Linux readelf命令的使用

其他 2018-10-13 13:38:32 阅读次数: 0

readelf命令是Linux下的分析ELF文件的命令,这个命令在分析ELF文件格式时非常有用,下面以ELF格式可执行文件test为例详细介绍:

readelf -h a.out

显示a.out的ELF Header的文件头信息。

[root@robot ~]# vim main.c
[root@robot ~]# gcc main.c
[root@robot ~]# readelf -h a.out
ELF Header:
  Magic:   7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00
  Class:                             ELF32
  Data:                              2's complement, little endian  // 可以看到是小端的程序
  Version:                           1 (current)
  OS/ABI:                            UNIX - Linux
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Intel 80386
  Version:                           0x1
  Entry point address:               0x8048300  // 载入的地址
  Start of program headers:          52 (bytes into file)
  Start of section headers:          1936 (bytes into file)
  Flags:                             0x0
  Size of this header:               52 (bytes)
  Size of program headers:           32 (bytes)
  Number of program headers:         8
  Size of section headers:           40 (bytes)
  Number of section headers:         30
  Section header string table index: 27
[root@robot ~]#

readelf -l a.out

显示a.out的Program Header Table中的每个Prgram Header Entry的信息(如果有)

查看文件的程序头表信息

[root@robot ~]# readelf -l a.out

Elf file type is EXEC (Executable file)
Entry point 0x8048300
There are 8 program headers, starting at offset 52

Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  PHDR           0x000034 0x08048034 0x08048034 0x00100 0x00100 R E 0x4
  INTERP         0x000134 0x08048134 0x08048134 0x00013 0x00013 R   0x1
      [Requesting program interpreter: /lib/ld-linux.so.2]
  LOAD           0x000000 0x08048000 0x08048000 0x0053c 0x0053c R E 0x1000
  LOAD           0x00053c 0x0804953c 0x0804953c 0x000fc 0x00104 RW  0x1000
  DYNAMIC        0x000550 0x08049550 0x08049550 0x000c8 0x000c8 RW  0x4
  NOTE           0x000148 0x08048148 0x08048148 0x00044 0x00044 R   0x4
  GNU_EH_FRAME   0x00049c 0x0804849c 0x0804849c 0x00024 0x00024 R   0x4
  GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x4

 Section to Segment mapping:
  Segment Sections...
   00
   01     .interp
   02     .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
   03     .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
   04     .dynamic
   05     .note.ABI-tag .note.gnu.build-id
   06     .eh_frame_hdr
   07
[root@robot ~]#

readelf -S a.out

显示a.out的Section Header Table中的每个Section Header Entry的信息(如果有)

显示文件的节信息

[root@robot ~]# readelf -S a.out
There are 30 section headers, starting at offset 0x790:

Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0  0
  [ 1] .interp           PROGBITS        08048134 000134 000013 00   A  0   0  1
  [ 2] .note.ABI-tag     NOTE            08048148 000148 000020 00   A  0   0  4
  [ 3] .note.gnu.build-i NOTE            08048168 000168 000024 00   A  0   0  4
  [ 4] .gnu.hash         GNU_HASH        0804818c 00018c 000020 04   A  5   0  4
  [ 5] .dynsym           DYNSYM          080481ac 0001ac 000050 10   A  6   1  4
  [ 6] .dynstr           STRTAB          080481fc 0001fc 00004a 00   A  0   0  1
  [ 7] .gnu.version      VERSYM          08048246 000246 00000a 02   A  5   0  2
  [ 8] .gnu.version_r    VERNEED         08048250 000250 000020 00   A  6   1  4
  [ 9] .rel.dyn          REL             08048270 000270 000008 08   A  5   0  4
  [10] .rel.plt          REL             08048278 000278 000018 08   A  5  12  4
  [11] .init             PROGBITS        08048290 000290 000030 00  AX  0   0  4
  [12] .plt              PROGBITS        080482c0 0002c0 000040 04  AX  0   0  4
  [13] .text             PROGBITS        08048300 000300 00016c 00  AX  0   0 16
  [14] .fini             PROGBITS        0804846c 00046c 00001c 00  AX  0   0  4
  [15] .rodata           PROGBITS        08048488 000488 000013 00   A  0   0  4
  [16] .eh_frame_hdr     PROGBITS        0804849c 00049c 000024 00   A  0   0  4
  [17] .eh_frame         PROGBITS        080484c0 0004c0 00007c 00   A  0   0  4
  [18] .ctors            PROGBITS        0804953c 00053c 000008 00  WA  0   0  4
  [19] .dtors            PROGBITS        08049544 000544 000008 00  WA  0   0  4
  [20] .jcr              PROGBITS        0804954c 00054c 000004 00  WA  0   0  4
  [21] .dynamic          DYNAMIC         08049550 000550 0000c8 08  WA  6   0  4
  [22] .got              PROGBITS        08049618 000618 000004 04  WA  0   0  4
  [23] .got.plt          PROGBITS        0804961c 00061c 000018 04  WA  0   0  4
  [24] .data             PROGBITS        08049634 000634 000004 00  WA  0   0  4
  [25] .bss              NOBITS          08049638 000638 000008 00  WA  0   0  4
  [26] .comment          PROGBITS        00000000 000638 000059 01  MS  0   0  1
  [27] .shstrtab         STRTAB          00000000 000691 0000fc 00      0   0  1
  [28] .symtab           SYMTAB          00000000 000c40 000410 10     29  45  4
  [29] .strtab           STRTAB          00000000 001050 0001fa 00      0   0  1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)
[root@robot ~]#

readelf -d a.out

显示a.out中的Dynamic Section的信息(如果有)

[root@robot ~]# readelf -d a.out

Dynamic section at offset 0x550 contains 20 entries:
  Tag        Type                         Name/Value
 0x00000001 (NEEDED)                     Shared library: [libc.so.6]
 0x0000000c (INIT)                       0x8048290
 0x0000000d (FINI)                       0x804846c
 0x6ffffef5 (GNU_HASH)                   0x804818c
 0x00000005 (STRTAB)                     0x80481fc
 0x00000006 (SYMTAB)                     0x80481ac
 0x0000000a (STRSZ)                      74 (bytes)
 0x0000000b (SYMENT)                     16 (bytes)
 0x00000015 (DEBUG)                      0x0
 0x00000003 (PLTGOT)                     0x804961c
 0x00000002 (PLTRELSZ)                   24 (bytes)
 0x00000014 (PLTREL)                     REL
 0x00000017 (JMPREL)                     0x8048278
 0x00000011 (REL)                        0x8048270
 0x00000012 (RELSZ)                      8 (bytes)
 0x00000013 (RELENT)                     8 (bytes)
 0x6ffffffe (VERNEED)                    0x8048250
 0x6fffffff (VERNEEDNUM)                 1
 0x6ffffff0 (VERSYM)                     0x8048246
 0x00000000 (NULL)                       0x0
[root@robot ~]#

猜你喜欢

转载自blog.csdn.net/huangyimo/article/details/82758673
今日推荐
开源日报 | Chrome内置Gemini的意义不在于Gemini;中国AI追随之路的五大误区;ECharts创始人“下海”养鱼;谷歌I/O开发者大会什么都有,只是没有惊喜
微软回应中国区AI团队“打包赴美”传闻
基于大语言模型的开源知识库问答系统 MaxKB GitHub Star 数量突破 5,000 个!
美国拟限制 AI 大模型出口中国和俄罗斯
苹果将与 OpenAI 达成协议,将 ChatGPT 应用于 iPhone
openKylin 社区生态委员会第六次会议圆满召开
阿里云正式发布通义千问 2.5
Python 3.13 发布首个 Beta:实验性自由线程模式和 JIT、改进交互式解释器
Stack Overflow 拿我的代码去训练 AI 大模型,还封了我的账号
Pop!_OS 的 COSMIC 桌面完成 App Store 上架工作
《2024 年一季度互联网投融资运行情况》研究报告
报告:Django 仍然是 74% 开发者的首选
周排行
返回指定时间格式
fopen函数中的mode参数
Java 单例模式探讨
Flex remoteobject工作原理探讨
寻找mplayer的便捷安装方法
30天了解30种技术系列---(26)MySQL自动化运维工具Inception
关于Jboss/Tomcat/Jetty的JNDI定义123
程序减肥,strip,eu-strip 及其符号表
AsyncTask、View.post(Runnable)、ViewTreeObserver三种方式总结frame animation自动启动
Json和Bean的互相转换
每日归档
更多
2024-05-15(24)
2024-05-14(0)
2024-05-13(18)
2024-05-12(0)
2024-05-11(38)
2024-05-10(38)
2024-05-09(35)
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022