9.8. Stripping an ELF Object
ELF objects can be stripped, which is a phrase used to refer to the removal of the main symbol table and other sections that are not needed for run time. The main symbol table can consume quite a bit of space and can also give away information about how a program works. Because the main symbol table is not actually needed for program execution, it can be stripped away, leaving a smaller ELF object.
ELF对象可以被剥离。剥离是一个用于表示删除主符号表和运行时不需要的其他部分的短语。 主符号表可以占用相当多的空间,还可以提供有关程序如何工作的信息。 因为程序执行实际上不需要主符号表,所以可以将其剥离,留下较小的ELF对象。
Let’s use libfoo.so to show how strip works and the effects it has on an ELF file:
让我们使用libfoo.so来展示strip是如何工作的以及它对ELF文件的影响:
penguin> ls -l libfoo.so
-rwxr-xr-x 1 wilding build 7301 Jan 16 11:00 libfoo.so
penguin> strip libfoo.so
penguin> ls -l libfoo.so
-rwxr-xr-x 1 wilding build 4668 Jan 16 11:13 libfoo.so
Before stripping the shared library, it contained the following sections:
在剥离共享库之前,它包含以下节:
penguin> readelf -S libfoo.so | egrep "\[.*\] \." awk -F\. '{print
$2}' | awk '{print $1}' | sort | tr "\n"" "; echo "\n"
bss comment ctors data debug_abbrev debug_aranges debug_info debug_line
dtors dynamic dynstr dynsym eh_frame eh_frame_hdr fini gnu gnu got hash
init jcr plt rel rel rodata shstrtab strtab symtab text
After stripping the shared library, it contains the following sections.
剥离共享库后,它包含以下节:
penguin> strip libfoo.so
penguin> readelf -S libfoo.so | egrep "\[.*\] \." | awk -F\. '{print
$2}' | awk '{print $1}' | sort | tr "\n" " " ; echo "\n"
bss comment ctors data dtors dynamic dynstr dynsym eh_frame eh_frame_hdr
fini gnu gnu got hash init jcr plt rel rel rodata shstrtab text
Therefore, stripping the shared library took out sections containing debug information: debug_abbrev, debug_aranges, debug_info, debug_line and the main symbol table with its string table: strtab symtab. Both types of information are not needed at run time.
因此,剥离共享库会删除包含调试信息的部分:debug_abbrev,debug_aranges,debug_info,debug_line以及带有字符串表的主符号表:strtab symtab。 运行时不需要这两种类型的信息。
The biggest problem with stripping an ELF object is that it removes some information that is very useful for debugging problems. Without the main symbol table, static symbols have no symbol name, and all debugging information (if the object was built with debug information) will be removed. This includes information that can help to match line number to function offsest, and so on.
剥离ELF对象的最大问题是它删除了一些对调试问题非常有用的信息。 如果没有主符号表,则静态符号没有符号名称,并且将删除所有调试信息(如果使用调试信息构建对象)。 这包括有助于将行号与功能关系匹配的信息,等等。
The strip command is mildly beneficial for its ability to reduce the size of an ELF file and to protect intellectual property, but it can really hinder investigation efforts. Avoid it if possible.
strip命令对于减小ELF文件大小和保护知识产权的能力是有利的,但它确实可以阻碍调查工作。 尽可能避免使用它。
|
|
