Linux下面的ELF文件主要由ELF头、程序头和各个段组成。
本文使用的示例程序如下。首先把它编译为可执行文件,再使用Linux下面的hexdump命令,把可执行文件完全转换为16进制的表示形式,然后分析这样的表示与ELF文件中各部分的对应关系。
示例程序:
#include
int global_init_var = 84;
int global_uninit_var;
void func1(int i)
{
printf("%d\n", i);
}
int main(int argc, char **argv)
{
static int static_var1 = 85;
static int static_var2;
int a = 1;
int b;
func1(static_var1 + static_var2 + a + b);
return a;
}
使用gcc编译生成二进制可执行文件之后,
gcc exam.c -o exam.out
可以通过反汇编工具objcump来查看文件中各个部分的信息,例如
objdump –d –x –s exam.out
生成的文件中展示了二进制文件中不同的节的解释和描述。
对于二进制文件,在Linux下面,可以通过hexdump命令来以文本的形式表示二进制可执行文件。以下是对exam.out文件执行hexdump命令之后所生成的文件的注释,指明了各个不同的节的开始位置及含义。
文件头:
00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 3e 00 01 00 00 00 c0 03 40 00 00 00 00 00 |..>.......@.....|
phoffset = 40 sh offset = aa0
00000020 40 00 00 00 00 00 00 00 a0 0a 00 00 00 00 00 00||
ehsize=40,phentsiez=38, shentsize=40,shnum=1d
00000030 00 00 00 00 40 00 38 00 08 00 40 00 1d 00 1a 00|[email protected]...@.....|
程序头表,phtable,大小为0x38* 0x8 =
00000040 06 00 00 00 05 00 00 00 40 00 00 00 00 00 00 00 |........@.......|
00000050 40 00 40 00 00 00 00 00 40 00 40 00 00 00 00 00 |@.@.....@.@.....|
00000060 c0 01 00 00 00 00 00 00 c0 01 00 00 00 00 00 00 |................|
00000070 08 00 00 00 00 00 00 0003 00 00 00 04 00 00 00 |................|
00000080 00 02 00 00 00 00 00 00 00 02 40 00 00 00 00 00 |..........@.....|
00000090 00 02 40 00 00 00 00 00 1c 00 00 00 00 00 00 00 |..@.............|
000000a0 1c 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
000000b0 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 |................|
000000c0 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 |..@.......@.....|
000000d0 dc 06 00 00 00 00 00 00 dc 06 00 00 00 00 00 00 |................|
000000e0 00 00 20 00 00 00 00 0001 00 00 00 06 00 00 00 |.. .............|
000000f0 e0 06 00 00 00 00 00 00 e0 06 60 00 00 00 00 00 |..........`.....|
00000100 e0 06 60 00 00 00 00 00 30 02 00 00 00 00 00 00 |..`.....0.......|
00000110 40 02 00 00 00 00 00 00 00 00 20 00 00 00 00 00 |@......... .....|
00000120 02 00 00 00 06 00 00 00 f8 06 00 00 00 00 00 00 |................|
00000130 f8 06 60 00 00 00 00 00 f8 06 60 00 00 00 00 00 |..`.......`.....|
00000140 d0 01 00 00 00 00 00 00 d0 01 00 00 00 00 00 00 |................|
00000150 08 00 00 00 00 00 00 0004 00 00 00 04 00 00 00 |................|
00000160 1c 02 00 00 00 00 00 00 1c 02 40 00 00 00 00 00 |..........@.....|
00000170 1c 02 40 00 00 00 00 00 20 00 00 00 00 00 00 00 |..@..... .......|
00000180 20 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 | ...............|
00000190 50 e5 74 64 04 00 00 00 e0 05 00 00 00 00 00 00 |P.td............|
000001a0 e0 05 40 00 00 00 00 00 e0 05 40 00 00 00 00 00 |..@.......@.....|
000001b0 34 00 00 00 00 00 00 00 34 00 00 00 00 00 00 00 |4.......4.......|
000001c0 04 00 00 00 00 00 00 0051 e5 74 64 06 00 00 00 |........Q.td....|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001f0 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 |................|
.interp节PROGBITS
00000200 2f 6c 69 62 36 34 2f 6c 64 2d 6c 69 6e 75 78 2d |/lib64/ld-linux-|
.note.ABI-tag节NOTE
00000210 78 38 36 2d 36 34 2e 73 6f 2e 32 000400 00 00 |x86-64.so.2.....|
00000220 10 00 00 00 01 00 00 00 47 4e 55 00 00 00 00 00 |........GNU.....|
00000230 02 00 00 00 06 00 00 00 09 00 00 00 00 00 00 00 |................|
.hashHASH
00000240 03 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 |................|
00000250 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000260 00 00 00 00 00 00 00 00.dynsym
0000 00 00 00 00 00 00 |................|
00000270 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000280 0b 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 |................|
00000290 00 00 00 00 00 00 00 00 12 00 00 00 12 00 00 00 |................|
000002a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002b0 24 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 |$... ...........|
000002c0 00 00 00 00 00 00 00 00
.dynstr,字符串表1STRTAB
006c 69 62 63 2e 73 6f |.........libc.so|
000002d0 2e 36 00 70 72 69 6e 74 66 00 5f 5f 6c 69 62 63 |.6.printf.__libc|
000002e0 5f 73 74 61 72 74 5f 6d 61 69 6e 00 5f 5f 67 6d |_start_main.__gm|
000002f0 6f 6e 5f 73 74 61 72 74 5f 5f 00 47 4c 49 42 43 |on_start__.GLIBC|
00000300 5f 32 2e 32 2e 35 00 00.gnu.versionVERSYM
0000 02 00 02 00 00 00 |_2.2.5..........|
.gnu.version_rVERNEED
00000310 01 00 01 00 01 00 00 00 10 00 00 00 00 00 00 00 |................|
00000320 75 1a 69 09 00 00 02 00 33 00 00 00 00 00 00 00 |u.i.....3.......|
.rela.dynRELA
00000330 c8 08 60 00 00 00 00 00 06 00 00 00 03 00 00 00 |..`.............|
00000340 00 00 00 00 00 00 00 00
.rela.pltRELA
e808 60 00 00 00 00 00 |..........`.....|
00000350 07 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 |................|
00000360 f0 08 60 00 00 00 00 00 07 00 00 00 02 00 00 00 |..`.............|
00000370 00 00 00 00 00 00 00 00
.initPROGBITS
4883 ec 08 e8 6b 00 00 |........H....k..|
00000380 00 48 83 c4 08 c3 00 00 00 00 00 00 00 00 00 00 |.H..............|
.pltPROGBITS
00000390 ff 35 42 05 20 00 ff 25 44 05 20 00 0f 1f 40 00 |.5B. ..%D. ...@.|
000003a0 ff 25 42 05 20 00 68 00 00 00 00 e9 e0 ff ff ff |.%B. .h.........|
000003b0 ff 25 3a 05 20 00 68 01 00 00 00 e9 d0 ff ff ff |.%:. .h.........|
.textPROGBITS
000003c0 31 ed 49 89 d1 5e 48 89 e2 48 83 e4 f0 50 54 49 |1.I..^H..H...PTI|
000003d0 c7 c0 30 05 40 00 48 c7 c1 40 05 40 00 48 c7 c7 |[email protected]..@[email protected]..|
000003e0 f1 04 40 00 e8 c7 ff ff ff f4 90 90 48 83 ec 08 |[email protected]...|
000003f0 48 8b 05 d1 04 20 00 48 85 c0 74 02 ff d0 48 83 |H.... .H..t...H.|
00000400 c4 08 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 |...f............|
00000410 b8 17 09 60 00 55 48 2d 10 09 60 00 48 83 f8 0e |...`.UH-..`.H...|
00000420 48 89 e5 77 02 5d c3 b8 00 00 00 00 48 85 c0 74 |H..w.]......H..t|
00000430 f4 5d bf 10 09 60 00 ff e0 0f 1f 80 00 00 00 00 |.]...`..........|
00000440 b8 10 09 60 00 55 48 2d 10 09 60 00 48 c1 f8 03 |...`.UH-..`.H...|
00000450 48 89 e5 48 89 c2 48 c1 ea 3f 48 01 d0 48 d1 f8 |H..H..H..?H..H..|
00000460 75 02 5d c3 ba 00 00 00 00 48 85 d2 74 f4 5d 48 |u.]......H..t.]H|
00000470 89 c6 bf 10 09 60 00 ff e2 0f 1f 80 00 00 00 00 |.....`..........|
00000480 80 3d 89 04 20 00 00 75 11 55 48 89 e5 e8 7e ff |.=.. ..u.UH...~.|
00000490 ff ff 5d c6 05 76 04 20 00 01 f3 c3 0f 1f 40 00 |..]..v. ......@.|
000004a0 48 83 3d 48 02 20 00 00 74 1e b8 00 00 00 00 48 |H.=H. ..t......H|
000004b0 85 c0 74 14 55 bf f0 06 60 00 48 89 e5 ff d0 5d |..t.U...`.H....]|
000004c0 e9 7b ff ff ff 0f 1f 00 e9 73 ff ff ff 0f 1f 00 |.{.......s......|
000004d0 55 48 89 e5 48 83 ec 10 89 7d fc 8b 45 fc 89 c6 |UH..H....}..E...|
000004e0 bf dc 05 40 00 b8 00 00 00 00 e8 b1 fe ff ff c9 |...@............|
000004f0 c3 55 48 89 e5 48 83 ec 20 89 7d ec 48 89 75 e0 |.UH..H.. .}.H.u.|
00000500 c7 45 fc 01 00 00 00 8b 15 ff 03 20 00 8b 05 01 |.E......... ....|
00000510 04 20 00 01 c2 8b 45 fc 01 c2 8b 45 f8 01 d0 89 |. ....E....E....|
00000520 c7 e8 aa ff ff ff 8b 45 fc c9 c3 0f 1f 44 00 00 |.......E.....D..|
00000530 f3 c3 0f 1f 80 00 00 00 00 0f 1f 80 00 00 00 00 |................|
00000540 4c 89 64 24 e0 4c 89 6c 24 e8 4c 8d 25 97 01 20 |L.d$.L.l$.L.%.. |
00000550 00 4c 89 74 24 f0 4c 89 7c 24 f8 49 89 f6 48 89 |.L.t$.L.|$.I..H.|
00000560 5c 24 d0 48 89 6c 24 d8 48 83 ec 38 41 89 ff 49 |\$.H.l$.H..8A..I|
00000570 89 d5 e8 01 fe ff ff 48 8d 05 62 01 20 00 49 29 |.......H..b. .I)|
00000580 c4 49 c1 fc 03 4d 85 e4 74 1e 31 ed 48 89 c3 90 |.I...M..t.1.H...|
00000590 48 83 c5 01 4c 89 ea 4c 89 f6 44 89 ff ff 13 48 |H...L..L..D....H|
000005a0 83 c3 08 49 39 ec 75 e8 48 8b 5c 24 08 48 8b 6c |...I9.u.H.\$.H.l|
000005b0 24 10 4c 8b 64 24 18 4c 8b 6c 24 20 4c 8b 74 24 |$.L.d$.L.l$ L.t$|
000005c0 28 4c 8b 7c 24 30 48 83 c4 38 c3 90
.finiPROGBITS
4883 ec 08 |(L.|$0H..8..H...|
000005d0 48 83 c4 08 c3 00 00 00
.rodataPROGBITS
0100 02 00 25 64 0a 00 |H...........%d..|
.eh_frame_hdrPROGBITS
000005e0 01 1b 03 3b 34 00 00 00 05 00 00 00 b0 fd ff ff |...;4...........|
000005f0 50 00 00 00 f0 fe ff ff 78 00 00 00 11 ff ff ff |P.......x.......|
00000600 98 00 00 00 50 ff ff ff b8 00 00 00 60 ff ff ff |....P.......`...|
00000610 d0 00 00 00 00 00 00 00
.eh_framePROGBITS
1400 00 00 00 00 00 00 |................|
00000620 01 7a 52 00 01 78 10 01 1b 0c 07 08 90 01 00 00 |.zR..x..........|
00000630 24 00 00 00 1c 00 00 00 58 fd ff ff 30 00 00 00 |$.......X...0...|
00000640 00 0e 10 46 0e 18 4a 0f 0b 77 08 80 00 3f 1a 3b |...F..J..w...?.;|
00000650 2a 33 24 22 00 00 00 00 1c 00 00 00 44 00 00 00 |*3$"........D...|
00000660 70 fe ff ff 21 00 00 00 00 41 0e 10 86 02 43 0d |p...!....A....C.|
00000670 06 5c 0c 07 08 00 00 00 1c 00 00 00 64 00 00 00 |.\..........d...|
00000680 71 fe ff ff 3a 00 00 00 00 41 0e 10 86 02 43 0d |q...:....A....C.|
00000690 06 75 0c 07 08 00 00 00 14 00 00 00 84 00 00 00 |.u..............|
000006a0 90 fe ff ff 02 00 00 00 00 00 00 00 00 00 00 00 |................|
000006b0 24 00 00 00 9c 00 00 00 88 fe ff ff 8b 00 00 00 |$...............|
000006c0 00 4a 8d 04 8c 05 51 8f 02 8e 03 51 0e 40 86 06 |.J....Q....Q.@..|
000006d0 83 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.init_arrayINIT_ARRAY
000006e0 a0 04 40 00 00 00 00 00
.fini_arrayFINI_ARRAY
8004 40 00 00 00 00 00 |..@.......@.....|
.jcrPROGBITS
000006f0 00 00 00 00 00 00 00 00
.dynamicDYNAMIC
0100 00 00 00 00 00 00 |................|
00000700 01 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 |................|
00000710 78 03 40 00 00 00 00 00 0d 00 00 00 00 00 00 00 |x.@.............|
00000720 cc 05 40 00 00 00 00 00 19 00 00 00 00 00 00 00 |..@.............|
00000730 e0 06 60 00 00 00 00 00 1b 00 00 00 00 00 00 00 |..`.............|
00000740 08 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 |................|
00000750 e8 06 60 00 00 00 00 00 1c 00 00 00 00 00 00 00 |..`.............|
00000760 08 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|
00000770 40 02 40 00 00 00 00 00 05 00 00 00 00 00 00 00 |@.@.............|
00000780 c8 02 40 00 00 00 00 00 06 00 00 00 00 00 00 00 |..@.............|
00000790 68 02 40 00 00 00 00 00 0a 00 00 00 00 00 00 00 |h.@.............|
000007a0 3f 00 00 00 00 00 00 00 0b 00 00 00 00 00 00 00 |?...............|
000007b0 18 00 00 00 00 00 00 00 15 00 00 00 00 00 00 00 |................|
000007c0 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 |................|
000007d0 d0 08 60 00 00 00 00 00 02 00 00 00 00 00 00 00 |..`.............|
000007e0 30 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 |0...............|
000007f0 07 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 |................|
00000800 48 03 40 00 00 00 00 00 07 00 00 00 00 00 00 00 |H.@.............|
00000810 30 03 40 00 00 00 00 00 08 00 00 00 00 00 00 00 |0.@.............|
00000820 18 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 |................|
00000830 18 00 00 00 00 00 00 00 fe ff ff 6f 00 00 00 00 |...........o....|
00000840 10 03 40 00 00 00 00 00 ff ff ff 6f 00 00 00 00 |[email protected]....|
00000850 01 00 00 00 00 00 00 00 f0 ff ff 6f 00 00 00 00 |...........o....|
00000860 08 03 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |..@.............|
00000870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000008c0 00 00 00 00 00 00 00 00
.gotPROGBITS
0000 00 00 00 00 00 00 |................|
.got.pltPROGBITS
000008d0 f8 06 60 00 00 00 00 00 00 00 00 00 00 00 00 00 |..`.............|
000008e0 00 00 00 00 00 00 00 00 a6 03 40 00 00 00 00 00 |..........@.....|
000008f0 b6 03 40 00 00 00 00 00
.dataPROGBITS
0000 00 00 00 00 00 00 |..@.............|
00000900 00 00 00 00 00 00 00 00 54 00 00 00 55 00 00 00 |........T...U...|
.bss,NOBITS .comment PROGBITS
00000910 00 47 43 43 3a 20 28 47 4e 55 29 20 34 2e 31 2e |.GCC: (GNU) 4.1.|
00000920 32 20 32 30 30 38 30 37 30 34 20 28 52 65 64 20 |2 20080704 (Red |
00000930 48 61 74 20 34 2e 31 2e 32 2d 35 30 29 00 00 47 |Hat 4.1.2-50)..G|
00000940 43 43 3a 20 28 47 4e 55 29 20 34 2e 31 2e 32 20 |CC: (GNU) 4.1.2 |
00000950 32 30 30 38 30 37 30 34 20 28 52 65 64 20 48 61 |20080704 (Red Ha|
00000960 74 20 34 2e 31 2e 32 2d 35 30 29 00 47 43 43 3a |t 4.1.2-50).GCC:|
00000970 20 28 47 4e 55 29 20 34 2e 38 2e 32 00 00 47 43 | (GNU) 4.8.2..GC|
00000980 43 3a 20 28 47 4e 55 29 20 34 2e 31 2e 32 20 32 |C: (GNU) 4.1.2 2|
00000990 30 30 38 30 37 30 34 20 28 52 65 64 20 48 61 74 |0080704 (Red Hat|
000009a0 20 34 2e 31 2e 32 2d 35 30 29 00
字符串表2STRTAB
002e 73 79 6d | 4.1.2-50)...sym|
000009b0 74 61 62 00 2e 73 74 72 74 61 62 00 2e 73 68 73 |tab..strtab..shs|
000009c0 74 72 74 61 62 00 2e 69 6e 74 65 72 70 00 2e 6e |trtab..interp..n|
000009d0 6f 74 65 2e 41 42 49 2d 74 61 67 00 2e 68 61 73 |ote.ABI-tag..has|
000009e0 68 00 2e 64 79 6e 73 79 6d 00 2e 64 79 6e 73 74 |h..dynsym..dynst|
000009f0 72 00 2e 67 6e 75 2e 76 65 72 73 69 6f 6e 00 2e |r..gnu.version..|
00000a00 67 6e 75 2e 76 65 72 73 69 6f 6e 5f 72 00 2e 72 |gnu.version_r..r|
00000a10 65 6c 61 2e 64 79 6e 00 2e 72 65 6c 61 2e 70 6c |ela.dyn..rela.pl|
00000a20 74 00 2e 69 6e 69 74 00 2e 74 65 78 74 00 2e 66 |t..init..text..f|
00000a30 69 6e 69 00 2e 72 6f 64 61 74 61 00 2e 65 68 5f |ini..rodata..eh_|
00000a40 66 72 61 6d 65 5f 68 64 72 00 2e 65 68 5f 66 72 |frame_hdr..eh_fr|
00000a50 61 6d 65 00 2e 69 6e 69 74 5f 61 72 72 61 79 00 |ame..init_array.|
00000a60 2e 66 69 6e 69 5f 61 72 72 61 79 00 2e 6a 63 72 |.fini_array..jcr|
00000a70 00 2e 64 79 6e 61 6d 69 63 00 2e 67 6f 74 00 2e |..dynamic..got..|
00000a80 67 6f 74 2e 70 6c 74 00 2e 64 61 74 61 00 2e 62 |got.plt..data..b|
00000a90 73 73 00 2e 63 6f 6d 6d 65 6e 74 000000 00 00 |ss..comment.....|
下面是节头表:
00000aa0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000ac0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000ad0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.interpSHT_PROGBITS
00000ae0 1b 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 |................|
00000af0 00 02 40 00 00 00 00 00 00 02 00 00 00 00 00 00 |..@.............|
00000b00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000b10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.note.ABI-tagSHT_NOTE
00000b20 23 00 00 00 07 00 00 00 02 00 00 00 00 00 00 00 |#...............|
00000b30 1c 02 40 00 00 00 00 00 1c 02 00 00 00 00 00 00 |..@.............|
00000b40 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ...............|
00000b50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.hashSHT_HASH
00000b60 31 00 00 00 05 00 00 00 02 00 00 00 00 00 00 00 |1...............|
00000b70 40 02 40 00 00 00 00 00 40 02 00 00 00 00 00 00 |@.@.....@.......|
00000b80 24 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |$...............|
00000b90 08 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|
.dynsymSHT_DYNSYM
00000ba0 37 00 00 00 0b 00 00 00 02 00 00 00 00 00 00 00 |7...............|
00000bb0 68 02 40 00 00 00 00 00 68 02 00 00 00 00 00 00 |[email protected].......|
00000bc0 60 00 00 00 00 00 00 00 05 00 00 00 01 00 00 00 |`...............|
00000bd0 08 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 |................|
.dynstr,SHT_STRTAB(字符串表头1)
00000be0 3f 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 |?...............|
00000bf0 c8 02 40 00 00 00 00 00 c8 02 00 00 00 00 00 00 |..@.............|
00000c00 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |?...............|
00000c10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.gnu.versionSHT_GNU_versym
00000c20 47 00 00 00 ff ff ff 6f 02 00 00 00 00 00 00 00 |G......o........|
00000c30 08 03 40 00 00 00 00 00 08 03 00 00 00 00 00 00 |..@.............|
00000c40 08 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|
00000c50 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 |................|
.gnu.version_rSHT_GNU_verneed
00000c60 54 00 00 00 fe ff ff 6f 02 00 00 00 00 00 00 00 |T......o........|
00000c70 10 03 40 00 00 00 00 00 10 03 00 00 00 00 00 00 |..@.............|
00000c80 20 00 00 00 00 00 00 00 05 00 00 00 01 00 00 00 | ...............|
00000c90 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.rela.dynSHT_RELA
00000ca0 63 00 00 00 04 00 00 00 02 00 00 00 00 00 00 00 |c...............|
00000cb0 30 03 40 00 00 00 00 00 30 03 00 00 00 00 00 00 |[email protected].......|
00000cc0 18 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|
00000cd0 08 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 |................|
.rela.pltSHT_RELA
00000ce0 6d 00 00 00 04 00 00 00 02 00 00 00 00 00 00 00 |m...............|
00000cf0 48 03 40 00 00 00 00 00 48 03 00 00 00 00 00 00 |[email protected].......|
00000d00 30 00 00 00 00 00 00 00 04 00 00 00 0b 00 00 00 |0...............|
00000d10 08 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 |................|
.initSHT_PROGBITS
00000d20 77 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 |w...............|
00000d30 78 03 40 00 00 00 00 00 78 03 00 00 00 00 00 00 |[email protected].......|
00000d40 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000d50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.pltSHT_PROGBITS
00000d60 72 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 |r...............|
00000d70 90 03 40 00 00 00 00 00 90 03 00 00 00 00 00 00 |..@.............|
00000d80 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |0...............|
00000d90 10 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 |................|
.textSHT_PROGBITS
00000da0 7d 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 |}...............|
00000db0 c0 03 40 00 00 00 00 00 c0 03 00 00 00 00 00 00 |..@.............|
00000dc0 0c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000dd0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.finiSHT_PROGBITS
00000de0 83 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 |................|
00000df0 cc 05 40 00 00 00 00 00 cc 05 00 00 00 00 00 00 |..@.............|
00000e00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000e10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.rodataSHT_PROGBITS
00000e20 89 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 |................|
00000e30 d8 05 40 00 00 00 00 00 d8 05 00 00 00 00 00 00 |..@.............|
00000e40 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000e50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.eh_frame_hdrSHT_PROGBITS
00000e60 91 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 |................|
00000e70 e0 05 40 00 00 00 00 00 e0 05 00 00 00 00 00 00 |..@.............|
00000e80 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |4...............|
00000e90 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.eh_frameSHT_PROGBITS
00000ea0 9f 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 |................|
00000eb0 18 06 40 00 00 00 00 00 18 06 00 00 00 00 00 00 |..@.............|
00000ec0 c4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000ed0 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.init_arraySHT_INIT_ARRAY
00000ee0 a9 00 00 00 0e 00 00 00 03 00 00 00 00 00 00 00 |................|
00000ef0 e0 06 60 00 00 00 00 00 e0 06 00 00 00 00 00 00 |..`.............|
00000f00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000f10 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.fini_arraySHT_FINI_ARRAY
00000f20 b5 00 00 00 0f 00 00 00 03 00 00 00 00 00 00 00 |................|
00000f30 e8 06 60 00 00 00 00 00 e8 06 00 00 00 00 00 00 |..`.............|
00000f40 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000f50 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.jcrSHT_PROGBITS
00000f60 c1 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 |................|
00000f70 f0 06 60 00 00 00 00 00 f0 06 00 00 00 00 00 00 |..`.............|
00000f80 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000f90 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.dynamicSHT_DYNAMIC
00000fa0 c6 00 00 00 06 00 00 00 03 00 00 00 00 00 00 00 |................|
00000fb0 f8 06 60 00 00 00 00 00 f8 06 00 00 00 00 00 00 |..`.............|
00000fc0 d0 01 00 00 00 00 00 00 05 00 00 00 00 00 00 00 |................|
00000fd0 08 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 |................|
.gotSHT_PROGBITS
00000fe0 cf 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 |................|
00000ff0 c8 08 60 00 00 00 00 00 c8 08 00 00 00 00 00 00 |..`.............|
00001000 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00001010 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 |................|
.got.pltSHT_PROGBITS
00001020 d4 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 |................|
00001030 d0 08 60 00 00 00 00 00 d0 08 00 00 00 00 00 00 |..`.............|
00001040 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |(...............|
00001050 08 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 |................|
.dataSHT_PROGBITS
00001060 dd 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 |................|
00001070 f8 08 60 00 00 00 00 00 f8 08 00 00 00 00 00 00 |..`.............|
00001080 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00001090 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.bssSHT_NOBITS
000010a0 e3 00 00 00 08 00 00 00 03 00 00 00 00 00 00 00 |................|
000010b0 10 09 60 00 00 00 00 00 10 09 00 00 00 00 00 00 |..`.............|
000010c0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000010d0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.commentSHT_PROGBITS
000010e0 e8 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 |................|
000010f0 00 00 00 00 00 00 00 00 10 09 00 00 00 00 00 00 |................|
00001100 9b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00001110 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
shstrtab,SHT_STRTAB字符串表头2
00001120 11 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 |................|
00001130 00 00 00 00 00 00 00 00 ab 09 00 00 00 00 00 00 |................|
00001140 f1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00001150 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
.symtab,SHT_SYMTAB符号表头1
00001160 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 |................|
00001170 00 00 00 00 00 00 00 00 e0 11 00 00 00 00 00 00 |................|
00001180 08 07 00 00 00 00 00 00 1c 00 00 00 34 00 00 00 |............4...|
00001190 08 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 |................|
strtab,SHT_STRTAB字符串表头3
000011a0 09 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 |................|
000011b0 00 00 00 00 00 00 00 00 e8 18 00 00 00 00 00 00 |................|
000011c0 02 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000011d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
符号表SYMTAB
000011e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000011f0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 01 00 |................|
00001200 00 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |..@.............|
00001210 00 00 00 00 03 00 02 00 1c 02 40 00 00 00 00 00 |..........@.....|
00001220 00 00 00 00 00 00 00 00 00 00 00 00 03 00 03 00 |................|
00001230 40 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |@.@.............|
00001240 00 00 00 00 03 00 04 00 68 02 40 00 00 00 00 00 |........h.@.....|
00001250 00 00 00 00 00 00 00 00 00 00 00 00 03 00 05 00 |................|
00001260 c8 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |..@.............|
00001270 00 00 00 00 03 00 06 00 08 03 40 00 00 00 00 00 |..........@.....|
00001280 00 00 00 00 00 00 00 00 00 00 00 00 03 00 07 00 |................|
00001290 10 03 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |..@.............|
000012a0 00 00 00 00 03 00 08 00 30 03 40 00 00 00 00 00 |........0.@.....|
000012b0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 09 00 |................|
000012c0 48 03 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |H.@.............|
000012d0 00 00 00 00 03 00 0a 00 78 03 40 00 00 00 00 00 |........x.@.....|
000012e0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 0b 00 |................|
000012f0 90 03 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |..@.............|
00001300 00 00 00 00 03 00 0c 00 c0 03 40 00 00 00 00 00 |..........@.....|
00001310 00 00 00 00 00 00 00 00 00 00 00 00 03 00 0d 00 |................|
00001320 cc 05 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |..@.............|
00001330 00 00 00 00 03 00 0e 00 d8 05 40 00 00 00 00 00 |..........@.....|
00001340 00 00 00 00 00 00 00 00 00 00 00 00 03 00 0f 00 |................|
00001350 e0 05 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |..@.............|
00001360 00 00 00 00 03 00 10 00 18 06 40 00 00 00 00 00 |..........@.....|
00001370 00 00 00 00 00 00 00 00 00 00 00 00 03 00 11 00 |................|
00001380 e0 06 60 00 00 00 00 00 00 00 00 00 00 00 00 00 |..`.............|
00001390 00 00 00 00 03 00 12 00 e8 06 60 00 00 00 00 00 |..........`.....|
000013a0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 13 00 |................|
000013b0 f0 06 60 00 00 00 00 00 00 00 00 00 00 00 00 00 |..`.............|
000013c0 00 00 00 00 03 00 14 00 f8 06 60 00 00 00 00 00 |..........`.....|
000013d0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 15 00 |................|
000013e0 c8 08 60 00 00 00 00 00 00 00 00 00 00 00 00 00 |..`.............|
000013f0 00 00 00 00 03 00 16 00 d0 08 60 00 00 00 00 00 |..........`.....|
00001400 00 00 00 00 00 00 00 00 00 00 00 00 03 00 17 00 |................|
00001410 f8 08 60 00 00 00 00 00 00 00 00 00 00 00 00 00 |..`.............|
00001420 00 00 00 00 03 00 18 00 10 09 60 00 00 00 00 00 |..........`.....|
00001430 00 00 00 00 00 00 00 00 00 00 00 00 03 00 19 00 |................|
00001440 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00001450 01 00 00 00 04 00 f1 ff 00 00 00 00 00 00 00 00 |................|
00001460 00 00 00 00 00 00 00 00 1a 00 00 00 02 00 0c 00 |................|
00001470 ec 03 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |..@.............|
00001480 2a 00 00 00 04 00 f1 ff 00 00 00 00 00 00 00 00 |*...............|
00001490 00 00 00 00 00 00 00 00 35 00 00 00 01 00 13 00 |........5.......|
000014a0 f0 06 60 00 00 00 00 00 00 00 00 00 00 00 00 00 |..`.............|
000014b0 42 00 00 00 02 00 0c 00 10 04 40 00 00 00 00 00 |B.........@.....|
000014c0 00 00 00 00 00 00 00 00 57 00 00 00 02 00 0c 00 |........W.......|
000014d0 40 04 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |@.@.............|
000014e0 6a 00 00 00 02 00 0c 00 80 04 40 00 00 00 00 00 |j.........@.....|
000014f0 00 00 00 00 00 00 00 00 80 00 00 00 01 00 18 00 |................|
00001500 10 09 60 00 00 00 00 00 01 00 00 00 00 00 00 00 |..`.............|
00001510 8f 00 00 00 01 00 12 00 e8 06 60 00 00 00 00 00 |..........`.....|
00001520 00 00 00 00 00 00 00 00 b6 00 00 00 02 00 0c 00 |................|
00001530 a0 04 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |..@.............|
00001540 c2 00 00 00 01 00 11 00 e0 06 60 00 00 00 00 00 |..........`.....|
00001550 00 00 00 00 00 00 00 00 e1 00 00 00 04 00 f1 ff |................|
00001560 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00001570 f1 00 00 00 01 00 17 00 0c 09 60 00 00 00 00 00 |..........`.....|
00001580 04 00 00 00 00 00 00 00 02 01 00 00 01 00 18 00 |................|
00001590 14 09 60 00 00 00 00 00 04 00 00 00 00 00 00 00 |..`.............|
000015a0 2a 00 00 00 04 00 f1 ff 00 00 00 00 00 00 00 00 |*...............|
000015b0 00 00 00 00 00 00 00 00 13 01 00 00 01 00 10 00 |................|
000015c0 d8 06 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |..@.............|
000015d0 21 01 00 00 01 00 13 00 f0 06 60 00 00 00 00 00 |!.........`.....|
000015e0 00 00 00 00 00 00 00 00 00 00 00 00 04 00 f1 ff |................|
000015f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00001600 2d 01 00 00 00 00 12 00 f0 06 60 00 00 00 00 00 |-.........`.....|
00001610 00 00 00 00 00 00 00 00 3e 01 00 00 00 00 11 00 |........>.......|
00001620 dc 06 60 00 00 00 00 00 00 00 00 00 00 00 00 00 |..`.............|
00001630 54 01 00 00 00 00 11 00 dc 06 60 00 00 00 00 00 |T.........`.....|
00001640 00 00 00 00 00 00 00 00 68 01 00 00 00 00 11 00 |........h.......|
00001650 e8 06 60 00 00 00 00 00 00 00 00 00 00 00 00 00 |..`.............|
00001660 79 01 00 00 00 00 12 00 e8 06 60 00 00 00 00 00 |y.........`.....|
00001670 00 00 00 00 00 00 00 00 8c 01 00 00 01 00 14 00 |................|
00001680 f8 06 60 00 00 00 00 00 00 00 00 00 00 00 00 00 |..`.............|
00001690 95 01 00 00 00 00 11 00 e0 06 60 00 00 00 00 00 |..........`.....|
000016a0 00 00 00 00 00 00 00 00 a8 01 00 00 01 00 16 00 |................|
000016b0 d0 08 60 00 00 00 00 00 00 00 00 00 00 00 00 00 |..`.............|
000016c0 be 01 00 00 12 00 0c 00 30 05 40 00 00 00 00 00 |........0.@.....|
000016d0 02 00 00 00 00 00 00 00 ce 01 00 00 12 00 0c 00 |................|
000016e0 d0 04 40 00 00 00 00 00 21 00 00 00 00 00 00 00 |..@.....!.......|
000016f0 d4 01 00 00 20 00 00 00 00 00 00 00 00 00 00 00 |.... ...........|
00001700 00 00 00 00 00 00 00 00 f0 01 00 00 20 00 17 00 |............ ...|
00001710 f8 08 60 00 00 00 00 00 00 00 00 00 00 00 00 00 |..`.............|
00001720 fb 01 00 00 10 00 17 00 10 09 60 00 00 00 00 00 |..........`.....|
00001730 00 00 00 00 00 00 00 00 02 02 00 00 12 00 0d 00 |................|
00001740 cc 05 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |..@.............|
00001750 08 02 00 00 12 00 00 00 00 00 00 00 00 00 00 00 |................|
00001760 00 00 00 00 00 00 00 00 1c 02 00 00 12 00 00 00 |................|
00001770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00001780 3b 02 00 00 10 00 17 00 f8 08 60 00 00 00 00 00 |;.........`.....|
00001790 00 00 00 00 00 00 00 00 48 02 00 00 11 00 18 00 |........H.......|
000017a0 18 09 60 00 00 00 00 00 04 00 00 00 00 00 00 00 |..`.............|
000017b0 5a 02 00 00 20 00 00 00 00 00 00 00 00 00 00 00 |Z... ...........|
000017c0 00 00 00 00 00 00 00 00 69 02 00 00 11 02 17 00 |........i.......|
000017d0 00 09 60 00 00 00 00 00 00 00 00 00 00 00 00 00 |..`.............|
000017e0 76 02 00 00 11 00 0e 00 d8 05 40 00 00 00 00 00 |v.........@.....|
000017f0 04 00 00 00 00 00 00 00 85 02 00 00 12 00 0c 00 |................|
00001800 40 05 40 00 00 00 00 00 8b 00 00 00 00 00 00 00 |@.@.............|
00001810 95 02 00 00 10 00 18 00 20 09 60 00 00 00 00 00 |........ .`.....|
00001820 00 00 00 00 00 00 00 00 9a 02 00 00 12 00 0c 00 |................|
00001830 c0 03 40 00 00 00 00 00 00 00 00 00 00 00 00 00 |..@.............|
00001840 a1 02 00 00 11 00 17 00 08 09 60 00 00 00 00 00 |..........`.....|
00001850 04 00 00 00 00 00 00 00 b1 02 00 00 10 00 18 00 |................|
00001860 10 09 60 00 00 00 00 00 00 00 00 00 00 00 00 00 |..`.............|
00001870 bd 02 00 00 12 00 0c 00 f1 04 40 00 00 00 00 00 |..........@.....|
00001880 3a 00 00 00 00 00 00 00 c2 02 00 00 20 00 00 00 |:........... ...|
00001890 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000018a0 d6 02 00 00 11 02 17 00 10 09 60 00 00 00 00 00 |..........`.....|
000018b0 00 00 00 00 00 00 00 00 e2 02 00 00 20 00 00 00 |............ ...|
000018c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000018d0 fc 02 00 00 12 00 0a 00 78 03 40 00 00 00 00 00|........x.@.....|
000018e0 00 00 00 00 00 00 00 00
字符串表3STRTAB
002f 75 73 72 2f 6c 69 |........./usr/li|
000018f0 62 2f 2e 2e 2f 6c 69 62 36 34 2f 63 72 74 69 2e |b/../lib64/crti.|
00001900 6f 00 63 61 6c 6c 5f 67 6d 6f 6e 5f 73 74 61 72 |o.call_gmon_star|
00001910 74 00 63 72 74 73 74 75 66 66 2e 63 00 5f 5f 4a |t.crtstuff.c.__J|
00001920 43 52 5f 4c 49 53 54 5f 5f 00 64 65 72 65 67 69 |CR_LIST__.deregi|
00001930 73 74 65 72 5f 74 6d 5f 63 6c 6f 6e 65 73 00 72 |ster_tm_clones.r|
00001940 65 67 69 73 74 65 72 5f 74 6d 5f 63 6c 6f 6e 65 |egister_tm_clone|
00001950 73 00 5f 5f 64 6f 5f 67 6c 6f 62 61 6c 5f 64 74 |s.__do_global_dt|
00001960 6f 72 73 5f 61 75 78 00 63 6f 6d 70 6c 65 74 65 |ors_aux.complete|
00001970 64 2e 36 33 35 37 00 5f 5f 64 6f 5f 67 6c 6f 62 |d.6357.__do_glob|
00001980 61 6c 5f 64 74 6f 72 73 5f 61 75 78 5f 66 69 6e |al_dtors_aux_fin|
00001990 69 5f 61 72 72 61 79 5f 65 6e 74 72 79 00 66 72 |i_array_entry.fr|
000019a0 61 6d 65 5f 64 75 6d 6d 79 00 5f 5f 66 72 61 6d |ame_dummy.__fram|
000019b0 65 5f 64 75 6d 6d 79 5f 69 6e 69 74 5f 61 72 72 |e_dummy_init_arr|
000019c0 61 79 5f 65 6e 74 72 79 00 73 69 6d 70 6c 65 53 |ay_entry.simpleS|
000019d0 65 63 74 69 6f 6e 2e 63 00 73 74 61 74 69 63 5f |ection.c.static_|
000019e0 76 61 72 31 2e 32 32 32 35 00 73 74 61 74 69 63 |var1.2225.static|
000019f0 5f 76 61 72 32 2e 32 32 32 36 00 5f 5f 46 52 41 |_var2.2226.__FRA|
00001a00 4d 45 5f 45 4e 44 5f 5f 00 5f 5f 4a 43 52 5f 45 |ME_END__.__JCR_E|
00001a10 4e 44 5f 5f 00 5f 5f 66 69 6e 69 5f 61 72 72 61 |ND__.__fini_arra|
00001a20 79 5f 65 6e 64 00 5f 5f 70 72 65 69 6e 69 74 5f |y_end.__preinit_|
00001a30 61 72 72 61 79 5f 73 74 61 72 74 00 5f 5f 70 72 |array_start.__pr|
00001a40 65 69 6e 69 74 5f 61 72 72 61 79 5f 65 6e 64 00 |einit_array_end.|
00001a50 5f 5f 69 6e 69 74 5f 61 72 72 61 79 5f 65 6e 64 |__init_array_end|
00001a60 00 5f 5f 66 69 6e 69 5f 61 72 72 61 79 5f 73 74 |.__fini_array_st|
00001a70 61 72 74 00 5f 44 59 4e 41 4d 49 43 00 5f 5f 69 |art._DYNAMIC.__i|
00001a80 6e 69 74 5f 61 72 72 61 79 5f 73 74 61 72 74 00 |nit_array_start.|
00001a90 5f 47 4c 4f 42 41 4c 5f 4f 46 46 53 45 54 5f 54 |_GLOBAL_OFFSET_T|
00001aa0 41 42 4c 45 5f 00 5f 5f 6c 69 62 63 5f 63 73 75 |ABLE_.__libc_csu|
00001ab0 5f 66 69 6e 69 00 66 75 6e 63 31 00 5f 49 54 4d |_fini.func1._ITM|
00001ac0 5f 64 65 72 65 67 69 73 74 65 72 54 4d 43 6c 6f |_deregisterTMClo|
00001ad0 6e 65 54 61 62 6c 65 00 64 61 74 61 5f 73 74 61 |neTable.data_sta|
00001ae0 72 74 00 5f 65 64 61 74 61 00 5f 66 69 6e 69 00 |rt._edata._fini.|
00001af0 70 72 69 6e 74 66 40 40 47 4c 49 42 43 5f 32 2e |printf@@GLIBC_2.|
00001b00 32 2e 35 00 5f 5f 6c 69 62 63 5f 73 74 61 72 74 |2.5.__libc_start|
00001b10 5f 6d 61 69 6e 40 40 47 4c 49 42 43 5f 32 2e 32 |_main@@GLIBC_2.2|
00001b20 2e 35 00 5f 5f 64 61 74 61 5f 73 74 61 72 74 00 |.5.__data_start.|
00001b30 67 6c 6f 62 61 6c 5f 75 6e 69 6e 69 74 5f 76 61 |global_uninit_va|
00001b40 72 00 5f 5f 67 6d 6f 6e 5f 73 74 61 72 74 5f 5f |r.__gmon_start__|
00001b50 00 5f 5f 64 73 6f 5f 68 61 6e 64 6c 65 00 5f 49 |.__dso_handle._I|
00001b60 4f 5f 73 74 64 69 6e 5f 75 73 65 64 00 5f 5f 6c |O_stdin_used.__l|
00001b70 69 62 63 5f 63 73 75 5f 69 6e 69 74 00 5f 65 6e |ibc_csu_init._en|
00001b80 64 00 5f 73 74 61 72 74 00 67 6c 6f 62 61 6c 5f |d._start.global_|
00001b90 69 6e 69 74 5f 76 61 72 00 5f 5f 62 73 73 5f 73 |init_var.__bss_s|
00001ba0 74 61 72 74 00 6d 61 69 6e 00 5f 4a 76 5f 52 65 |tart.main._Jv_Re|
00001bb0 67 69 73 74 65 72 43 6c 61 73 73 65 73 00 5f 5f |gisterClasses.__|
00001bc0 54 4d 43 5f 45 4e 44 5f 5f 00 5f 49 54 4d 5f 72 |TMC_END__._ITM_r|
00001bd0 65 67 69 73 74 65 72 54 4d 43 6c 6f 6e 65 54 61 |egisterTMCloneTa|
00001be0 62 6c 65 00 5f 69 6e 69 74 00 |ble._init.|
00001bea
重定位表,保存与重定位相关的信息。如果text段有要重定位的地方,则有对应的rela.text段,如果data段有要重定位的地方,则有rela.data段。
进程的创建、装载与执行,分为以下几个步骤。
创建独立的虚拟地址空间。
按照可执行文件头建立虚拟空间与文件映射的关系。
修改CPU指令寄存器。
可执行程序中各个段(section)的分析。
1..interp
属性为可读,指明加载器的位置。/lib64/ld-linux-x86-64.so.2.
2..note.ABI-tag
…
3..dynsym
文件中的动态符号表。
Num: Value Size Type Bind Vis Ndx Name
0:0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1:0000000000000000 0 FUNC GLOBAL DEFAULT UND abort@GLIBC_2.2.5(2)
2:0000000000000000 0 FUNC GLOBAL DEFAULT UND strcpy@GLIBC_2.2.5(2)
3:0000000000000000 0 FUNC GLOBAL DEFAULT UND puts@GLIBC_2.2.5(2)
4:0000000000000000 0 FUNC GLOBAL DEFAULT UND__stack_chk_fail@GLIBC_2.4 (3)
5:0000000000000000 0 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.2.5(2)
6:0000000000000000 0 FUNC GLOBAL DEFAULT UND__libc_start_main@GLIBC_2.2.5 (2)
7:0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
8:0000000000000000 0 FUNC GLOBAL DEFAULT UND atoi@GLIBC_2.2.5(2)
4..dynstr
文件中的动态字符串。
236Contents of section .dynstr:
237 400350 006c6962 632e736f 2e360073 74726370 .libc.so.6.strcp
238 400360 79007075 7473005f 5f737461 636b5f63 y.puts.__stack_c
239 400370 686b5f66 61696c00 61626f72 74007072 hk_fail.abort.pr
240 400380 696e7466 0061746f 69005f5f 6c696263 intf.atoi.__libc
241 400390 5f737461 72745f6d 61696e00 5f5f676d _start_main.__gm
242 4003a0 6f6e5f73 74617274 5f5f0047 4c494243 on_start__.GLIBC
243 4003b0 5f322e34 00474c49 42435f32 2e322e35 _2.4.GLIBC_2.2.5
244 4003c0 00
5..rela.dyn
可重定位的项目索引,与数据相关。但是rela.dyn本身是在.dynamic节中定义的。
161Relocation section '.rela.dyn' at offset 0x408 contains 1 entries:
162 Offset Info Type Sym. Value Sym.Name + Addend
163000000600c90 000700000006 R_X86_64_GLOB_DAT 0000000000000000__gmon_start__ + 0
6..rela.plt
可重定位的项目索引,与程序或者过程相关,如下。
165Relocation section '.rela.plt' at offset 0x420 contains 7 entries:
166 Offset Info Type Sym. Value Sym.Name + Addend
167000000600cb0 000100000007 R_X86_64_JUMP_SLO 0000000000000000 abort +0
168000000600cb8 000200000007 R_X86_64_JUMP_SLO 0000000000000000 strcpy+ 0
169000000600cc0 000300000007 R_X86_64_JUMP_SLO 0000000000000000 puts +0
170000000600cc8 000400000007 R_X86_64_JUMP_SLO 0000000000000000__stack_chk_fail + 0
171000000600cd0 000500000007 R_X86_64_JUMP_SLO 0000000000000000 printf+ 0
172000000600cd8 000600000007 R_X86_64_JUMP_SLO 0000000000000000__libc_start_main + 0
173000000600ce0 000800000007 R_X86_64_JUMP_SLO 0000000000000000 atoi +0
offset,是条目在虚拟地址空间中的偏移,
7..plt
由指令组成,用于确定调用动态函数时的跳转地址,如下。
0000000000400520<__stack_chk_fail@plt>:
400520: ff 25 a2 07 20 00 jmpq *0x2007a2(%rip) # 600cc8<_GLOBAL_OFFSET_TABLE_+0x30>
400526: 68 03 00 00 00 pushq $0x3
40052b: e9 b0 ff ff ff jmpq 4004e0 <_init+0x18>
第一条指令的跳转地址600cc8位于got.plt中。got.plt中保存的值,是会发生变化的。初始值为400526,也就是第二条指令的地址。第二、三条指令的功能就是计算出__stack_chk_fail在内存中的真实地址,填入到got.plt中,改掉初始值。之后调用__stack_chk_fail的时候,就直接跳转到动态库中了。
8.dynamic
定义了一些动态连接相关的数据结构。
Dynamicsection at offset 0x7b0 contains 24 entries:
Tag Type Name/Value
0x0000000000000001(NEEDED) Shared library: [libc.so.6]
0x000000000000000c(INIT) 0x548
0x000000000000000d(FINI) 0x6e0
0x0000000000000019(INIT_ARRAY) 0x200798
0x000000000000001b(INIT_ARRAYSZ) 8 (bytes)
0x000000000000001a(FINI_ARRAY) 0x2007a0
0x000000000000001c(FINI_ARRAYSZ) 8 (bytes)
0x0000000000000004(HASH) 0x158
0x0000000000000005(STRTAB) 0x330
0x0000000000000006(SYMTAB) 0x1b0
0x000000000000000a(STRSZ) 177 (bytes)
0x000000000000000b(SYMENT) 24 (bytes)
0x0000000000000003(PLTGOT) 0x2009a0
0x0000000000000002(PLTRELSZ) 72 (bytes)
0x0000000000000014(PLTREL) RELA
0x0000000000000017(JMPREL) 0x500
0x0000000000000007(RELA) 0x428
0x0000000000000008(RELASZ) 216 (bytes)
0x0000000000000009(RELAENT) 24 (bytes)
0x000000006ffffffe(VERNEED) 0x408
0x000000006fffffff(VERNEEDNUM) 1
0x000000006ffffff0(VERSYM) 0x3e2
0x000000006ffffff9(RELACOUNT) 3
0x0000000000000000(NULL) 0x0
9.got
保留的是数据的跳转地址。
10..got.plt
保存的是函数的跳转地址跳转地址,与.plt段相配合。如下。
600cc826054000 00000000
初次执行之后,26054000…会被改写。
结构图如下所示。