段表
段表存储了ELF中各个段的信息,比如:
-
段名
-
段的长度
-
在文件中的偏移
-
读写权限
-
其他属性
使用objdump可以看到6个段:.code、.data、.bss、.rodata、.comment、.note.GNU-stack。
但是省略了其它的辅助段,例如;符号表、字符串表、段名字符串表、重定位表等。
readelf -S和Elf32_Shdr
readelf -S
使用readelf -S来查看全面的段表结构(第一个是无效段):
$ readelf -S Simple.o
There are 14 section headers, starting at offset 0x410:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .text PROGBITS 0000000000000000 00000040
0000000000000062 0000000000000000 AX 0 0 1
[ 2] .rela.text RELA 0000000000000000 000002f0
0000000000000078 0000000000000018 I 11 1 8
[ 3] .data PROGBITS 0000000000000000 000000a4
0000000000000008 0000000000000000 WA 0 0 4
[ 4] .bss NOBITS 0000000000000000 000000ac
0000000000000008 0000000000000000 WA 0 0 4
[ 5] .rodata PROGBITS 0000000000000000 000000ac
0000000000000004 0000000000000000 A 0 0 1
[ 6] .comment PROGBITS 0000000000000000 000000b0
000000000000002c 0000000000000001 MS 0 0 1
[ 7] .note.GNU-stack PROGBITS 0000000000000000 000000dc
0000000000000000 0000000000000000 0 0 1
[ 8] .note.gnu.pr[...] NOTE 0000000000000000 000000e0
0000000000000020 0000000000000000 A 0 0 8
[ 9] .eh_frame PROGBITS 0000000000000000 00000100
0000000000000058 0000000000000000 A 0 0 8
[10] .rela.eh_frame RELA 0000000000000000 00000368
0000000000000030 0000000000000018 I 11 9 8
[11] .symtab SYMTAB 0000000000000000 00000158
0000000000000138 0000000000000018 12 8 8
[12] .strtab STRTAB 0000000000000000 00000290
0000000000000059 0000000000000000 0 0 1
[13] .shstrtab STRTAB 0000000000000000 00000398
0000000000000074 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
D (mbind), l (large), p (processor specific)
|
Elf32_Shdr
段表中的每一个元素对应了一个Elf32_Shdr结构体,其定义在/usr/include/elf.h中:
typedef struct
{
Elf32_Word sh_name;
Elf32_Word sh_type;
Elf32_Word sh_flags;
Elf32_Addr sh_addr;
Elf32_Off sh_offset;
Elf32_Word sh_size;
Elf32_Word sh_link;
Elf32_Word sh_info;
Elf32_Word sh_addralign;
Elf32_Word sh_entsize;
} Elf32_Shdr;
typedef struct
{
Elf64_Word sh_name;
Elf64_Word sh_type;
Elf64_Xword sh_flags;
Elf64_Addr sh_addr;
Elf64_Off sh_offset;
Elf64_Xword sh_size;
Elf64_Word sh_link;
Elf64_Word sh_info;
Elf64_Xword sh_addralign;
Elf64_Xword sh_entsize;
} Elf64_Shdr;
|
| 成员名 |
类型 |
描述 |
| sh_name |
Elf32_Word / Elf64_Word |
节名称(字符串表索引) |
| sh_type |
Elf32_Word / Elf64_Word |
节的类型 |
| sh_flags |
Elf32_Word / Elf64_Xword |
节的标志 |
| sh_addr |
Elf32_Addr / Elf64_Addr |
执行时节的虚拟地址 |
| sh_offset |
Elf32_Off / Elf64_Off |
节在文件中的偏移量 |
| sh_size |
Elf32_Word / Elf64_Xword |
节的大小(以字节为单位) |
| sh_link |
Elf32_Word / Elf64_Word |
链接到另一个节 |
| sh_info |
Elf32_Word / Elf64_Word |
附加的节信息 |
| sh_addralign |
Elf32_Word / Elf64_Xword |
节的对齐方式 |
| sh_entsize |
Elf32_Word / Elf64_Xword |
如果节包含表格,则为条目大小 |
这里的“节”是ELF文件格式中用于组织数据和代码的一种方式,每个节可以包含不同类型的信息,比如代码、数据、符号表等。