A 0 0 1
[ 4] .hash HASH 0000831c 00031c 000054 04 A 2 0 4
[ 5] .rel.dyn REL 00008370 000370 000010 08 A 2 0 4
[ 6] .rel.plt REL 00008380 000380 000058 08 AI 2 7 4
[ 7] .plt PROGBITS 000083d8 0003d8 000098 00 AX 0 0 4
[ 8] .text PROGBITS 00008470 000470 0016ec 00 AX 0 0 4
[ 9] .note.android.ide PROGBITS 00009b5c 001b5c 000018 00 A 0 0 4
[10] .ARM.exidx ARM_EXIDX 00009b74 001b74 000120 08 AL 8 0 4
[11] .rodata PROGBITS 00009c94 001c94 000095 01 AMS 0 0 4
[12] .ARM.extab PROGBITS 00009d2c 001d2c 00003c 00 A 0 0 4
[13] .fini_array FINI_ARRAY 0000ae70 001e70 000008 00 WA 0 0 4
[14] .init_array INIT_ARRAY 0000ae78 001e78 000010 00 WA 0 0 4
[15] .preinit_array PREINIT_ARRAY 0000ae88 001e88 000008 00 WA 0 0 4
[16] .dynamic DYNAMIC 0000ae90 001e90 0000f8 08 WA 3 0 4
[17] .got PROGBITS 0000af88 001f88 000078 00 WA 0 0 4
[18] .data PROGBITS 0000b000 002000 000028 00 WA 0 0 4
[19] .bss NOBITS 0000b028 002028 00002c 00 WA 0 0 4
[20] .comment PROGBITS 00000000 002028 000010 01 MS 0 0 1
[21] .note.gnu.gold-ve NOTE 00000000 002038 00001c 00 0 0 4
[22] .ARM.attributes ARM_ATTRIBUTES 00000000 002054 000034 00 0 0 1
[23] .shstrtab STRTAB 00000000 002088 0000e3 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
文件段信息
D:\Android\ATool>readelf -l user
Elf file type is EXEC (Executable file)
Entry point 0x854c
There are 8 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x00008034 0x00008034 0x00100 0x00100 R 0x4
INTERP 0x000134 0x00008134 0x00008134 0x00013 0x00013 R 0x1
[Requesting program interpreter: /system/bin/linker]
LOAD 0x000000 0x00008000 0x00008000 0x01d68 0x01d68 R E 0x1000
LOAD 0x001e70 0x0000ae70 0x0000ae70 0x001b8 0x001e4 RW 0x1000
DYNAMIC 0x001e90 0x0000ae90 0x0000ae90 0x000f8 0x000f8 RW 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0
EXIDX 0x001b74 0x00009b74 0x00009b74 0x00120 0x00120 R 0x4
GNU_RELRO 0x001e70 0x0000ae70 0x0000ae70 0x00190 0x00190 RW 0x4
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .dynsym .dynstr .hash .rel.dyn .rel.plt .plt .text .note.android.ident .ARM.exidx .rodata .ARM.extab
03 .fini_array .init_array .preinit_array .dynamic .got .data .bss
04 .dynamic
05
06 .ARM.exidx
07 .fini_array .init_array .preinit_array .dynamic .got
- LOAD 段是在程序运行过程中,需要加载到内存中的,其他段不需要加载到内存中
