1. 概述

有几个涉及的专有名词概念

  • 段(segment)/节(section)单位存储到elf文件中
  • 代码段(code section): .code 或者 .text
  • 数据段(data section): .data

这里面有几个一般性的规则:

  • .bbs段是存储全局变量和局部静态变量未初始化的。
  • .data段存储 已初始化全局变量和已初始化局部静态变量的位置。
  • .指令、函数调用、局部变量都存储在.text段(局部变量吃栈空间)
int a = 84;   // 已初始化全局变量 -> .data
int b;        // 未初始化全局变量 -> .bbs
int h[256];   // 未初始化全局变量 -> .bbs 并且h不占有真正的内存

void func_example (int i) {       // 指令函数地址 -> .text
    printf("example %d\n", i);
}

void main (void) {               // 指令函数地址 -> .text
    static int s_var_1 = 85;     // 已初始化静态变量 -> .data
    static int s_var_2;          // 未初始化静态变量 -> .bbs
    int c = 1;                   // 已初始化的非静态变量 -> .text
    int b;                       // 未初始化的非静态变量 -> .text
    func_example(s_var_1 + s_var_2 + c + b);   // 指令跳转 -> .text
    return;
}

2. 目标文件生成及工具

2.1 C语言

研究编译文件,从一个最简单的mian.c文件开始,main.c文件可以表示为:

#include <stdio.h>

int a = 84;
int b;

void func(int i)
{
    printf("helloworld!%d\n", i);
}

int main(void)
{
    static int var_1 = 85;
    static int var_2;
    int c = 6;
    int d;
    func(var_1 + var_2 + c + d);
    return c;
}

// end of main.c

编译:$ aarch64-linux-gnu-gcc main.c -o a.out 生成a.out文件(ELF 64-bit executable, ARM aarch64)

2.2 段工具查看

使用objdump工具对查看elf文件内部结构 aarch64-linux-gnu-objdump -h a.out

a.out:     file format elf64-littleaarch64

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .interp       0000001b  0000000000400200  0000000000400200  00000200  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .note.ABI-tag 00000020  000000000040021c  000000000040021c  0000021c  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .note.gnu.build-id 00000024  000000000040023c  000000000040023c  0000023c  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .hash         00000028  0000000000400260  0000000000400260  00000260  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  4 .dynsym       00000078  0000000000400288  0000000000400288  00000288  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  5 .dynstr       00000044  0000000000400300  0000000000400300  00000300  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  6 .gnu.version  0000000a  0000000000400344  0000000000400344  00000344  2**1
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  7 .gnu.version_r 00000020  0000000000400350  0000000000400350  00000350  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  8 .rela.dyn     00000018  0000000000400370  0000000000400370  00000370  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  9 .rela.plt     00000060  0000000000400388  0000000000400388  00000388  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 10 .init         00000014  00000000004003e8  00000000004003e8  000003e8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 11 .plt          00000060  0000000000400400  0000000000400400  00000400  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 12 .text         000001f4  0000000000400460  0000000000400460  00000460  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 13 .fini         00000010  0000000000400654  0000000000400654  00000654  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 14 .rodata       00000027  0000000000400668  0000000000400668  00000668  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 15 .eh_frame     00000004  0000000000400690  0000000000400690  00000690  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 16 .init_array   00000008  0000000000410df8  0000000000410df8  00000df8  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 17 .fini_array   00000008  0000000000410e00  0000000000410e00  00000e00  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 18 .dynamic      000001d0  0000000000410e08  0000000000410e08  00000e08  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 19 .got          00000010  0000000000410fd8  0000000000410fd8  00000fd8  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 20 .got.plt      00000038  0000000000410fe8  0000000000410fe8  00000fe8  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 21 .data         00000018  0000000000411020  0000000000411020  00001020  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 22 .bss          00000010  0000000000411038  0000000000411038  00001038  2**2
                  ALLOC
 23 .comment      00000024  0000000000000000  0000000000000000  00001038  2**0
                  CONTENTS, READONLY
 24 .debug_aranges 00000110  0000000000000000  0000000000000000  00001060  2**4
                  CONTENTS, READONLY, DEBUGGING
 25 .debug_info   0000041d  0000000000000000  0000000000000000  00001170  2**0
                  CONTENTS, READONLY, DEBUGGING
 26 .debug_abbrev 0000018e  0000000000000000  0000000000000000  0000158d  2**0
                  CONTENTS, READONLY, DEBUGGING
 27 .debug_line   00000265  0000000000000000  0000000000000000  0000171b  2**0
                  CONTENTS, READONLY, DEBUGGING
 28 .debug_frame  00000068  0000000000000000  0000000000000000  00001980  2**3
                  CONTENTS, READONLY, DEBUGGING
 29 .debug_str    000002de  0000000000000000  0000000000000000  000019e8  2**0
                  CONTENTS, READONLY, DEBUGGING
 30 .debug_loc    00000166  0000000000000000  0000000000000000  00001cc6  2**0
                  CONTENTS, READONLY, DEBUGGING
 31 .debug_ranges 00000090  0000000000000000  0000000000000000  00001e30  2**4
                  CONTENTS, READONLY, DEBUGGING

2.3 关键字:

  • ALLOC – Section will have space allocated in the process when loaded. Set for all sections except those containing debug information.
  • LOAD – Section will be loaded from the file into the child process memory. Set for pre-initialized code and data, clear for .bss sections.
  • RELOC – Section needs to be relocated before loading.
  • READONLY – Section cannot be modified by the child process.
  • CODE – Section contains executable code only.
  • DATA – Section contains data only (no executable code).
  • ROM – Section will reside in ROM.
  • CONSTRUCTOR – Section contains data for constructor/destructor lists.
  • HAS_CONTENTS – Section is not empty.
  • NEVER_LOAD – An instruction to the linker to not output the section.
  • COFF_SHARED_LIBRARY – A notification to the linker that the section contains COFF shared library information.
  • IS_COMMON – Section contains common symbols.

还有个size工具可以直接看每个段的大小aarch64-linux-gnu-size a.out

$ aarch64-linux-gnu-size a.out
text    data     bss     dec     hex filename
1160     576      16    1752     6d8 a.out

2.4 代码段

2.4.1 指令段

objdump可以输出代码段aarch64-linux-gnu-objdump -s -d a.out 查看附录一 为文件全貌。前半部分为contents,后半部分为函数的汇编,这里拿C语言、Content、汇编进行对比:

C语言:

int main(void)
{
    static int var_1 = 85;
    static int var_2;
    int c = 6;
    int d;
    func(var_1 + var_2 + c + d);
    return c;
}

Content(由于main函数应该在content的.text段),截取text段为:

Contents of section .text:
 400460 1d0080d2 1e0080d2 e50300aa e10340f9  ..............@.
 400470 e2230091 e6030091 c0000058 e3000058  .#.........X...X
 400480 04010058 e7ffff97 eeffff97 00000000  ...X............
 400490 84054000 00000000 d0054000 00000000  ..@.......@.....
 4004a0 50064000 00000000 80000090 00f047f9  P.@...........G.
 4004b0 400000b4 dfffff17 c0035fd6 00000000  @........._.....
 4004c0 800000b0 00e00091 810000b0 21e00091  ............!...
 4004d0 3f0000eb a0000054 01000090 213843f9  ?......T....!8C.
 4004e0 410000b4 20001fd6 c0035fd6 1f2003d5  A... ....._.. ..
 4004f0 800000b0 00e00091 810000b0 21e00091  ............!...
 400500 210000cb 21fc4393 21fc418b 21fc4193  !...!.C.!.A.!.A.
 400510 a10000b4 02000090 423c43f9 420000b4  ........B<C.B...
 400520 40001fd6 c0035fd6 fd7bbea9 fd030091  @....._..{......
 400530 f30b00f9 930000b0 60e24039 80000035  ........`.@9...5
 400540 e0ffff97 20008052 60e20039 f30b40f9  .... ..R`..9..@.
 400550 fd7bc2a8 c0035fd6 e6ffff17 fd7bbea9  .{...._......{..
 400560 fd030091 a01f00b9 00000090 00001a91  ................
 400570 a11f40b9 b7ffff97 1f2003d5 fd7bc2a8  ..@...... ...{..
 400580 c0035fd6 fd7bbea9 fd030091 c0008052  .._..{.........R   <<<----main 函数指令 a9 fd 03 ...
 400590 a01f00b9 800000b0 00d00091 010040b9  ..............@.
 4005a0 800000b0 00f00091 000040b9 2100000b  ..........@.!...
 4005b0 a01f40b9 2100000b a01b40b9 2000000b  ..@.!.....@. ...
 4005c0 e7ffff97 a01f40b9 fd7bc2a8 c0035fd6  ......@..{...._.
 4005d0 fd7bbca9 fd0300å91 f4d701a9 94000090  .{..............
 4005e0 95000090 94023891 b5e23791 f6df02a9  ......8...7.....
 4005f0 940215cb f81f00f9 f603002a f70301aa  ...........*....
 400600 94fe4393 f80302aa 78ffff97 940100b4  ..C.....x.......
 400610 b30b00f9 130080d2 a37a73f8 e20318aa  .........zs.....
 400620 e10317aa e003162a 73060091 60003fd6  .......*s...`.?.
 400630 9f0213eb 21ffff54 b30b40f9 f4d741a9  ....!..T..@...A.
 400640 f6df42a9 f81f40f9 fd7bc4a8 c0035fd6  ..B...@..{...._.
 400650 c0035fd6     

编译的汇编为:

0000000000400584 <main>:
  400584:    a9be7bfd     stp    x29, x30, [sp, #-32]!
  400588:    910003fd     mov    x29, sp
  40058c:    528000c0     mov    w0, #0x6                       // #6
  400590:    b9001fa0     str    w0, [x29, #28]
  400594:    b0000080     adrp    x0, 411000 <__libc_start_main@GLIBC_2.17>
  400598:    9100d000     add    x0, x0, #0x34
  40059c:    b9400001     ldr    w1, [x0]
  4005a0:    b0000080     adrp    x0, 411000 <__libc_start_main@GLIBC_2.17>
  4005a4:    9100f000     add    x0, x0, #0x3c
  4005a8:    b9400000     ldr    w0, [x0]
  4005ac:    0b000021     add    w1, w1, w0
  4005b0:    b9401fa0     ldr    w0, [x29, #28]
  4005b4:    0b000021     add    w1, w1, w0
  4005b8:    b9401ba0     ldr    w0, [x29, #24]
  4005bc:    0b000020     add    w0, w1, w0
  4005c0:    97ffffe7     bl    40055c <func>
  4005c4:    b9401fa0     ldr    w0, [x29, #28]
  4005c8:    a8c27bfd     ldp    x29, 

可以看到十六进制 a9 -> stp, 91 -> mov

2.4.2 数据段

我们要找到a,b, var_1, var_2, c,d在代码段的位置

#include <stdio.h>

int a = 0x54;   // 已初始化全局变量 -> .data
int b;          // 未初始化全局变量 -> .bbs

void func(int i)
{
    ....
}

int main(void)
{
    static int var_1 = 0x55;   // 局部静态已初始化全局变量 -> .data
    static int var_2;          // 局部静态未初始化全局变量 -> .bbs
    int c = 6;                 // .text alloc
    int d;                     // .text alloc
    ....
}

// end of main.c
Contents of section .data:
 411020 00000000 00000000 00000000 00000000  ................
 411030 54000000 55000000                    T...U...        

从段中可以看出a (0x54)被映射到0x411030位置,var_1 (0x55)被映射到0x411034的位置。来看一下指令如何load这个地址的数据的。猜测指令应该为LDR x0, 4110300. -> STR x0。a变量没有被代码用到,在汇编指令里面找不到a地址操作的影子,但是var_1在main函数中进行了赋值,因此,可以找到:

0000000000400584 <main>:
  400584:    a9be7bfd     stp    x29, x30, [sp, #-32]!
  400588:    910003fd     mov    x29, sp
  40058c:    528000c0     mov    w0, #0x6                       // #6    <------- w0是0x6 局部变量c的位置
  400590:    b9001fa0     str    w0, [x29, #28]
  400594:    b0000080     adrp    x0, 411000 <__libc_start_main@GLIBC_2.17>
  400598:    9100d000     add    x0, x0, #0x34
  40059c:    b9400001     ldr    w1, [x0]                           <----- w1为变量d,加载的为x0地址内的值
  400594:    b0000080     adrp    x0, 411000 <__libc_start_main@GLIBC_2.17>
  400598:    9100d000     add    x0, x0, #0x34                      <---- x0基地址为411000然后加上0x34的偏移,得到 0x411034
  40059c:    b9400001     ldr    w1, [x0]
  ....
2.4.3 String段

printf("%d....") 里面的固定字符串是放在了.rodata段,该段只读特性, const也会存入该段

Contents of section .rodata:
 400668 01000200 00000000 00000000 00000000  ................
 400678 00000000 00000000 68656c6c 6f776f72  ........hellowor
 400688 6c642125 640a00                      ld!%d..      

这个很明显了,放在地址,0x400680起始,可以找到指令段:

000000000040055c <func>:
  40055c:    a9be7bfd     stp    x29, x30, [sp, #-32]!
  400560:    910003fd     mov    x29, sp
  400564:    b9001fa0     str    w0, [x29, #28]
  400568:    90000000     adrp    x0, 400000 <_init-0x3e8>
  40056c:    911a0000     add    x0, x0, #0x680                <- string的地址 0x400680被load进入x0寄存器
  400570:    b9401fa1     ldr    w1, [x29, #28]
  400574:    97ffffb7     bl    400450 <printf@plt>
  400578:    d503201f     nop
  40057c:    a8c27bfd     ldp    x29, x30, [sp], #32
  400580:    d65f03c0     ret
2.4.4 BSS段
  • 符号表(Symbol Table)
  • static int x1 = 0; 即便是初始化,由于编译器的优化问题,也有可能会被放在.bss段.
  • aarch64-linux-gnu-objdump -s -d 不显示.bss段的内容.

2.5 自定义段

2.5.1 objcopy

把文件代码段化,使用aarch-linux-gnu-objcopy工具,例如把 objdump_h.txt文件代码段化:

aarch64-linux-gnu-objcopy -I binary -O elf64-littleaarch64 objdump_h.txt text.o

$ aarch64-linux-gnu-objdump -ht text.o

text.o:     file format elf64-little

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .data         000010be  0000000000000000  0000000000000000  00000040  2**0
                  CONTENTS, ALLOC, LOAD, DATA
SYMBOL TABLE:
0000000000000000 l    d  .data 0000000000000000 .data
0000000000000000 g       .data 0000000000000000 _binary_objdump_h_txt_start
00000000000010be g       .data 0000000000000000 _binary_objdump_h_txt_end
00000000000010be g       *ABS* 0000000000000000 _binary_objdump_h_txt_size
2.5.2 __attribute__自定义段

__attribute__((section("FOO"))) int global =4

__attribute__((section("BAR"))) void foo() {}

把global变量映射到CARLOS_DATA段,把func2映射到CARLOS_FUNC段中。

#include <stdio.h>

int a = 84;
int b;
const int g = 0xAA;
void func(int i)
{
    printf("helloworld!%d\n", i);
}

__attribute((section("CARLOS_DATA"))) int name = 4;
__attribute((section("CARLOS_FUNC"))) int func2 (void){
    int m = 9, n = 10;
    int q;
    q = m+n;
    return q;
}

int main(void)
{
    static int var_1 = 85;
    static int var_2;
    int c = 6;
    int d;
    func(var_1 + var_2 + c + d);
    return c;
}

编译 -> 使用aarch64-linux-gnu-objdump -h main 查看

13 CARLOS_FUNC   00000030  0000000000400654  0000000000400654  00000654  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 14 .fini         00000010  0000000000400684  0000000000400684  00000684  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 15 .rodata       0000002f  0000000000400698  0000000000400698  00000698  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 16 .eh_frame     00000004  00000000004006c8  00000000004006c8  000006c8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 17 .init_array   00000008  0000000000410df8  0000000000410df8  00000df8  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 18 .fini_array   00000008  0000000000410e00  0000000000410e00  00000e00  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 19 .dynamic      000001d0  0000000000410e08  0000000000410e08  00000e08  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 20 .got          00000010  0000000000410fd8  0000000000410fd8  00000fd8  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 21 .got.plt      00000038  0000000000410fe8  0000000000410fe8  00000fe8  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 22 .data         00000018  0000000000411020  0000000000411020  00001020  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 23 CARLOS_DATA   00000004  0000000000411038  0000000000411038  00001038  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 24 .bss          0000000c  000000000041103c  000000000041103c  0000103c  2**2
                  ALLOC
 25 .comment      00000024  0000000000000000  0000000000000000  0000103c  2**0
                  CONTENTS, READONLY

第13 line 和23 line 分别为我们自己映射的区域。

ELF文件结构

1. 文件结构

1.1. Scope

通用的ELF文件,我们可以分为四大类:

  • Header: 描述基本属性的
  • Sections:各个段,包括.text .data .bss等
  • Section header tables:ELF中所有段的段名、段长度、文件偏移、读写权限等
  • Helper tables:辅助结构,字符串表、符号表。
----------------------------------------
       ELF Header(描述基本属性)               
----------------------------------------
       .text (段1)
----------------------------------------
       .data (段2)
----------------------------------------
       .bss  (段3)
----------------------------------------
       ...other 
          sections...
----------------------------------------
       Section header tables (段表)
----------------------------------------
       String Tables   (字符串表)
       Symbol Tables   (符号表)
----------------------------------------

1.2. Header

aarch64-none-linux-gnu-gcc main.c -o main

readelf -h main

➜ readelf -h main
ELF Header:
  // e_ident members
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 // ELF 魔数
  Class:                             ELF64                 // 有ELF32 / ELF64
  Data:                              2's complement, little endian 
  Version:                           1 (current)  // always 1
  OS/ABI:                            UNIX - System V  
  ABI Version:                       0
  
  // e_type members
  Type:                              EXEC (Executable file)
  // e_machine members
  Machine:                           AArch64
  // e_version members
  Version:                           0x1
  // e_entry members: 规定ELF程序的入口的虚拟地址,操作系统在加载完程序后从这个地址开始执行进程指令
  Entry point address:               0x4004c0
  // e_phoff members:ELF链接视图和执行视图相关
  Start of program headers:          64 (bytes into file)
  // e_shoff member:段表在文件中的偏移,从13521字节开始
  Start of section headers:          13520 (bytes into file)
  // e_word
  Flags:                             0x0
  // e_ehsize: ELF文件头的大小
  Size of this header:               64 (bytes)
  // e_phentsize: ELF链接视图和执行视图相关
  Size of program headers:           56 (bytes)
  // e_phnum: ELF链接视图和执行视图相关
  Number of program headers:         9
  // e_shentsize: 段表描述符的大小 一般为sizeof(Elf32_Shdr)
  Size of section headers:           64 (bytes)
  // e_shnum: 段表描述符的数量。
  Number of section headers:         38
  // e_shstrndx: 段表字符串表所在的段在段表中的下标
  Section header string table index: 37

ELF的类型可以参考:elf(5) - Linux manual page (man7.org)

1.3. Section Header Table(段表)

段表的作用是,在ELF中记录每个段的基本属性(段名、段的长度、在文件中的偏移、读写权限及段的其他属性)。编译器和链接器还有装载器都需要依靠段表来定位和访问各个段的属性。在elf文件头中e_shoff 决定段表的存储位置。

readelf -S main

➜  work-temp readelf -S main
There are 38 section headers, starting at offset 0x34d0:

Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 1] .interp           PROGBITS         0000000000400238  00000238
       000000000000001b  0000000000000000   A       0     0     1
  [ 2] .note.ABI-tag     NOTE             0000000000400254  00000254
       0000000000000020  0000000000000000   A       0     0     4
  [ 3] .hash             HASH             0000000000400278  00000278
       0000000000000028  0000000000000004   A       5     0     8
  [ 4] .gnu.hash         GNU_HASH         00000000004002a0  000002a0
       000000000000001c  0000000000000000   A       5     0     8
  [ 5] .dynsym           DYNSYM           00000000004002c0  000002c0
       0000000000000078  0000000000000018   A       6     1     8
  [ 6] .dynstr           STRTAB           0000000000400338  00000338
       0000000000000044  0000000000000000   A       0     0     1
  [ 7] .gnu.version      VERSYM           000000000040037c  0000037c
       000000000000000a  0000000000000002   A       5     0     2
  [ 8] .gnu.version_r    VERNEED          0000000000400388  00000388
       0000000000000020  0000000000000000   A       6     1     8
  [ 9] .rela.dyn         RELA             00000000004003a8  000003a8
       0000000000000018  0000000000000018   A       5     0     8
  [10] .rela.plt         RELA             00000000004003c0  000003c0
       0000000000000060  0000000000000018  AI       5    23     8
  [11] .init             PROGBITS         0000000000400420  00000420
       0000000000000018  0000000000000000  AX       0     0     4
  [12] .plt              PROGBITS         0000000000400440  00000440
       0000000000000060  0000000000000000  AX       0     0     16
  [13] .text             PROGBITS         00000000004004c0  000004c0
       0000000000000214  0000000000000000  AX       0     0     64
  [14] CARLOS_FUNC       PROGBITS         00000000004006d4  000006d4
       0000000000000030  0000000000000000  AX       0     0     4
  [15] .fini             PROGBITS         0000000000400704  00000704
       0000000000000014  0000000000000000  AX       0     0     4
  [16] .rodata           PROGBITS         0000000000400718  00000718
       000000000000002f  0000000000000000   A       0     0     8
  [17] .eh_frame_hdr     PROGBITS         0000000000400748  00000748
       000000000000005c  0000000000000000   A       0     0     4
  [18] .eh_frame         PROGBITS         00000000004007a8  000007a8
       000000000000012c  0000000000000000   A       0     0     8
  [19] .init_array       INIT_ARRAY       0000000000410de8  00000de8
       0000000000000008  0000000000000008  WA       0     0     8
  [20] .fini_array       FINI_ARRAY       0000000000410df0  00000df0
       0000000000000008  0000000000000008  WA       0     0     8
  [21] .dynamic          DYNAMIC          0000000000410df8  00000df8
       00000000000001e0  0000000000000010  WA       6     0     8
  [22] .got              PROGBITS         0000000000410fd8  00000fd8
       0000000000000010  0000000000000008  WA       0     0     8
  [23] .got.plt          PROGBITS         0000000000410fe8  00000fe8
       0000000000000038  0000000000000008  WA       0     0     8
  [24] .data             PROGBITS         0000000000411020  00001020
       0000000000000018  0000000000000000  WA       0     0     8
  [25] CARLOS_DATA       PROGBITS         0000000000411038  00001038
       0000000000000004  0000000000000000  WA       0     0     4
  [26] .bss              NOBITS           000000000041103c  0000103c
       000000000000000c  0000000000000000  WA       0     0     4
  [27] .comment          PROGBITS         0000000000000000  0000103c
       000000000000005d  0000000000000001  MS       0     0     1
  [28] .debug_aranges    PROGBITS         0000000000000000  000010a0
       0000000000000130  0000000000000000           0     0     16
  [29] .debug_info       PROGBITS         0000000000000000  000011d0
       0000000000000715  0000000000000000           0     0     1
  [30] .debug_abbrev     PROGBITS         0000000000000000  000018e5
       00000000000002a1  0000000000000000           0     0     1
  [31] .debug_line       PROGBITS         0000000000000000  00001b86
       000000000000037d  0000000000000000           0     0     1
  [32] .debug_str        PROGBITS         0000000000000000  00001f03
       00000000000004ea  0000000000000001  MS       0     0     1
  [33] .debug_loc        PROGBITS         0000000000000000  000023ed
       0000000000000182  0000000000000000           0     0     1
  [34] .debug_ranges     PROGBITS         0000000000000000  00002570
       0000000000000090  0000000000000000           0     0     16
  [35] .symtab           SYMTAB           0000000000000000  00002600
       0000000000000b10  0000000000000018          36    90     8
  [36] .strtab           STRTAB           0000000000000000  00003110
       0000000000000258  0000000000000000           0     0     1
  [37] .shstrtab         STRTAB           0000000000000000  00003368
       0000000000000161  0000000000000000           0     0     1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
  L (link order), O (extra OS processing required), G (group), T (TLS),
  C (compressed), x (unknown), o (OS specific), E (exclude),
  p (processor specific)

以上表为下列结构体的数组

typedef struct
{
  Elf64_Word    sh_name;        /* Section name (string tbl index) */
  Elf64_Word    sh_type;        /* Section type */
  Elf64_Xword    sh_flags;        /* Section flags */
  Elf64_Addr    sh_addr;        /* Section virtual addr at execution 如果该段可以被加载,显示为进程空间的虚拟地址,否则为0 */
  Elf64_Off        sh_offset;        /* Section file offset 这段对.bbs没有意义 */
  Elf64_Xword    sh_size;        /* Section size in bytes */
  Elf64_Word    sh_link;        /* Link to another section */
  Elf64_Word    sh_info;        /* Additional section information */
  Elf64_Xword    sh_addralign;    /* Section alignment 有的段有对齐要求,0/1表示没有对其要求 */
  Elf64_Xword    sh_entsize;        /* Entry size if section holds table */
} Elf64_Shdr;
重定位表 Relocation Table

在其他段里面引用了一些段的地址,这些地址单独存成一个重定位表,例如printf("hello world"), 里面的字符串就要被重定位到一个单独的区域。

字符串表 String Table

段名、变量名长度不固定,单独放在一个连续的区域里面,使用偏移来索引字符串。.strtab,.shstrtab字符串表, 在header里面 e_shstrndx: 段表字符串表所在的段在段表中的下标 表示

附录 I: 原始C文件

// main.c
#include <stdio.h>

int a = 84;
int b;
const int g = 0xAA;
void func(int i)
{
    printf("helloworld!%d\n", i);
}

__attribute((section("CARLOS_DATA"))) int name = 4;
__attribute((section("CARLOS_FUNC"))) int func2 (void){
    int m = 9, n = 10;
    int q;
    q = m+n;
    return q;
}

int main(void)
{
    static int var_1 = 85;
    static int var_2;
    int c = 6;
    int d;
    func(var_1 + var_2 + c + d);
    return c;
}

附录I:a.out objdump文件

a.out:     file format elf64-littleaarch64

Contents of section .interp:
 400200 2f6c6962 2f6c642d 6c696e75 782d6161  /lib/ld-linux-aa
 400210 72636836 342e736f 2e3100             rch64.so.1.     
Contents of section .note.ABI-tag:
 40021c 04000000 10000000 01000000 474e5500  ............GNU.
 40022c 00000000 03000000 07000000 00000000  ................
Contents of section .note.gnu.build-id:
 40023c 04000000 14000000 03000000 474e5500  ............GNU.
 40024c b5345575 e47d2302 2f0a0c94 37de1666  .4Uu.}#./...7..f
 40025c a10ff265                             ...e            
Contents of section .hash:
 400260 03000000 05000000 02000000 01000000  ................
 400270 04000000 00000000 00000000 00000000  ................
 400280 00000000 03000000                    ........        
Contents of section .dynsym:
 400288 00000000 00000000 00000000 00000000  ................
 400298 00000000 00000000 18000000 12000000  ................
 4002a8 00000000 00000000 00000000 00000000  ................
 4002b8 2a000000 20000000 00000000 00000000  *... ...........
 4002c8 00000000 00000000 0b000000 12000000  ................
 4002d8 00000000 00000000 00000000 00000000  ................
 4002e8 11000000 12000000 00000000 00000000  ................
 4002f8 00000000 00000000                    ........        
Contents of section .dynstr:
 400300 006c6962 632e736f 2e360061 626f7274  .libc.so.6.abort
 400310 00707269 6e746600 5f5f6c69 62635f73  .printf.__libc_s
 400320 74617274 5f6d6169 6e005f5f 676d6f6e  tart_main.__gmon
 400330 5f737461 72745f5f 00474c49 42435f32  _start__.GLIBC_2
 400340 2e313700                             .17.            
Contents of section .gnu.version:
 400344 00000200 00000200 0200               ..........      
Contents of section .gnu.version_r:
 400350 01000100 01000000 10000000 00000000  ................
 400360 97919606 00000200 39000000 00000000  ........9.......
Contents of section .rela.dyn:
 400370 e00f4100 00000000 01040000 02000000  ..A.............
 400380 00000000 00000000                    ........        
Contents of section .rela.plt:
 400388 00104100 00000000 02040000 01000000  ..A.............
 400398 00000000 00000000 08104100 00000000  ..........A.....
 4003a8 02040000 02000000 00000000 00000000  ................
 4003b8 10104100 00000000 02040000 03000000  ..A.............
 4003c8 00000000 00000000 18104100 00000000  ..........A.....
 4003d8 02040000 04000000 00000000 00000000  ................
Contents of section .init:
 4003e8 fd7bbfa9 fd030091 2e000094 fd7bc1a8  .{...........{..
 4003f8 c0035fd6                             .._.            
Contents of section .plt:
 400400 f07bbfa9 90000090 11fe47f9 10e23f91  .{........G...?.
 400410 20021fd6 1f2003d5 1f2003d5 1f2003d5   .... ... ... ..
 400420 900000b0 110240f9 10020091 20021fd6  ......@..... ...
 400430 900000b0 110640f9 10220091 20021fd6  ......@..".. ...
 400440 900000b0 110a40f9 10420091 20021fd6  ......@..B.. ...
 400450 900000b0 110e40f9 10620091 20021fd6  ......@..b.. ...
Contents of section .text:
 400460 1d0080d2 1e0080d2 e50300aa e10340f9  ..............@.
 400470 e2230091 e6030091 c0000058 e3000058  .#.........X...X
 400480 04010058 e7ffff97 eeffff97 00000000  ...X............
 400490 84054000 00000000 d0054000 00000000  ..@.......@.....
 4004a0 50064000 00000000 80000090 00f047f9  P.@...........G.
 4004b0 400000b4 dfffff17 c0035fd6 00000000  @........._.....
 4004c0 800000b0 00e00091 810000b0 21e00091  ............!...
 4004d0 3f0000eb a0000054 01000090 213843f9  ?......T....!8C.
 4004e0 410000b4 20001fd6 c0035fd6 1f2003d5  A... ....._.. ..
 4004f0 800000b0 00e00091 810000b0 21e00091  ............!...
 400500 210000cb 21fc4393 21fc418b 21fc4193  !...!.C.!.A.!.A.
 400510 a10000b4 02000090 423c43f9 420000b4  ........B<C.B...
 400520 40001fd6 c0035fd6 fd7bbea9 fd030091  @....._..{......
 400530 f30b00f9 930000b0 60e24039 80000035  ........`.@9...5
 400540 e0ffff97 20008052 60e20039 f30b40f9  .... ..R`..9..@.
 400550 fd7bc2a8 c0035fd6 e6ffff17 fd7bbea9  .{...._......{..
 400560 fd030091 a01f00b9 00000090 00001a91  ................
 400570 a11f40b9 b7ffff97 1f2003d5 fd7bc2a8  ..@...... ...{..
 400580 c0035fd6 fd7bbea9 fd030091 c0008052  .._..{.........R
 400590 a01f00b9 800000b0 00d00091 010040b9  ..............@.
 4005a0 800000b0 00f00091 000040b9 2100000b  ..........@.!...
 4005b0 a01f40b9 2100000b a01b40b9 2000000b  ..@.!.....@. ...
 4005c0 e7ffff97 a01f40b9 fd7bc2a8 c0035fd6  ......@..{...._.
 4005d0 fd7bbca9 fd030091 f4d701a9 94000090  .{..............
 4005e0 95000090 94023891 b5e23791 f6df02a9  ......8...7.....
 4005f0 940215cb f81f00f9 f603002a f70301aa  ...........*....
 400600 94fe4393 f80302aa 78ffff97 940100b4  ..C.....x.......
 400610 b30b00f9 130080d2 a37a73f8 e20318aa  .........zs.....
 400620 e10317aa e003162a 73060091 60003fd6  .......*s...`.?.
 400630 9f0213eb 21ffff54 b30b40f9 f4d741a9  ....!..T..@...A.
 400640 f6df42a9 f81f40f9 fd7bc4a8 c0035fd6  ..B...@..{...._.
 400650 c0035fd6                             .._.            
Contents of section .fini:
 400654 fd7bbfa9 fd030091 fd7bc1a8 c0035fd6  .{.......{...._.
Contents of section .rodata:
 400668 01000200 00000000 00000000 00000000  ................
 400678 00000000 00000000 68656c6c 6f776f72  ........hellowor
 400688 6c642125 640a00                      ld!%d..         
Contents of section .eh_frame:
 400690 00000000                             ....            
Contents of section .init_array:
 410df8 58054000 00000000                    X.@.....        
Contents of section .fini_array:
 410e00 28054000 00000000                    (.@.....        
Contents of section .dynamic:
 410e08 01000000 00000000 01000000 00000000  ................
 410e18 0c000000 00000000 e8034000 00000000  ..........@.....
 410e28 0d000000 00000000 54064000 00000000  ........T.@.....
 410e38 19000000 00000000 f80d4100 00000000  ..........A.....
 410e48 1b000000 00000000 08000000 00000000  ................
 410e58 1a000000 00000000 000e4100 00000000  ..........A.....
 410e68 1c000000 00000000 08000000 00000000  ................
 410e78 04000000 00000000 60024000 00000000  ........`.@.....
 410e88 05000000 00000000 00034000 00000000  ..........@.....
 410e98 06000000 00000000 88024000 00000000  ..........@.....
 410ea8 0a000000 00000000 44000000 00000000  ........D.......
 410eb8 0b000000 00000000 18000000 00000000  ................
 410ec8 15000000 00000000 00000000 00000000  ................
 410ed8 03000000 00000000 e80f4100 00000000  ..........A.....
 410ee8 02000000 00000000 60000000 00000000  ........`.......
 410ef8 14000000 00000000 07000000 00000000  ................
 410f08 17000000 00000000 88034000 00000000  ..........@.....
 410f18 07000000 00000000 70034000 00000000  ........p.@.....
 410f28 08000000 00000000 18000000 00000000  ................
 410f38 09000000 00000000 18000000 00000000  ................
 410f48 feffff6f 00000000 50034000 00000000  ...o....P.@.....
 410f58 ffffff6f 00000000 01000000 00000000  ...o............
 410f68 f0ffff6f 00000000 44034000 00000000  ...o....D.@.....
 410f78 00000000 00000000 00000000 00000000  ................
 410f88 00000000 00000000 00000000 00000000  ................
 410f98 00000000 00000000 00000000 00000000  ................
 410fa8 00000000 00000000 00000000 00000000  ................
 410fb8 00000000 00000000 00000000 00000000  ................
 410fc8 00000000 00000000 00000000 00000000  ................
Contents of section .got:
 410fd8 080e4100 00000000 00000000 00000000  ..A.............
Contents of section .got.plt:
 410fe8 00000000 00000000 00000000 00000000  ................
 410ff8 00000000 00000000 00044000 00000000  ..........@.....
 411008 00044000 00000000 00044000 00000000  ..@.......@.....
 411018 00044000 00000000                    ..@.....        
Contents of section .data:
 411020 00000000 00000000 00000000 00000000  ................
 411030 54000000 55000000                    T...U...        
Contents of section .comment:
 0000 4743433a 20284c69 6e61726f 20474343  GCC: (Linaro GCC
 0010 20372e35 2d323031 392e3132 2920372e   7.5-2019.12) 7.
 0020 352e3000                             5.0.            
Contents of section .debug_aranges:
 0000 2c000000 02000000 00000800 00000000  ,...............
 0010 60044000 00000000 48000000 00000000  `.@.....H.......
 0020 00000000 00000000 00000000 00000000  ................
 0030 1c000000 0200ab00 00000800 00000000  ................
 0040 00000000 00000000 00000000 00000000  ................
 0050 4c000000 02002201 00000800 00000000  L.....".........
 0060 a8044000 00000000 14000000 00000000  ..@.............
 0070 e8034000 00000000 0c000000 00000000  ..@.............
 0080 54064000 00000000 08000000 00000000  T.@.............
 0090 00000000 00000000 00000000 00000000  ................
 00a0 2c000000 0200c001 00000800 00000000  ,...............
 00b0 d0054000 00000000 84000000 00000000  ..@.............
 00c0 00000000 00000000 00000000 00000000  ................
 00d0 3c000000 02007f03 00000800 00000000  <...............
 00e0 f4034000 00000000 08000000 00000000  ..@.............
 00f0 5c064000 00000000 08000000 00000000  \.@.............
 0100 00000000 00000000 00000000 00000000  ................
Contents of section .debug_info:
 0000 a7000000 02000000 00000801 00000000  ................
 0010 60044000 00000000 a8044000 00000000  `.@.......@.....
 0020 2e2e2f73 79736465 70732f61 61726368  ../sysdeps/aarch
 0030 36342f73 74617274 2e53002f 686f6d65  64/start.S./home
 0040 2f746377 672d6275 696c6473 6c617665  /tcwg-buildslave
 0050 2f776f72 6b737061 63652f74 6377672d  /workspace/tcwg-
 0060 6d616b65 2d72656c 65617365 5f302f73  make-release_0/s
 0070 6e617073 686f7473 2f676c69 62632e67  napshots/glibc.g
 0080 69747e72 656c6561 73657e32 2e32357e  it~release~2.25~
 0090 6d617374 65722f63 73750047 4e552041  master/csu.GNU A
 00a0 5320322e 32382e32 00018073 00000004  S 2.28.2...s....
 00b0 00140000 0008014c 0000000c 50020000  .......L....P...
 00c0 f9000000 5a000000 0201083e 00000002  ....Z......>....
 00d0 02071200 00000204 07050000 00020807  ................
 00e0 00000000 02010640 00000002 02052500  .......@......%.
 00f0 00000304 05696e74 00044700 00000208  .....int..G.....
 0100 055e0100 00020108 47000000 052f0000  .^......G..../..
 0110 0001184e 00000009 03680640 00000000  ...N.....h.@....
 0120 00009a00 00000200 52000000 08018100  ........R.......
 0130 00000000 00002e2e 2f737973 64657073  ......../sysdeps
 0140 2f616172 63683634 2f637274 692e5300  /aarch64/crti.S.
 0150 2f686f6d 652f7463 77672d62 75696c64  /home/tcwg-build
 0160 736c6176 652f776f 726b7370 6163652f  slave/workspace/
 0170 74637767 2d6d616b 652d7265 6c656173  tcwg-make-releas
 0180 655f302f 736e6170 73686f74 732f676c  e_0/snapshots/gl
 0190 6962632e 6769747e 72656c65 6173657e  ibc.git~release~
 01a0 322e3235 7e6d6173 7465722f 63737500  2.25~master/csu.
 01b0 474e5520 41532032 2e32382e 32000180  GNU AS 2.28.2...
 01c0 bb010000 04006400 00000801 81010000  ......d.........
 01d0 0c4c0200 00f90000 00d00540 00000000  .L.........@....
 01e0 00840000 00000000 00fd0000 00020805  ................
 01f0 5e010000 037a0100 0002d844 00000004  ^....z.....D....
 0200 34000000 02080700 00000002 04070500  4...............
 0210 00000208 05590100 00021004 ad020000  .....Y..........
 0220 056b0000 006b0000 00060007 08710000  .k...k.......q..
 0230 00088600 00000986 00000009 8d000000  ................
 0240 098d0000 00000a04 05696e74 00070893  .........int....
 0250 00000007 08990000 00020108 47000000  ............G...
 0260 0b780200 00012860 0000000b b9020000  .x....(`........
 0270 012a6000 00000b67 01000001 2c600000  .*`....g....,`..
 0280 000bcd02 0000012e 60000000 05d70000  ........`.......
 0290 00d70000 00060007 08dd0000 000c0b39  ...............9
 02a0 02000001 30cc0000 000b6702 00000131  ....0.....g....1
 02b0 cc000000 0d570200 00015f50 06400000  .....W...._P.@..
 02c0 00000004 00000000 00000001 9c0e9802  ................
 02d0 00000143 d0054000 00000000 80000000  ...C..@.........
 02e0 00000000 019cb301 00000f8e 02000001  ................
 02f0 43860000 00000000 000fa802 00000143  C..............C
 0300 8d000000 4c000000 0f340200 0001438d  ....L....4....C.
 0310 00000098 00000010 93020000 01563f00  .............V?.
 0320 0000e400 0000110c 06400000 00000030  .........@.....0
 0330 00000000 000000a5 01000012 69000157  ............i..W
 0340 34000000 07010000 13300640 00000000  4........0.@....
 0350 00140150 02860014 01510287 00140152  ...P.....Q.....R
 0360 02880000 00150c06 40000000 0000b301  ........@.......
 0370 00000016 a2020000 a2020000 0137009a  .............7..
 0380 00000002 007c0100 00080103 02000050  .....|.........P
 0390 0000002e 2e2f7379 73646570 732f6161  ...../sysdeps/aa
 03a0 72636836 342f6372 746e2e53 002f686f  rch64/crtn.S./ho
 03b0 6d652f74 6377672d 6275696c 64736c61  me/tcwg-buildsla
 03c0 76652f77 6f726b73 70616365 2f746377  ve/workspace/tcw
 03d0 672d6d61 6b652d72 656c6561 73655f30  g-make-release_0
 03e0 2f736e61 7073686f 74732f67 6c696263  /snapshots/glibc
 03f0 2e676974 7e72656c 65617365 7e322e32  .git~release~2.2
 0400 357e6d61 73746572 2f637375 00474e55  5~master/csu.GNU
 0410 20415320 322e3238 2e320001 80         AS 2.28.2...   
Contents of section .debug_abbrev:
 0000 01110010 06110112 0103081b 08250813  .............%..
 0010 05000000 01110125 0e130b03 0e1b0e10  .......%........
 0020 17000002 24000b0b 3e0b030e 00000324  ....$...>......$
 0030 000b0b3e 0b030800 00042600 49130000  ...>......&.I...
 0040 05340003 0e3a0b3b 0b49133f 19021800  .4...:.;.I.?....
 0050 00000111 00100655 0603081b 08250813  .......U.....%..
 0060 05000000 01110125 0e130b03 0e1b0e11  .......%........
 0070 01120710 17000002 24000b0b 3e0b030e  ........$...>...
 0080 00000316 00030e3a 0b3b0b49 13000004  .......:.;.I....
 0090 26004913 00000501 01491301 13000006  &.I......I......
 00a0 21000000 070f000b 0b491300 00081501  !........I......
 00b0 27190113 00000905 00491300 000a2400  '........I....$.
 00c0 0b0b3e0b 03080000 0b340003 0e3a0b3b  ..>......4...:.;
 00d0 0b49133f 193c1900 000c1500 27190000  .I.?.<......'...
 00e0 0d2e003f 19030e3a 0b3b0b27 19110112  ...?...:.;.'....
 00f0 07401897 42190000 0e2e013f 19030e3a  .@..B......?...:
 0100 0b3b0b27 19110112 07401897 42190113  .;.'.....@..B...
 0110 00000f05 00030e3a 0b3b0b49 13021700  .......:.;.I....
 0120 00103400 030e3a0b 3b0b4913 02170000  ..4...:.;.I.....
 0130 110b0111 01120701 13000012 34000308  ............4...
 0140 3a0b3b0b 49130217 00001389 82010111  :.;.I...........
 0150 01000014 8a820100 02189142 18000015  ...........B....
 0160 89820100 11013113 0000162e 003f193c  ......1......?.<
 0170 196e0e03 0e3a0b3b 0b000000 01110010  .n...:.;........
 0180 06550603 081b0825 08130500 0000      .U.....%......  
Contents of section .debug_line:
 0000 56000000 02003100 00000401 fb0e0d00  V.....1.........
 0010 01010101 00000001 0000012e 2e2f7379  ............./sy
 0020 73646570 732f6161 72636836 34000073  sdeps/aarch64..s
 0030 74617274 2e530001 00000000 09026004  tart.S........`.
 0040 40000000 00000331 01212323 2123030d  @......1.!##!#..
 0050 20212127 23020800 01012300 00000200   !!'#.....#.....
 0060 1d000000 0401fb0e 0d000101 01010000  ................
 0070 00010000 0100696e 69742e63 00000000  ......init.c....
 0080 00780000 00020030 00000004 01fb0e0d  .x.....0........
 0090 00010101 01000000 01000001 2e2e2f73  ............../s
 00a0 79736465 70732f61 61726368 36340000  ysdeps/aarch64..
 00b0 63727469 2e530001 00000000 0902a804  crti.S..........
 00c0 40000000 0000033e 01212121 22020100  @......>.!!!"...
 00d0 01010009 02e80340 00000000 0003cc00  .......@........
 00e0 01212202 01000101 00090254 06400000  .!"........T.@..
 00f0 00000003 d9000121 02010001 01020100  .......!........
 0100 000200b8 00000004 01fb0e0d 00010101  ................
 0110 01000000 01000001 2f686f6d 652f7463  ......../home/tc
 0120 77672d62 75696c64 736c6176 652f776f  wg-buildslave/wo
 0130 726b7370 6163652f 74637767 2d6d616b  rkspace/tcwg-mak
 0140 652d7265 6c656173 655f302f 5f627569  e-release_0/_bui
 0150 6c642f62 75696c64 732f6465 73746469  ld/builds/destdi
 0160 722f7838 365f3634 2d756e6b 6e6f776e  r/x86_64-unknown
 0170 2d6c696e 75782d67 6e752f6c 69622f67  -linux-gnu/lib/g
 0180 63632f61 61726368 36342d6c 696e7578  cc/aarch64-linux
 0190 2d676e75 2f372e35 2e302f69 6e636c75  -gnu/7.5.0/inclu
 01a0 64650000 656c662d 696e6974 2e630000  de..elf-init.c..
 01b0 00007374 64646566 2e680001 00000000  ..stddef.h......
 01c0 0902d005 40000000 000003c3 00010312  ....@...........
 01d0 3c036e4a 03122003 6e200312 3c036e20  <.nJ.. .n ..<.n 
 01e0 030f2024 2e000204 03210002 04034900  .. $.....!....I.
 01f0 02040321 00020403 1f3e5f03 0a010201  ...!.....>_.....
 0200 0001015e 00000002 00300000 000401fb  ...^.....0......
 0210 0e0d0001 01010100 00000100 00012e2e  ................
 0220 2f737973 64657073 2f616172 63683634  /sysdeps/aarch64
 0230 00006372 746e2e53 00010000 00000902  ..crtn.S........
 0240 f4034000 00000000 03280121 02010001  ..@......(.!....
 0250 01000902 5c064000 00000000 032c0121  ....\.@......,.!
 0260 02010001 01                          .....           
Contents of section .debug_frame:
 0000 0c000000 ffffffff 01000478 1e0c1f00  ...........x....
 0010 3c000000 00000000 d0054000 00000000  <.........@.....
 0020 80000000 00000000 410e409d 089e0741  ........A.@....A
 0030 0d1d4194 05950447 96039702 98014793  ..A....G......G.
 0040 064ad344 deddd8d6 d7d4d50c 1f000000  .J.D............
 0050 14000000 00000000 50064000 00000000  ........P.@.....
 0060 04000000 00000000                    ........        
Contents of section .debug_str:
 0000 6c6f6e67 20756e73 69676e65 6420696e  long unsigned in
 0010 74007368 6f727420 756e7369 676e6564  t.short unsigned
 0020 20696e74 0073686f 72742069 6e74005f   int.short int._
 0030 494f5f73 7464696e 5f757365 6400756e  IO_stdin_used.un
 0040 7369676e 65642063 68617200 474e5520  signed char.GNU 
 0050 43313120 372e352e 30202d6d 61726368  C11 7.5.0 -march
 0060 3d61726d 76382d61 202d6d6c 6974746c  =armv8-a -mlittl
 0070 652d656e 6469616e 202d6d61 62693d6c  e-endian -mabi=l
 0080 70363420 2d67202d 4f32202d 7374643d  p64 -g -O2 -std=
 0090 676e7531 31202d66 676e7538 392d696e  gnu11 -fgnu89-in
 00a0 6c696e65 202d666d 65726765 2d616c6c  line -fmerge-all
 00b0 2d636f6e 7374616e 7473202d 66726f75  -constants -frou
 00c0 6e64696e 672d6d61 7468202d 666e6f2d  nding-math -fno-
 00d0 73746163 6b2d7072 6f746563 746f7220  stack-protector 
 00e0 2d66746c 732d6d6f 64656c3d 696e6974  -ftls-model=init
 00f0 69616c2d 65786563 002f686f 6d652f74  ial-exec./home/t
 0100 6377672d 6275696c 64736c61 76652f77  cwg-buildslave/w
 0110 6f726b73 70616365 2f746377 672d6d61  orkspace/tcwg-ma
 0120 6b652d72 656c6561 73655f30 2f736e61  ke-release_0/sna
 0130 7073686f 74732f67 6c696263 2e676974  pshots/glibc.git
 0140 7e72656c 65617365 7e322e32 357e6d61  ~release~2.25~ma
 0150 73746572 2f637375 006c6f6e 67206c6f  ster/csu.long lo
 0160 6e672069 6e74005f 5f696e69 745f6172  ng int.__init_ar
 0170 7261795f 73746172 74007369 7a655f74  ray_start.size_t
 0180 00474e55 20433131 20372e35 2e30202d  .GNU C11 7.5.0 -
 0190 6d617263 683d6172 6d76382d 61202d6d  march=armv8-a -m
 01a0 6c697474 6c652d65 6e646961 6e202d6d  little-endian -m
 01b0 6162693d 6c703634 202d6720 2d4f3220  abi=lp64 -g -O2 
 01c0 2d737464 3d676e75 3131202d 66676e75  -std=gnu11 -fgnu
 01d0 38392d69 6e6c696e 65202d66 6d657267  89-inline -fmerg
 01e0 652d616c 6c2d636f 6e737461 6e747320  e-all-constants 
 01f0 2d66726f 756e6469 6e672d6d 61746820  -frounding-math 
 0200 2d666e6f 2d737461 636b2d70 726f7465  -fno-stack-prote
 0210 63746f72 202d6650 4943202d 66746c73  ctor -fPIC -ftls
 0220 2d6d6f64 656c3d69 6e697469 616c2d65  -model=initial-e
 0230 78656300 656e7670 005f5f66 696e695f  xec.envp.__fini_
 0240 61727261 795f7374 61727400 656c662d  array_start.elf-
 0250 696e6974 2e63005f 5f6c6962 635f6373  init.c.__libc_cs
 0260 755f6669 6e69005f 5f66696e 695f6172  u_fini.__fini_ar
 0270 7261795f 656e6400 5f5f7072 65696e69  ray_end.__preini
 0280 745f6172 7261795f 73746172 74006172  t_array_start.ar
 0290 67630073 697a6500 5f5f6c69 62635f63  gc.size.__libc_c
 02a0 73755f69 6e697400 61726776 006c6f6e  su_init.argv.lon
 02b0 6720646f 75626c65 005f5f70 7265696e  g double.__prein
 02c0 69745f61 72726179 5f656e64 005f5f69  it_array_end.__i
 02d0 6e69745f 61727261 795f656e 6400      nit_array_end.  
Contents of section .debug_loc:
 0000 00000000 00000000 3b000000 00000000  ........;.......
 0010 0100503b 00000000 00000074 00000000  ..P;.......t....
 0020 00000001 00667400 00000000 00008000  .....ft.........
 0030 00000000 00000400 f301509f 00000000  ..........P.....
 0040 00000000 00000000 00000000 00000000  ................
 0050 00000000 3b000000 00000000 0100513b  ....;.........Q;
 0060 00000000 00000074 00000000 00000001  .......t........
 0070 00677400 00000000 00008000 00000000  .gt.............
 0080 00000400 f301519f 00000000 00000000  ......Q.........
 0090 00000000 00000000 00000000 00000000  ................
 00a0 3b000000 00000000 0100523b 00000000  ;.........R;....
 00b0 00000078 00000000 00000001 00687800  ...x.........hx.
 00c0 00000000 00008000 00000000 00000400  ................
 00d0 f301529f 00000000 00000000 00000000  ..R.............
 00e0 00000000 3c000000 00000000 70000000  ....<.......p...
 00f0 00000000 01006400 00000000 00000000  ......d.........
 0100 00000000 0000003c 00000000 00000048  .......<.......H
 0110 00000000 00000002 00309f48 00000000  .........0.H....
 0120 0000005c 00000000 00000001 00635c00  ...\.........c\.
 0130 00000000 00006000 00000000 00000300  ......`.........
 0140 837f9f60 00000000 0000006c 00000000  ...`.......l....
 0150 00000001 00630000 00000000 00000000  .....c..........
 0160 00000000 0000                        ......          
Contents of section .debug_ranges:
 0000 ffffffff ffffffff 00000000 00000000  ................
 0010 a8044000 00000000 bc044000 00000000  ..@.......@.....
 0020 e8034000 00000000 f4034000 00000000  ..@.......@.....
 0030 54064000 00000000 5c064000 00000000  T.@.....\.@.....
 0040 00000000 00000000 00000000 00000000  ................
 0050 ffffffff ffffffff 00000000 00000000  ................
 0060 f4034000 00000000 fc034000 00000000  ..@.......@.....
 0070 5c064000 00000000 64064000 00000000  \.@.....d.@.....
 0080 00000000 00000000 00000000 00000000  ................

Disassembly of section .init:

00000000004003e8 <_init>:
  4003e8:    a9bf7bfd     stp    x29, x30, [sp, #-16]!
  4003ec:    910003fd     mov    x29, sp
  4003f0:    9400002e     bl    4004a8 <call_weak_fn>
  4003f4:    a8c17bfd     ldp    x29, x30, [sp], #16
  4003f8:    d65f03c0     ret

Disassembly of section .plt:

0000000000400400 <.plt>:
  400400:    a9bf7bf0     stp    x16, x30, [sp, #-16]!
  400404:    90000090     adrp    x16, 410000 <__FRAME_END__+0xf970>
  400408:    f947fe11     ldr    x17, [x16, #4088]
  40040c:    913fe210     add    x16, x16, #0xff8
  400410:    d61f0220     br    x17
  400414:    d503201f     nop
  400418:    d503201f     nop
  40041c:    d503201f     nop

0000000000400420 <__libc_start_main@plt>:
  400420:    b0000090     adrp    x16, 411000 <__libc_start_main@GLIBC_2.17>
  400424:    f9400211     ldr    x17, [x16]
  400428:    91000210     add    x16, x16, #0x0
  40042c:    d61f0220     br    x17

0000000000400430 <__gmon_start__@plt>:
  400430:    b0000090     adrp    x16, 411000 <__libc_start_main@GLIBC_2.17>
  400434:    f9400611     ldr    x17, [x16, #8]
  400438:    91002210     add    x16, x16, #0x8
  40043c:    d61f0220     br    x17

0000000000400440 <abort@plt>:
  400440:    b0000090     adrp    x16, 411000 <__libc_start_main@GLIBC_2.17>
  400444:    f9400a11     ldr    x17, [x16, #16]
  400448:    91004210     add    x16, x16, #0x10
  40044c:    d61f0220     br    x17

0000000000400450 <printf@plt>:
  400450:    b0000090     adrp    x16, 411000 <__libc_start_main@GLIBC_2.17>
  400454:    f9400e11     ldr    x17, [x16, #24]
  400458:    91006210     add    x16, x16, #0x18
  40045c:    d61f0220     br    x17

Disassembly of section .text:

0000000000400460 <_start>:
  400460:    d280001d     mov    x29, #0x0                       // #0
  400464:    d280001e     mov    x30, #0x0                       // #0
  400468:    aa0003e5     mov    x5, x0
  40046c:    f94003e1     ldr    x1, [sp]
  400470:    910023e2     add    x2, sp, #0x8
  400474:    910003e6     mov    x6, sp
  400478:    580000c0     ldr    x0, 400490 <_start+0x30>
  40047c:    580000e3     ldr    x3, 400498 <_start+0x38>
  400480:    58000104     ldr    x4, 4004a0 <_start+0x40>
  400484:    97ffffe7     bl    400420 <__libc_start_main@plt>
  400488:    97ffffee     bl    400440 <abort@plt>
  40048c:    00000000     .inst    0x00000000 ; undefined
  400490:    00400584     .word    0x00400584
  400494:    00000000     .word    0x00000000
  400498:    004005d0     .word    0x004005d0
  40049c:    00000000     .word    0x00000000
  4004a0:    00400650     .word    0x00400650
  4004a4:    00000000     .word    0x00000000

00000000004004a8 <call_weak_fn>:
  4004a8:    90000080     adrp    x0, 410000 <__FRAME_END__+0xf970>
  4004ac:    f947f000     ldr    x0, [x0, #4064]
  4004b0:    b4000040     cbz    x0, 4004b8 <call_weak_fn+0x10>
  4004b4:    17ffffdf     b    400430 <__gmon_start__@plt>
  4004b8:    d65f03c0     ret
  4004bc:    00000000     .inst    0x00000000 ; undefined

00000000004004c0 <deregister_tm_clones>:
  4004c0:    b0000080     adrp    x0, 411000 <__libc_start_main@GLIBC_2.17>
  4004c4:    9100e000     add    x0, x0, #0x38
  4004c8:    b0000081     adrp    x1, 411000 <__libc_start_main@GLIBC_2.17>
  4004cc:    9100e021     add    x1, x1, #0x38
  4004d0:    eb00003f     cmp    x1, x0
  4004d4:    540000a0     b.eq    4004e8 <deregister_tm_clones+0x28>  // b.none
  4004d8:    90000001     adrp    x1, 400000 <_init-0x3e8>
  4004dc:    f9433821     ldr    x1, [x1, #1648]
  4004e0:    b4000041     cbz    x1, 4004e8 <deregister_tm_clones+0x28>
  4004e4:    d61f0020     br    x1
  4004e8:    d65f03c0     ret
  4004ec:    d503201f     nop

00000000004004f0 <register_tm_clones>:
  4004f0:    b0000080     adrp    x0, 411000 <__libc_start_main@GLIBC_2.17>
  4004f4:    9100e000     add    x0, x0, #0x38
  4004f8:    b0000081     adrp    x1, 411000 <__libc_start_main@GLIBC_2.17>
  4004fc:    9100e021     add    x1, x1, #0x38
  400500:    cb000021     sub    x1, x1, x0
  400504:    9343fc21     asr    x1, x1, #3
  400508:    8b41fc21     add    x1, x1, x1, lsr #63
  40050c:    9341fc21     asr    x1, x1, #1
  400510:    b40000a1     cbz    x1, 400524 <register_tm_clones+0x34>
  400514:    90000002     adrp    x2, 400000 <_init-0x3e8>
  400518:    f9433c42     ldr    x2, [x2, #1656]
  40051c:    b4000042     cbz    x2, 400524 <register_tm_clones+0x34>
  400520:    d61f0040     br    x2
  400524:    d65f03c0     ret

0000000000400528 <__do_global_dtors_aux>:
  400528:    a9be7bfd     stp    x29, x30, [sp, #-32]!
  40052c:    910003fd     mov    x29, sp
  400530:    f9000bf3     str    x19, [sp, #16]
  400534:    b0000093     adrp    x19, 411000 <__libc_start_main@GLIBC_2.17>
  400538:    3940e260     ldrb    w0, [x19, #56]
  40053c:    35000080     cbnz    w0, 40054c <__do_global_dtors_aux+0x24>
  400540:    97ffffe0     bl    4004c0 <deregister_tm_clones>
  400544:    52800020     mov    w0, #0x1                       // #1
  400548:    3900e260     strb    w0, [x19, #56]
  40054c:    f9400bf3     ldr    x19, [sp, #16]
  400550:    a8c27bfd     ldp    x29, x30, [sp], #32
  400554:    d65f03c0     ret

0000000000400558 <frame_dummy>:
  400558:    17ffffe6     b    4004f0 <register_tm_clones>

000000000040055c <func>:
  40055c:    a9be7bfd     stp    x29, x30, [sp, #-32]!
  400560:    910003fd     mov    x29, sp
  400564:    b9001fa0     str    w0, [x29, #28]
  400568:    90000000     adrp    x0, 400000 <_init-0x3e8>
  40056c:    911a0000     add    x0, x0, #0x680
  400570:    b9401fa1     ldr    w1, [x29, #28]
  400574:    97ffffb7     bl    400450 <printf@plt>
  400578:    d503201f     nop
  40057c:    a8c27bfd     ldp    x29, x30, [sp], #32
  400580:    d65f03c0     ret

0000000000400584 <main>:
  400584:    a9be7bfd     stp    x29, x30, [sp, #-32]!
  400588:    910003fd     mov    x29, sp
  40058c:    528000c0     mov    w0, #0x6                       // #6
  400590:    b9001fa0     str    w0, [x29, #28]
  400594:    b0000080     adrp    x0, 411000 <__libc_start_main@GLIBC_2.17>
  400598:    9100d000     add    x0, x0, #0x34
  40059c:    b9400001     ldr    w1, [x0]
  4005a0:    b0000080     adrp    x0, 411000 <__libc_start_main@GLIBC_2.17>
  4005a4:    9100f000     add    x0, x0, #0x3c
  4005a8:    b9400000     ldr    w0, [x0]
  4005ac:    0b000021     add    w1, w1, w0
  4005b0:    b9401fa0     ldr    w0, [x29, #28]
  4005b4:    0b000021     add    w1, w1, w0
  4005b8:    b9401ba0     ldr    w0, [x29, #24]
  4005bc:    0b000020     add    w0, w1, w0
  4005c0:    97ffffe7     bl    40055c <func>
  4005c4:    b9401fa0     ldr    w0, [x29, #28]
  4005c8:    a8c27bfd     ldp    x29, x30, [sp], #32
  4005cc:    d65f03c0     ret

00000000004005d0 <__libc_csu_init>:
  4005d0:    a9bc7bfd     stp    x29, x30, [sp, #-64]!
  4005d4:    910003fd     mov    x29, sp
  4005d8:    a901d7f4     stp    x20, x21, [sp, #24]
  4005dc:    90000094     adrp    x20, 410000 <__FRAME_END__+0xf970>
  4005e0:    90000095     adrp    x21, 410000 <__FRAME_END__+0xf970>
  4005e4:    91380294     add    x20, x20, #0xe00
  4005e8:    9137e2b5     add    x21, x21, #0xdf8
  4005ec:    a902dff6     stp    x22, x23, [sp, #40]
  4005f0:    cb150294     sub    x20, x20, x21
  4005f4:    f9001ff8     str    x24, [sp, #56]
  4005f8:    2a0003f6     mov    w22, w0
  4005fc:    aa0103f7     mov    x23, x1
  400600:    9343fe94     asr    x20, x20, #3
  400604:    aa0203f8     mov    x24, x2
  400608:    97ffff78     bl    4003e8 <_init>
  40060c:    b4000194     cbz    x20, 40063c <__libc_csu_init+0x6c>
  400610:    f9000bb3     str    x19, [x29, #16]
  400614:    d2800013     mov    x19, #0x0                       // #0
  400618:    f8737aa3     ldr    x3, [x21, x19, lsl #3]
  40061c:    aa1803e2     mov    x2, x24
  400620:    aa1703e1     mov    x1, x23
  400624:    2a1603e0     mov    w0, w22
  400628:    91000673     add    x19, x19, #0x1
  40062c:    d63f0060     blr    x3
  400630:    eb13029f     cmp    x20, x19
  400634:    54ffff21     b.ne    400618 <__libc_csu_init+0x48>  // b.any
  400638:    f9400bb3     ldr    x19, [x29, #16]
  40063c:    a941d7f4     ldp    x20, x21, [sp, #24]
  400640:    a942dff6     ldp    x22, x23, [sp, #40]
  400644:    f9401ff8     ldr    x24, [sp, #56]
  400648:    a8c47bfd     ldp    x29, x30, [sp], #64
  40064c:    d65f03c0     ret

0000000000400650 <__libc_csu_fini>:
  400650:    d65f03c0     ret

Disassembly of section .fini:

0000000000400654 <_fini>:
  400654:    a9bf7bfd     stp    x29, x30, [sp, #-16]!
  400658:    910003fd     mov    x29, sp
  40065c:    a8c17bfd     ldp    x29, x30, [sp], #16
  400660:    d65f03c0     ret

参考文献:

[1]. Meaning of "CONTENTS, ALLOC, LOAD, READONLY, CODE" in ELF sections - Lynxbee

[2]. aarch64-linux-gnu-objdump(1) — Arch manual pages (archlinux.org)

[3]. aarch64-linux-gnu-objcopy(1) — Arch manual pages (archlinux.org)


Carlos
35 声望8 粉丝

嵌入式 \ Linux \ ARM \ Security