linux中的readelf命令簡介
阿新 • • 發佈:2019-01-06
之前我們玩過file命令, 瞭解了ELF檔案, 其實就是Executable & Linkable Format, 是一種檔案格式, 我們常見的目標檔案、動態庫和可執行檔案, 都屬於這個型別。 在本文中, 我們僅僅以可執行檔案為例來進行介紹readelf命令, 這個命令的作用就是讀取ELF檔案中資訊, 也可以用man命令窺其全貌。 下面, 我們一起來看看:
main.c中的內容為:
生成a.out檔案, 用readelf檔案讀取一下, 得到:#include <stdio.h> int add(int x, int y) { return x + y; } int aaa; int bbb = 1; char szTest[] = "good"; int main() { int ccc = 2; return 0; }
[[email protected] learn_readelf]$ gcc main.c
[[email protected] learn_readelf]$ strip a.out
[[email protected] learn_readelf]$ readelf -a a.out
ELF Header:
Magic: 7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - Linux
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x80482e0
Start of program headers: 52 (bytes into file)
Start of section headers: 1876 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 8
Size of section headers: 40 (bytes)
Number of section headers: 30
Section header string table index: 27
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .interp PROGBITS 08048134 000134 000013 00 A 0 0 1
[ 2] .note.ABI-tag NOTE 08048148 000148 000020 00 A 0 0 4
[ 3] .note.gnu.build-i NOTE 08048168 000168 000024 00 A 0 0 4
[ 4] .gnu.hash GNU_HASH 0804818c 00018c 000020 04 A 5 0 4
[ 5] .dynsym DYNSYM 080481ac 0001ac 000040 10 A 6 1 4
[ 6] .dynstr STRTAB 080481ec 0001ec 000045 00 A 0 0 1
[ 7] .gnu.version VERSYM 08048232 000232 000008 02 A 5 0 2
[ 8] .gnu.version_r VERNEED 0804823c 00023c 000020 00 A 6 1 4
[ 9] .rel.dyn REL 0804825c 00025c 000008 08 A 5 0 4
[10] .rel.plt REL 08048264 000264 000010 08 A 5 12 4
[11] .init PROGBITS 08048274 000274 000030 00 AX 0 0 4
[12] .plt PROGBITS 080482a4 0002a4 000030 04 AX 0 0 4
[13] .text PROGBITS 080482e0 0002e0 00017c 00 AX 0 0 16
[14] .fini PROGBITS 0804845c 00045c 00001c 00 AX 0 0 4
[15] .rodata PROGBITS 08048478 000478 00000c 00 A 0 0 4
[16] .eh_frame_hdr PROGBITS 08048484 000484 000024 00 A 0 0 4
[17] .eh_frame PROGBITS 080484a8 0004a8 00007c 00 A 0 0 4
[18] .ctors PROGBITS 08049524 000524 000008 00 WA 0 0 4
[19] .dtors PROGBITS 0804952c 00052c 000008 00 WA 0 0 4
[20] .jcr PROGBITS 08049534 000534 000004 00 WA 0 0 4
[21] .dynamic DYNAMIC 08049538 000538 0000c8 08 WA 6 0 4
[22] .got PROGBITS 08049600 000600 000004 04 WA 0 0 4
[23] .got.plt PROGBITS 08049604 000604 000014 04 WA 0 0 4
[24] .data PROGBITS 08049618 000618 000010 00 WA 0 0 4
[25] .bss NOBITS 08049628 000628 00000c 00 WA 0 0 4
[26] .comment PROGBITS 00000000 000628 00002d 01 MS 0 0 1
[27] .shstrtab STRTAB 00000000 000655 0000fc 00 0 0 1
[28] .symtab SYMTAB 00000000 000c04 000440 10 29 45 4
[29] .strtab STRTAB 00000000 001044 0001fd 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no section groups in this file.
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x08048034 0x08048034 0x00100 0x00100 R E 0x4
INTERP 0x000134 0x08048134 0x08048134 0x00013 0x00013 R 0x1
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD 0x000000 0x08048000 0x08048000 0x00524 0x00524 R E 0x1000
LOAD 0x000524 0x08049524 0x08049524 0x00104 0x00110 RW 0x1000
DYNAMIC 0x000538 0x08049538 0x08049538 0x000c8 0x000c8 RW 0x4
NOTE 0x000148 0x08048148 0x08048148 0x00044 0x00044 R 0x4
GNU_EH_FRAME 0x000484 0x08048484 0x08048484 0x00024 0x00024 R 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
04 .dynamic
05 .note.ABI-tag .note.gnu.build-id
06 .eh_frame_hdr
07
Dynamic section at offset 0x538 contains 20 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000c (INIT) 0x8048274
0x0000000d (FINI) 0x804845c
0x6ffffef5 (GNU_HASH) 0x804818c
0x00000005 (STRTAB) 0x80481ec
0x00000006 (SYMTAB) 0x80481ac
0x0000000a (STRSZ) 69 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000015 (DEBUG) 0x0
0x00000003 (PLTGOT) 0x8049604
0x00000002 (PLTRELSZ) 16 (bytes)
0x00000014 (PLTREL) REL
0x00000017 (JMPREL) 0x8048264
0x00000011 (REL) 0x804825c
0x00000012 (RELSZ) 8 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x6ffffffe (VERNEED) 0x804823c
0x6fffffff (VERNEEDNUM) 1
0x6ffffff0 (VERSYM) 0x8048232
0x00000000 (NULL) 0x0
Relocation section '.rel.dyn' at offset 0x25c contains 1 entries:
Offset Info Type Sym.Value Sym. Name
08049600 00000106 R_386_GLOB_DAT 00000000 __gmon_start__
Relocation section '.rel.plt' at offset 0x264 contains 2 entries:
Offset Info Type Sym.Value Sym. Name
08049610 00000107 R_386_JUMP_SLOT 00000000 __gmon_start__
08049614 00000207 R_386_JUMP_SLOT 00000000 __libc_start_main
There are no unwind sections in this file.
Symbol table '.dynsym' contains 4 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
2: 00000000 0 FUNC GLOBAL DEFAULT UND 可以看到檔案的一些基本資訊。 對了, 我們之前學過strip命令, 對a.out來strip,我們將strip前後用readelf得到的結果分別存於a.txt和b.txt中, 然後用Windows上的BeyondCompare視覺化比較工具進行比較, 發現a.txt和b.txt的主要區別是:b.txt比a.txt少了如下內容:
Symbol table '.symtab' contains 68 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 08048134 0 SECTION LOCAL DEFAULT 1
2: 08048148 0 SECTION LOCAL DEFAULT 2
3: 08048168 0 SECTION LOCAL DEFAULT 3
4: 0804818c 0 SECTION LOCAL DEFAULT 4
5: 080481ac 0 SECTION LOCAL DEFAULT 5
6: 080481ec 0 SECTION LOCAL DEFAULT 6
7: 08048232 0 SECTION LOCAL DEFAULT 7
8: 0804823c 0 SECTION LOCAL DEFAULT 8
9: 0804825c 0 SECTION LOCAL DEFAULT 9
10: 08048264 0 SECTION LOCAL DEFAULT 10
11: 08048274 0 SECTION LOCAL DEFAULT 11
12: 080482a4 0 SECTION LOCAL DEFAULT 12
13: 080482e0 0 SECTION LOCAL DEFAULT 13
14: 0804845c 0 SECTION LOCAL DEFAULT 14
15: 08048478 0 SECTION LOCAL DEFAULT 15
16: 08048484 0 SECTION LOCAL DEFAULT 16
17: 080484a8 0 SECTION LOCAL DEFAULT 17
18: 08049524 0 SECTION LOCAL DEFAULT 18
19: 0804952c 0 SECTION LOCAL DEFAULT 19
20: 08049534 0 SECTION LOCAL DEFAULT 20
21: 08049538 0 SECTION LOCAL DEFAULT 21
22: 08049600 0 SECTION LOCAL DEFAULT 22
23: 08049604 0 SECTION LOCAL DEFAULT 23
24: 08049618 0 SECTION LOCAL DEFAULT 24
25: 08049628 0 SECTION LOCAL DEFAULT 25
26: 00000000 0 SECTION LOCAL DEFAULT 26
27: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
28: 08049524 0 OBJECT LOCAL DEFAULT 18 __CTOR_LIST__
29: 0804952c 0 OBJECT LOCAL DEFAULT 19 __DTOR_LIST__
30: 08049534 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__
31: 08048310 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux
32: 08049628 1 OBJECT LOCAL DEFAULT 25 completed.5963
33: 0804962c 4 OBJECT LOCAL DEFAULT 25 dtor_idx.5965
34: 08048370 0 FUNC LOCAL DEFAULT 13 frame_dummy
35: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
36: 08049528 0 OBJECT LOCAL DEFAULT 18 __CTOR_END__
37: 08048520 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__
38: 08049534 0 OBJECT LOCAL DEFAULT 20 __JCR_END__
39: 08048430 0 FUNC LOCAL DEFAULT 13 __do_global_ctors_aux
40: 00000000 0 FILE LOCAL DEFAULT ABS main.c
41: 08049604 0 OBJECT LOCAL DEFAULT 23 _GLOBAL_OFFSET_TABLE_
42: 08049524 0 NOTYPE LOCAL DEFAULT 18 __init_array_end
43: 08049524 0 NOTYPE LOCAL DEFAULT 18 __init_array_start
44: 08049538 0 OBJECT LOCAL DEFAULT 21 _DYNAMIC
45: 08049618 0 NOTYPE WEAK DEFAULT 24 data_start
46: 08049630 4 OBJECT GLOBAL DEFAULT 25 aaa
47: 080483c0 5 FUNC GLOBAL DEFAULT 13 __libc_csu_fini
48: 080482e0 0 FUNC GLOBAL DEFAULT 13 _start
49: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
50: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
51: 08048478 4 OBJECT GLOBAL DEFAULT 15 _fp_hw
52: 0804845c 0 FUNC GLOBAL DEFAULT 14 _fini
53: 00000000 0 FUNC GLOBAL DEFAULT UND [email protected]@GLIBC_
54: 0804847c 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used
55: 08049618 0 NOTYPE GLOBAL DEFAULT 24 __data_start
56: 08048480 0 OBJECT GLOBAL HIDDEN 15 __dso_handle
57: 08049530 0 OBJECT GLOBAL HIDDEN 19 __DTOR_END__
58: 080483d0 90 FUNC GLOBAL DEFAULT 13 __libc_csu_init
59: 08049620 5 OBJECT GLOBAL DEFAULT 24 szTest
60: 08048394 14 FUNC GLOBAL DEFAULT 13 add
61: 08049628 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
62: 0804961c 4 OBJECT GLOBAL DEFAULT 24 bbb
63: 08049634 0 NOTYPE GLOBAL DEFAULT ABS _end
64: 08049628 0 NOTYPE GLOBAL DEFAULT ABS _edata
65: 0804842a 0 FUNC GLOBAL HIDDEN 13 __i686.get_pc_thunk.bx
66: 080483a2 20 FUNC GLOBAL DEFAULT 13 main
67: 08048274 0 FUNC GLOBAL DEFAULT 11 _init[[email protected] learn_readelf]$ file a.out
a.out: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
[[email protected] learn_readelf]$ nm a.out
nm: a.out: no symbols
[[email protected] learn_readelf]$
readelf就是為了讀取ELF檔案的資訊, 具體每個欄位的含義, 我就不細說了。