More resources What is an ELF file? ELF is the abbreviation for Executable and Linkable Format and defines the structure for binaries, libraries, and core files. The formal specification allows the operating system to interpreter its underlying machine instructions correctly. ELF files are typically the output of a compiler or linker and are a binary format. With the right tools, such file can be analyzed and better understood.

Author:Gardakinos Kajijind
Language:English (Spanish)
Published (Last):11 December 2019
PDF File Size:7.96 Mb
ePub File Size:3.63 Mb
Price:Free* [*Free Regsitration Required]

NULL-terminated strings of section names. One can use commands such as readelf -p. The symbol names as NULL-terminated strings are stored in. See paragraphs below. First, the operating system must recognize executable binaries. It allocates memory segments and zeros out the BSS section by calling the padzero function.

If the executable binary is dynamically linked, then the compiler will usually creates an INTERP segment which is usually the same as. To see this, use command readelf -p. To change the runtime linker, compile the program using something like gcc foo. What about ld. Performs any necessary relocations to bind these objects. Calls any initialization functions see below provided by these dependencies.

Compile your own ld. The source code of ld. This link provides general tips for building Glibc. To compile Glibc ld. Failing to do so will end up with weird errors see Question 1.

Since we are only interested in ld. The entry point of ld. One can set the entry point to a different address at compile time by -e option so ld. Make breakpoint pending on future shared library load? At this breakpoint, we can use pmap to see the memory map of a. If we put another breakpoint at main and continue, then when it stops, the memory map would change to this: 8K r-x-- a.

Note that there are two memory regions of KB with null permissions. When ld. Except for. The two [anon] memory segments at 0x and 0x are for sections which do not take space in the ELF binary files. For example, readelf -t xxx. According to ld. To see ld. The above debugging information does not show mmap and mprotect calls. However, we can use strace. A sample disassembly run the command objdump -M intel -dj.

In particular, it will change the address stored at a8 to the actual address of printf in libc. If the code is compiled by GCC, then one will see the following code in. For the compiler part, GCC uses different prolog and epilog files, depending on the compiler command-line options. To see them, execute gcc -dumpspec, and one can see The detailed explanation of GCC spec file is here.

Finally, include either crtbeginT. So, for example, if a program is compiled using dynamic linking which is default , no profiling, no fast math optimizations, then the linking will include the following files in the following order: crt1. Recall the order of invocation of destructors should be the reverse order of invocation of constructors. It initializes gprof related data structures. What user functions will be executed before main and at program exit? To see this, run gcc with -v command, and the last line would be something like Set up the thread stack guard Register the destructor i.

If the last line is not return XX or is simply return, then the value passed to exit would be undefined. Of course, if the user program calls exit or abort, then exit will gets called. Here is the call graph , which is worth a thousand words and see here on how it is generated. Above shows. This means during the linking, the address of main should be resolved and then inserted at the right memory location:.

Value Sym. How to find the address of main of an executable binary? When an ELF executable binary is stripped off symbolic information, it is not clear where the main is located. On bit x86, the calling convention requires that the first argument goes to RDI register, so the address can be extracted by objdump -j. The runtime relocation is done by ld. The link-time relocation is done by the link-editor ld, which uses the relocation table in the object file.

Each symbolic reference has an entry in the relocation table, and each entry contains three fields: offset, info relocation type, symbol table index , and addend.

The relocation types are: Relocation type.


Executable and Linkable Format (ELF)



Executable and Linkable Format



Subscribe to RSS


Related Articles