有几个涉及的专有名词概念
- 段(segment)/节(section)单位存储到elf文件中
- 代码段(code section): .code 或者 .text
- 数据段(data section): .data
这里面有几个一般性的规则:
- .bbs段是存储全局变量和局部静态变量未初始化的。
- .data段存储 已初始化全局变量和已初始化局部静态变量的位置。
- .指令、函数调用、局部变量都存储在.text段(局部变量吃栈空间)
int a = 84; // 已初始化全局变量 -> .data
int b; // 未初始化全局变量 -> .bbs
int h[256]; // 未初始化全局变量 -> .bbs 并且h不占有真正的内存
void func_example (int i) { // 指令函数地址 -> .text
printf("example %d\n", i);
}
void main (void) { // 指令函数地址 -> .text
static int s_var_1 = 85; // 已初始化静态变量 -> .data
static int s_var_2; // 未初始化静态变量 -> .bbs
int c = 1; // 已初始化的非静态变量 -> .text
int b; // 未初始化的非静态变量 -> .text
func_example(s_var_1 + s_var_2 + c + b); // 指令跳转 -> .text
return;
}
目标文件生成及工具
C语言
研究编译文件,从一个最简单的mian.c文件开始,main.c文件可以表示为:
#include
int a = 84;
int b;
void func(int i)
{
printf("helloworld!%d\n", i);
}
int main(void)
{
static int var_1 = 85;
static int var_2;
int c = 6;
int d;
func(var_1 + var_2 + c + d);
return c;
}
// end of main.c
编译:$ aarch64-linux-gnu-gcc main.c -o a.out
生成a.out文件(ELF 64-bit executable, ARM aarch64)
段工具查看
使用objdump工具对查看elf文件内部结构 aarch64-linux-gnu-objdump -h a.out
a.out: file format elf64-littleaarch64
Sections:
Idx Name Size VMA LMA File off Algn
0 .interp 0000001b 0000000000400200 0000000000400200 00000200 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .note.ABI-tag 00000020 000000000040021c 000000000040021c 0000021c 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .note.gnu.build-id 00000024 000000000040023c 000000000040023c 0000023c 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .hash 00000028 0000000000400260 0000000000400260 00000260 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .dynsym 00000078 0000000000400288 0000000000400288 00000288 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .dynstr 00000044 0000000000400300 0000000000400300 00000300 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .gnu.version 0000000a 0000000000400344 0000000000400344 00000344 2**1
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .gnu.version_r 00000020 0000000000400350 0000000000400350 00000350 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
8 .rela.dyn 00000018 0000000000400370 0000000000400370 00000370 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .rela.plt 00000060 0000000000400388 0000000000400388 00000388 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
10 .init 00000014 00000000004003e8 00000000004003e8 000003e8 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
11 .plt 00000060 0000000000400400 0000000000400400 00000400 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
12 .text 000001f4 0000000000400460 0000000000400460 00000460 2**3
CONTENTS, ALLOC, LOAD, READONLY, CODE
13 .fini 00000010 0000000000400654 0000000000400654 00000654 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
14 .rodata 00000027 0000000000400668 0000000000400668 00000668 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
15 .eh_frame 00000004 0000000000400690 0000000000400690 00000690 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
16 .init_array 00000008 0000000000410df8 0000000000410df8 00000df8 2**3
CONTENTS, ALLOC, LOAD, DATA
17 .fini_array 00000008 0000000000410e00 0000000000410e00 00000e00 2**3
CONTENTS, ALLOC, LOAD, DATA
18 .dynamic 000001d0 0000000000410e08 0000000000410e08 00000e08 2**3
CONTENTS, ALLOC, LOAD, DATA
19 .got 00000010 0000000000410fd8 0000000000410fd8 00000fd8 2**3
CONTENTS, ALLOC, LOAD, DATA
20 .got.plt 00000038 0000000000410fe8 0000000000410fe8 00000fe8 2**3
CONTENTS, ALLOC, LOAD, DATA
21 .data 00000018 0000000000411020 0000000000411020 00001020 2**3
CONTENTS, ALLOC, LOAD, DATA
22 .bss 00000010 0000000000411038 0000000000411038 00001038 2**2
ALLOC
23 .comment 00000024 0000000000000000 0000000000000000 00001038 2**0
CONTENTS, READONLY
24 .debug_aranges 00000110 0000000000000000 0000000000000000 00001060 2**4
CONTENTS, READONLY, DEBUGGING
25 .debug_info 0000041d 0000000000000000 0000000000000000 00001170 2**0
CONTENTS, READONLY, DEBUGGING
26 .debug_abbrev 0000018e 0000000000000000 0000000000000000 0000158d 2**0
CONTENTS, READONLY, DEBUGGING
27 .debug_line 00000265 0000000000000000 0000000000000000 0000171b 2**0
CONTENTS, READONLY, DEBUGGING
28 .debug_frame 00000068 0000000000000000 0000000000000000 00001980 2**3
CONTENTS, READONLY, DEBUGGING
29 .debug_str 000002de 0000000000000000 0000000000000000 000019e8 2**0
CONTENTS, READONLY, DEBUGGING
30 .debug_loc 00000166 0000000000000000 0000000000000000 00001cc6 2**0
CONTENTS, READONLY, DEBUGGING
31 .debug_ranges 00000090 0000000000000000 0000000000000000 00001e30 2**4
CONTENTS, READONLY, DEBUGGING
关键字:
- ALLOC – Section will have space allocated in the process when loaded. Set for all sections except those containing debug information.
- LOAD – Section will be loaded from the file into the child process memory. Set for pre-initialized code and data, clear for .bss sections.
- RELOC – Section needs to be relocated before loading.
- READONLY – Section cannot be modified by the child process.
- CODE – Section contains executable code only.
- DATA – Section contains data only (no executable code).
- ROM – Section will reside in ROM.
- CONSTRUCTOR – Section contains data for constructor/destructor lists.
- HAS_CONTENTS – Section is not empty.
- NEVER_LOAD – An instruction to the linker to not output the section.
- COFF_SHARED_LIBRARY – A notification to the linker that the section contains COFF shared library information.
- IS_COMMON – Section contains common symbols.
还有个size工具可以直接看每个段的大小aarch64-linux-gnu-size a.out
$ aarch64-linux-gnu-size a.out
text data bss dec hex filename
1160 576 16 1752 6d8 a.out
代码段
指令段
objdump可以输出代码段aarch64-linux-gnu-objdump -s -d a.out
查看附录一 为文件全貌。前半部分为contents,后半部分为函数的汇编,这里拿C语言、Content、汇编进行对比:
C语言:
int main(void)
{
static int var_1 = 85;
static int var_2;
int c = 6;
int d;
func(var_1 + var_2 + c + d);
return c;
}
Content(由于main函数应该在content的.text段),截取text段为:
Contents of section .text:
400460 1d0080d2 1e0080d2 e50300aa e10340f9 ..............@.
400470 e2230091 e6030091 c0000058 e3000058 .#.........X...X
400480 04010058 e7ffff97 eeffff97 00000000 ...X............
400490 84054000 00000000 d0054000 00000000 ..@.......@.....
4004a0 50064000 00000000 80000090 00f047f9 [email protected].
4004b0 400000b4 dfffff17 c0035fd6 00000000 @........._.....
4004c0 800000b0 00e00091 810000b0 21e00091 ............!...
4004d0 3f0000eb a0000054 01000090 213843f9 ?......T....!8C.
4004e0 410000b4 20001fd6 c0035fd6 1f2003d5 A... ....._.. ..
4004f0 800000b0 00e00091 810000b0 21e00091 ............!...
400500 210000cb 21fc4393 21fc418b 21fc4193 !...!.C.!.A.!.A.
400510 a10000b4 02000090 423c43f9 420000b4 ........B
编译的汇编为:
0000000000400584 :
400584: a9be7bfd stp x29, x30, [sp, #-32]!
400588: 910003fd mov x29, sp
40058c: 528000c0 mov w0, #0x6 // #6
400590: b9001fa0 str w0, [x29, #28]
400594: b0000080 adrp x0, 411000 <__libc_start_main@GLIBC_2.17>
400598: 9100d000 add x0, x0, #0x34
40059c: b9400001 ldr w1, [x0]
4005a0: b0000080 adrp x0, 411000 <__libc_start_main@GLIBC_2.17>
4005a4: 9100f000 add x0, x0, #0x3c
4005a8: b9400000 ldr w0, [x0]
4005ac: 0b000021 add w1, w1, w0
4005b0: b9401fa0 ldr w0, [x29, #28]
4005b4: 0b000021 add w1, w1, w0
4005b8: b9401ba0 ldr w0, [x29, #24]
4005bc: 0b000020 add w0, w1, w0
4005c0: 97ffffe7 bl 40055c
4005c4: b9401fa0 ldr w0, [x29, #28]
4005c8: a8c27bfd ldp x29,
可以看到十六进制 a9
-> stp
, 91
-> mov
数据段
我们要找到a,b, var_1, var_2, c,d在代码段的位置
#include
int a = 0x54; // 已初始化全局变量 -> .data
int b; // 未初始化全局变量 -> .bbs
void func(int i)
{
....
}
int main(void)
{
static int var_1 = 0x55; // 局部静态已初始化全局变量 -> .data
static int var_2; // 局部静态未初始化全局变量 -> .bbs
int c = 6; // .text alloc
int d; // .text alloc
....
}
// end of main.c
Contents of section .data:
411020 00000000 00000000 00000000 00000000 ................
411030 54000000 55000000 T...U...
从段中可以看出a (0x54)被映射到0x411030位置,var_1 (0x55)被映射到0x411034的位置。来看一下指令如何load这个地址的数据的。猜测指令应该为LDR x0, 4110300. -> STR x0。a变量没有被代码用到,在汇编指令里面找不到a地址操作的影子,但是var_1在main函数中进行了赋值,因此,可以找到:
0000000000400584 :
400584: a9be7bfd stp x29, x30, [sp, #-32]!
400588: 910003fd mov x29, sp
40058c: 528000c0 mov w0, #0x6 // #6 <------- w0是0x6 局部变量c的位置
400590: b9001fa0 str w0, [x29, #28]
400594: b0000080 adrp x0, 411000 <__libc_start_main@GLIBC_2.17>
400598: 9100d000 add x0, x0, #0x34
40059c: b9400001 ldr w1, [x0] <----- w1为变量d,加载的为x0地址内的值
400594: b0000080 adrp x0, 411000 <__libc_start_main@GLIBC_2.17>
400598: 9100d000 add x0, x0, #0x34 <---- x0基地址为411000然后加上0x34的偏移,得到 0x411034
40059c: b9400001 ldr w1, [x0]
....
String段
printf("%d....") 里面的固定字符串是放在了.rodata段,该段只读特性, const也会存入该段
Contents of section .rodata:
400668 01000200 00000000 00000000 00000000 ................
400678 00000000 00000000 68656c6c 6f776f72 ........hellowor
400688 6c642125 640a00 ld!%d..
这个很明显了,放在地址,0x400680起始,可以找到指令段:
000000000040055c :
40055c: a9be7bfd stp x29, x30, [sp, #-32]!
400560: 910003fd mov x29, sp
400564: b9001fa0 str w0, [x29, #28]
400568: 90000000 adrp x0, 400000 <_init-0x3e8>
40056c: 911a0000 add x0, x0, #0x680 <- string的地址 0x400680被load进入x0寄存器
400570: b9401fa1 ldr w1, [x29, #28]
400574: 97ffffb7 bl 400450
400578: d503201f nop
40057c: a8c27bfd ldp x29, x30, [sp], #32
400580: d65f03c0 ret
BSS段
- 符号表(Symbol Table)
- static int x1 = 0; 即便是初始化,由于编译器的优化问题,也有可能会被放在.bss段.
- aarch64-linux-gnu-objdump -s -d 不显示.bss段的内容.
自定义段
objcopy
把文件代码段化,使用aarch-linux-gnu-objcopy工具,例如把 objdump_h.txt文件代码段化:
aarch64-linux-gnu-objcopy -I binary -O elf64-littleaarch64 objdump_h.txt text.o
$ aarch64-linux-gnu-objdump -ht text.o
text.o: file format elf64-little
Sections:
Idx Name Size VMA LMA File off Algn
0 .data 000010be 0000000000000000 0000000000000000 00000040 2**0
CONTENTS, ALLOC, LOAD, DATA
SYMBOL TABLE:
0000000000000000 l d .data 0000000000000000 .data
0000000000000000 g .data 0000000000000000 _binary_objdump_h_txt_start
00000000000010be g .data 0000000000000000 _binary_objdump_h_txt_end
00000000000010be g *ABS* 0000000000000000 _binary_objdump_h_txt_size
__attribute__自定义段
__attribute__((section("FOO"))) int global =4
__attribute__((section("BAR"))) void foo() {}
把global变量映射到CARLOS_DATA段,把func2映射到CARLOS_FUNC段中。
#include
int a = 84;
int b;
const int g = 0xAA;
void func(int i)
{
printf("helloworld!%d\n", i);
}
__attribute((section("CARLOS_DATA"))) int name = 4;
__attribute((section("CARLOS_FUNC"))) int func2 (void){
int m = 9, n = 10;
int q;
q = m+n;
return q;
}
int main(void)
{
static int var_1 = 85;
static int var_2;
int c = 6;
int d;
func(var_1 + var_2 + c + d);
return c;
}
编译 -> 使用aarch64-linux-gnu-objdump -h main 查看
13 CARLOS_FUNC 00000030 0000000000400654 0000000000400654 00000654 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
14 .fini 00000010 0000000000400684 0000000000400684 00000684 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
15 .rodata 0000002f 0000000000400698 0000000000400698 00000698 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
16 .eh_frame 00000004 00000000004006c8 00000000004006c8 000006c8 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
17 .init_array 00000008 0000000000410df8 0000000000410df8 00000df8 2**3
CONTENTS, ALLOC, LOAD, DATA
18 .fini_array 00000008 0000000000410e00 0000000000410e00 00000e00 2**3
CONTENTS, ALLOC, LOAD, DATA
19 .dynamic 000001d0 0000000000410e08 0000000000410e08 00000e08 2**3
CONTENTS, ALLOC, LOAD, DATA
20 .got 00000010 0000000000410fd8 0000000000410fd8 00000fd8 2**3
CONTENTS, ALLOC, LOAD, DATA
21 .got.plt 00000038 0000000000410fe8 0000000000410fe8 00000fe8 2**3
CONTENTS, ALLOC, LOAD, DATA
22 .data 00000018 0000000000411020 0000000000411020 00001020 2**3
CONTENTS, ALLOC, LOAD, DATA
23 CARLOS_DATA 00000004 0000000000411038 0000000000411038 00001038 2**2
CONTENTS, ALLOC, LOAD, DATA
24 .bss 0000000c 000000000041103c 000000000041103c 0000103c 2**2
ALLOC
25 .comment 00000024 0000000000000000 0000000000000000 0000103c 2**0
CONTENTS, READONLY
第13 line 和23 line 分别为我们自己映射的区域。
附录I:a.out objdump文件
a.out: file format elf64-littleaarch64
Contents of section .interp:
400200 2f6c6962 2f6c642d 6c696e75 782d6161 /lib/ld-linux-aa
400210 72636836 342e736f 2e3100 rch64.so.1.
Contents of section .note.ABI-tag:
40021c 04000000 10000000 01000000 474e5500 ............GNU.
40022c 00000000 03000000 07000000 00000000 ................
Contents of section .note.gnu.build-id:
40023c 04000000 14000000 03000000 474e5500 ............GNU.
40024c b5345575 e47d2302 2f0a0c94 37de1666 .4Uu.}#./...7..f
40025c a10ff265 ...e
Contents of section .hash:
400260 03000000 05000000 02000000 01000000 ................
400270 04000000 00000000 00000000 00000000 ................
400280 00000000 03000000 ........
Contents of section .dynsym:
400288 00000000 00000000 00000000 00000000 ................
400298 00000000 00000000 18000000 12000000 ................
4002a8 00000000 00000000 00000000 00000000 ................
4002b8 2a000000 20000000 00000000 00000000 *... ...........
4002c8 00000000 00000000 0b000000 12000000 ................
4002d8 00000000 00000000 00000000 00000000 ................
4002e8 11000000 12000000 00000000 00000000 ................
4002f8 00000000 00000000 ........
Contents of section .dynstr:
400300 006c6962 632e736f 2e360061 626f7274 .libc.so.6.abort
400310 00707269 6e746600 5f5f6c69 62635f73 .printf.__libc_s
400320 74617274 5f6d6169 6e005f5f 676d6f6e tart_main.__gmon
400330 5f737461 72745f5f 00474c49 42435f32 _start__.GLIBC_2
400340 2e313700 .17.
Contents of section .gnu.version:
400344 00000200 00000200 0200 ..........
Contents of section .gnu.version_r:
400350 01000100 01000000 10000000 00000000 ................
400360 97919606 00000200 39000000 00000000 ........9.......
Contents of section .rela.dyn:
400370 e00f4100 00000000 01040000 02000000 ..A.............
400380 00000000 00000000 ........
Contents of section .rela.plt:
400388 00104100 00000000 02040000 01000000 ..A.............
400398 00000000 00000000 08104100 00000000 ..........A.....
4003a8 02040000 02000000 00000000 00000000 ................
4003b8 10104100 00000000 02040000 03000000 ..A.............
4003c8 00000000 00000000 18104100 00000000 ..........A.....
4003d8 02040000 04000000 00000000 00000000 ................
Contents of section .init:
4003e8 fd7bbfa9 fd030091 2e000094 fd7bc1a8 .{...........{..
4003f8 c0035fd6 .._.
Contents of section .plt:
400400 f07bbfa9 90000090 11fe47f9 10e23f91 .{........G...?.
400410 20021fd6 1f2003d5 1f2003d5 1f2003d5 .... ... ... ..
400420 900000b0 110240f9 10020091 20021fd6 ......@..... ...
400430 900000b0 110640f9 10220091 20021fd6 ......@..".. ...
400440 900000b0 110a40f9 10420091 20021fd6 [email protected].. ...
400450 900000b0 110e40f9 10620091 20021fd6 [email protected].. ...
Contents of section .text:
400460 1d0080d2 1e0080d2 e50300aa e10340f9 ..............@.
400470 e2230091 e6030091 c0000058 e3000058 .#.........X...X
400480 04010058 e7ffff97 eeffff97 00000000 ...X............
400490 84054000 00000000 d0054000 00000000 ..@.......@.....
4004a0 50064000 00000000 80000090 00f047f9 [email protected].
4004b0 400000b4 dfffff17 c0035fd6 00000000 @........._.....
4004c0 800000b0 00e00091 810000b0 21e00091 ............!...
4004d0 3f0000eb a0000054 01000090 213843f9 ?......T....!8C.
4004e0 410000b4 20001fd6 c0035fd6 1f2003d5 A... ....._.. ..
4004f0 800000b0 00e00091 810000b0 21e00091 ............!...
400500 210000cb 21fc4393 21fc418b 21fc4193 !...!.C.!.A.!.A.
400510 a10000b4 02000090 423c43f9 420000b4 ........B....
00d0 02071200 00000204 07050000 00020807 ................
00e0 00000000 02010640 00000002 02052500 .......@......%.
00f0 00000304 05696e74 00044700 00000208 .....int..G.....
0100 055e0100 00020108 47000000 052f0000 .^......G..../..
0110 0001184e 00000009 03680640 00000000 ...N.....h.@....
0120 00009a00 00000200 52000000 08018100 ........R.......
0130 00000000 00002e2e 2f737973 64657073 ......../sysdeps
0140 2f616172 63683634 2f637274 692e5300 /aarch64/crti.S.
0150 2f686f6d 652f7463 77672d62 75696c64 /home/tcwg-build
0160 736c6176 652f776f 726b7370 6163652f slave/workspace/
0170 74637767 2d6d616b 652d7265 6c656173 tcwg-make-releas
0180 655f302f 736e6170 73686f74 732f676c e_0/snapshots/gl
0190 6962632e 6769747e 72656c65 6173657e ibc.git~release~
01a0 322e3235 7e6d6173 7465722f 63737500 2.25~master/csu.
01b0 474e5520 41532032 2e32382e 32000180 GNU AS 2.28.2...
01c0 bb010000 04006400 00000801 81010000 ......d.........
01d0 0c4c0200 00f90000 00d00540 00000000 .L.........@....
01e0 00840000 00000000 00fd0000 00020805 ................
01f0 5e010000 037a0100 0002d844 00000004 ^....z.....D....
0200 34000000 02080700 00000002 04070500 4...............
0210 00000208 05590100 00021004 ad020000 .....Y..........
0220 056b0000 006b0000 00060007 08710000 .k...k.......q..
0230 00088600 00000986 00000009 8d000000 ................
0240 098d0000 00000a04 05696e74 00070893 .........int....
0250 00000007 08990000 00020108 47000000 ............G...
0260 0b780200 00012860 0000000b b9020000 .x....(`........
0270 012a6000 00000b67 01000001 2c600000 .*`....g....,`..
0280 000bcd02 0000012e 60000000 05d70000 ........`.......
0290 00d70000 00060007 08dd0000 000c0b39 ...............9
02a0 02000001 30cc0000 000b6702 00000131 ....0.....g....1
02b0 cc000000 0d570200 00015f50 06400000 .....W...._P.@..
02c0 00000004 00000000 00000001 9c0e9802 ................
02d0 00000143 d0054000 00000000 80000000 ...C..@.........
02e0 00000000 019cb301 00000f8e 02000001 ................
02f0 43860000 00000000 000fa802 00000143 C..............C
0300 8d000000 4c000000 0f340200 0001438d ....L....4....C.
0310 00000098 00000010 93020000 01563f00 .............V?.
0320 0000e400 0000110c 06400000 00000030 [email protected]
0330 00000000 000000a5 01000012 69000157 ............i..W
0340 34000000 07010000 13300640 00000000 4........0.@....
0350 00140150 02860014 01510287 00140152 ...P.....Q.....R
0360 02880000 00150c06 40000000 0000b301 ........@.......
0370 00000016 a2020000 a2020000 0137009a .............7..
0380 00000002 007c0100 00080103 02000050 .....|.........P
0390 0000002e 2e2f7379 73646570 732f6161 ...../sysdeps/aa
03a0 72636836 342f6372 746e2e53 002f686f rch64/crtn.S./ho
03b0 6d652f74 6377672d 6275696c 64736c61 me/tcwg-buildsla
03c0 76652f77 6f726b73 70616365 2f746377 ve/workspace/tcw
03d0 672d6d61 6b652d72 656c6561 73655f30 g-make-release_0
03e0 2f736e61 7073686f 74732f67 6c696263 /snapshots/glibc
03f0 2e676974 7e72656c 65617365 7e322e32 .git~release~2.2
0400 357e6d61 73746572 2f637375 00474e55 5~master/csu.GNU
0410 20415320 322e3238 2e320001 80 AS 2.28.2...
Contents of section .debug_abbrev:
0000 01110010 06110112 0103081b 08250813 .............%..
0010 05000000 01110125 0e130b03 0e1b0e10 .......%........
0020 17000002 24000b0b 3e0b030e 00000324 ....$...>......$
0030 000b0b3e 0b030800 00042600 49130000 ...>......&.I...
0040 05340003 0e3a0b3b 0b49133f 19021800 .4...:.;.I.?....
0050 00000111 00100655 0603081b 08250813 .......U.....%..
0060 05000000 01110125 0e130b03 0e1b0e11 .......%........
0070 01120710 17000002 24000b0b 3e0b030e ........$...>...
0080 00000316 00030e3a 0b3b0b49 13000004 .......:.;.I....
0090 26004913 00000501 01491301 13000006 &.I......I......
00a0 21000000 070f000b 0b491300 00081501 !........I......
00b0 27190113 00000905 00491300 000a2400 '........I....$.
00c0 0b0b3e0b 03080000 0b340003 0e3a0b3b ..>......4...:.;
00d0 0b49133f 193c1900 000c1500 27190000 .I.?.<......'...
00e0 0d2e003f 19030e3a 0b3b0b27 19110112 ...?...:.;.'....
00f0 07401897 42190000 0e2e013f 19030e3a [email protected]......?...:
0100 0b3b0b27 19110112 07401897 42190113 .;.'[email protected]...
0110 00000f05 00030e3a 0b3b0b49 13021700 .......:.;.I....
0120 00103400 030e3a0b 3b0b4913 02170000 ..4...:.;.I.....
0130 110b0111 01120701 13000012 34000308 ............4...
0140 3a0b3b0b 49130217 00001389 82010111 :.;.I...........
0150 01000014 8a820100 02189142 18000015 ...........B....
0160 89820100 11013113 0000162e 003f193c ......1......?.<
0170 196e0e03 0e3a0b3b 0b000000 01110010 .n...:.;........
0180 06550603 081b0825 08130500 0000 .U.....%......
Contents of section .debug_line:
0000 56000000 02003100 00000401 fb0e0d00 V.....1.........
0010 01010101 00000001 0000012e 2e2f7379 ............./sy
0020 73646570 732f6161 72636836 34000073 sdeps/aarch64..s
0030 74617274 2e530001 00000000 09026004 tart.S........`.
0040 40000000 00000331 01212323 2123030d @......1.!##!#..
0050 20212127 23020800 01012300 00000200 !!'#.....#.....
0060 1d000000 0401fb0e 0d000101 01010000 ................
0070 00010000 0100696e 69742e63 00000000 ......init.c....
0080 00780000 00020030 00000004 01fb0e0d .x.....0........
0090 00010101 01000000 01000001 2e2e2f73 ............../s
00a0 79736465 70732f61 61726368 36340000 ysdeps/aarch64..
00b0 63727469 2e530001 00000000 0902a804 crti.S..........
00c0 40000000 0000033e 01212121 22020100 @......>.!!!"...
00d0 01010009 02e80340 00000000 0003cc00 .......@........
00e0 01212202 01000101 00090254 06400000 .!"........T.@..
00f0 00000003 d9000121 02010001 01020100 .......!........
0100 000200b8 00000004 01fb0e0d 00010101 ................
0110 01000000 01000001 2f686f6d 652f7463 ......../home/tc
0120 77672d62 75696c64 736c6176 652f776f wg-buildslave/wo
0130 726b7370 6163652f 74637767 2d6d616b rkspace/tcwg-mak
0140 652d7265 6c656173 655f302f 5f627569 e-release_0/_bui
0150 6c642f62 75696c64 732f6465 73746469 ld/builds/destdi
0160 722f7838 365f3634 2d756e6b 6e6f776e r/x86_64-unknown
0170 2d6c696e 75782d67 6e752f6c 69622f67 -linux-gnu/lib/g
0180 63632f61 61726368 36342d6c 696e7578 cc/aarch64-linux
0190 2d676e75 2f372e35 2e302f69 6e636c75 -gnu/7.5.0/inclu
01a0 64650000 656c662d 696e6974 2e630000 de..elf-init.c..
01b0 00007374 64646566 2e680001 00000000 ..stddef.h......
01c0 0902d005 40000000 000003c3 00010312 ....@...........
01d0 3c036e4a 03122003 6e200312 3c036e20 <.nJ.. .n ..<.n
01e0 030f2024 2e000204 03210002 04034900 .. $.....!....I.
01f0 02040321 00020403 1f3e5f03 0a010201 ...!.....>_.....
0200 0001015e 00000002 00300000 000401fb ...^.....0......
0210 0e0d0001 01010100 00000100 00012e2e ................
0220 2f737973 64657073 2f616172 63683634 /sysdeps/aarch64
0230 00006372 746e2e53 00010000 00000902 ..crtn.S........
0240 f4034000 00000000 03280121 02010001 ..@......(.!....
0250 01000902 5c064000 00000000 032c0121 ....\.@......,.!
0260 02010001 01 .....
Contents of section .debug_frame:
0000 0c000000 ffffffff 01000478 1e0c1f00 ...........x....
0010 3c000000 00000000 d0054000 00000000 <.........@.....
0020 80000000 00000000 410e409d 089e0741 [email protected]
0030 0d1d4194 05950447 96039702 98014793 ..A....G......G.
0040 064ad344 deddd8d6 d7d4d50c 1f000000 .J.D............
0050 14000000 00000000 50064000 00000000 ........P.@.....
0060 04000000 00000000 ........
Contents of section .debug_str:
0000 6c6f6e67 20756e73 69676e65 6420696e long unsigned in
0010 74007368 6f727420 756e7369 676e6564 t.short unsigned
0020 20696e74 0073686f 72742069 6e74005f int.short int._
0030 494f5f73 7464696e 5f757365 6400756e IO_stdin_used.un
0040 7369676e 65642063 68617200 474e5520 signed char.GNU
0050 43313120 372e352e 30202d6d 61726368 C11 7.5.0 -march
0060 3d61726d 76382d61 202d6d6c 6974746c =armv8-a -mlittl
0070 652d656e 6469616e 202d6d61 62693d6c e-endian -mabi=l
0080 70363420 2d67202d 4f32202d 7374643d p64 -g -O2 -std=
0090 676e7531 31202d66 676e7538 392d696e gnu11 -fgnu89-in
00a0 6c696e65 202d666d 65726765 2d616c6c line -fmerge-all
00b0 2d636f6e 7374616e 7473202d 66726f75 -constants -frou
00c0 6e64696e 672d6d61 7468202d 666e6f2d nding-math -fno-
00d0 73746163 6b2d7072 6f746563 746f7220 stack-protector
00e0 2d66746c 732d6d6f 64656c3d 696e6974 -ftls-model=init
00f0 69616c2d 65786563 002f686f 6d652f74 ial-exec./home/t
0100 6377672d 6275696c 64736c61 76652f77 cwg-buildslave/w
0110 6f726b73 70616365 2f746377 672d6d61 orkspace/tcwg-ma
0120 6b652d72 656c6561 73655f30 2f736e61 ke-release_0/sna
0130 7073686f 74732f67 6c696263 2e676974 pshots/glibc.git
0140 7e72656c 65617365 7e322e32 357e6d61 ~release~2.25~ma
0150 73746572 2f637375 006c6f6e 67206c6f ster/csu.long lo
0160 6e672069 6e74005f 5f696e69 745f6172 ng int.__init_ar
0170 7261795f 73746172 74007369 7a655f74 ray_start.size_t
0180 00474e55 20433131 20372e35 2e30202d .GNU C11 7.5.0 -
0190 6d617263 683d6172 6d76382d 61202d6d march=armv8-a -m
01a0 6c697474 6c652d65 6e646961 6e202d6d little-endian -m
01b0 6162693d 6c703634 202d6720 2d4f3220 abi=lp64 -g -O2
01c0 2d737464 3d676e75 3131202d 66676e75 -std=gnu11 -fgnu
01d0 38392d69 6e6c696e 65202d66 6d657267 89-inline -fmerg
01e0 652d616c 6c2d636f 6e737461 6e747320 e-all-constants
01f0 2d66726f 756e6469 6e672d6d 61746820 -frounding-math
0200 2d666e6f 2d737461 636b2d70 726f7465 -fno-stack-prote
0210 63746f72 202d6650 4943202d 66746c73 ctor -fPIC -ftls
0220 2d6d6f64 656c3d69 6e697469 616c2d65 -model=initial-e
0230 78656300 656e7670 005f5f66 696e695f xec.envp.__fini_
0240 61727261 795f7374 61727400 656c662d array_start.elf-
0250 696e6974 2e63005f 5f6c6962 635f6373 init.c.__libc_cs
0260 755f6669 6e69005f 5f66696e 695f6172 u_fini.__fini_ar
0270 7261795f 656e6400 5f5f7072 65696e69 ray_end.__preini
0280 745f6172 7261795f 73746172 74006172 t_array_start.ar
0290 67630073 697a6500 5f5f6c69 62635f63 gc.size.__libc_c
02a0 73755f69 6e697400 61726776 006c6f6e su_init.argv.lon
02b0 6720646f 75626c65 005f5f70 7265696e g double.__prein
02c0 69745f61 72726179 5f656e64 005f5f69 it_array_end.__i
02d0 6e69745f 61727261 795f656e 6400 nit_array_end.
Contents of section .debug_loc:
0000 00000000 00000000 3b000000 00000000 ........;.......
0010 0100503b 00000000 00000074 00000000 ..P;.......t....
0020 00000001 00667400 00000000 00008000 .....ft.........
0030 00000000 00000400 f301509f 00000000 ..........P.....
0040 00000000 00000000 00000000 00000000 ................
0050 00000000 3b000000 00000000 0100513b ....;.........Q;
0060 00000000 00000074 00000000 00000001 .......t........
0070 00677400 00000000 00008000 00000000 .gt.............
0080 00000400 f301519f 00000000 00000000 ......Q.........
0090 00000000 00000000 00000000 00000000 ................
00a0 3b000000 00000000 0100523b 00000000 ;.........R;....
00b0 00000078 00000000 00000001 00687800 ...x.........hx.
00c0 00000000 00008000 00000000 00000400 ................
00d0 f301529f 00000000 00000000 00000000 ..R.............
00e0 00000000 3c000000 00000000 70000000 ....<.......p...
00f0 00000000 01006400 00000000 00000000 ......d.........
0100 00000000 0000003c 00000000 00000048 .......<.......H
0110 00000000 00000002 00309f48 00000000 .........0.H....
0120 0000005c 00000000 00000001 00635c00 ...\.........c\.
0130 00000000 00006000 00000000 00000300 ......`.........
0140 837f9f60 00000000 0000006c 00000000 ...`.......l....
0150 00000001 00630000 00000000 00000000 .....c..........
0160 00000000 0000 ......
Contents of section .debug_ranges:
0000 ffffffff ffffffff 00000000 00000000 ................
0010 a8044000 00000000 bc044000 00000000 ..@.......@.....
0020 e8034000 00000000 f4034000 00000000 ..@.......@.....
0030 54064000 00000000 5c064000 00000000 T.@.....\.@.....
0040 00000000 00000000 00000000 00000000 ................
0050 ffffffff ffffffff 00000000 00000000 ................
0060 f4034000 00000000 fc034000 00000000 ..@.......@.....
0070 5c064000 00000000 64064000 00000000 \[email protected].@.....
0080 00000000 00000000 00000000 00000000 ................
Disassembly of section .init:
00000000004003e8 <_init>:
4003e8: a9bf7bfd stp x29, x30, [sp, #-16]!
4003ec: 910003fd mov x29, sp
4003f0: 9400002e bl 4004a8
4003f4: a8c17bfd ldp x29, x30, [sp], #16
4003f8: d65f03c0 ret
Disassembly of section .plt:
0000000000400400 <.plt>:
400400: a9bf7bf0 stp x16, x30, [sp, #-16]!
400404: 90000090 adrp x16, 410000 <__FRAME_END__+0xf970>
400408: f947fe11 ldr x17, [x16, #4088]
40040c: 913fe210 add x16, x16, #0xff8
400410: d61f0220 br x17
400414: d503201f nop
400418: d503201f nop
40041c: d503201f nop
0000000000400420 <__libc_start_main@plt>:
400420: b0000090 adrp x16, 411000 <__libc_start_main@GLIBC_2.17>
400424: f9400211 ldr x17, [x16]
400428: 91000210 add x16, x16, #0x0
40042c: d61f0220 br x17
0000000000400430 <__gmon_start__@plt>:
400430: b0000090 adrp x16, 411000 <__libc_start_main@GLIBC_2.17>
400434: f9400611 ldr x17, [x16, #8]
400438: 91002210 add x16, x16, #0x8
40043c: d61f0220 br x17
0000000000400440 :
400440: b0000090 adrp x16, 411000 <__libc_start_main@GLIBC_2.17>
400444: f9400a11 ldr x17, [x16, #16]
400448: 91004210 add x16, x16, #0x10
40044c: d61f0220 br x17
0000000000400450 :
400450: b0000090 adrp x16, 411000 <__libc_start_main@GLIBC_2.17>
400454: f9400e11 ldr x17, [x16, #24]
400458: 91006210 add x16, x16, #0x18
40045c: d61f0220 br x17
Disassembly of section .text:
0000000000400460 <_start>:
400460: d280001d mov x29, #0x0 // #0
400464: d280001e mov x30, #0x0 // #0
400468: aa0003e5 mov x5, x0
40046c: f94003e1 ldr x1, [sp]
400470: 910023e2 add x2, sp, #0x8
400474: 910003e6 mov x6, sp
400478: 580000c0 ldr x0, 400490 <_start+0x30>
40047c: 580000e3 ldr x3, 400498 <_start+0x38>
400480: 58000104 ldr x4, 4004a0 <_start+0x40>
400484: 97ffffe7 bl 400420 <__libc_start_main@plt>
400488: 97ffffee bl 400440
40048c: 00000000 .inst 0x00000000 ; undefined
400490: 00400584 .word 0x00400584
400494: 00000000 .word 0x00000000
400498: 004005d0 .word 0x004005d0
40049c: 00000000 .word 0x00000000
4004a0: 00400650 .word 0x00400650
4004a4: 00000000 .word 0x00000000
00000000004004a8 :
4004a8: 90000080 adrp x0, 410000 <__FRAME_END__+0xf970>
4004ac: f947f000 ldr x0, [x0, #4064]
4004b0: b4000040 cbz x0, 4004b8
4004b4: 17ffffdf b 400430 <__gmon_start__@plt>
4004b8: d65f03c0 ret
4004bc: 00000000 .inst 0x00000000 ; undefined
00000000004004c0 :
4004c0: b0000080 adrp x0, 411000 <__libc_start_main@GLIBC_2.17>
4004c4: 9100e000 add x0, x0, #0x38
4004c8: b0000081 adrp x1, 411000 <__libc_start_main@GLIBC_2.17>
4004cc: 9100e021 add x1, x1, #0x38
4004d0: eb00003f cmp x1, x0
4004d4: 540000a0 b.eq 4004e8 // b.none
4004d8: 90000001 adrp x1, 400000 <_init-0x3e8>
4004dc: f9433821 ldr x1, [x1, #1648]
4004e0: b4000041 cbz x1, 4004e8
4004e4: d61f0020 br x1
4004e8: d65f03c0 ret
4004ec: d503201f nop
00000000004004f0 :
4004f0: b0000080 adrp x0, 411000 <__libc_start_main@GLIBC_2.17>
4004f4: 9100e000 add x0, x0, #0x38
4004f8: b0000081 adrp x1, 411000 <__libc_start_main@GLIBC_2.17>
4004fc: 9100e021 add x1, x1, #0x38
400500: cb000021 sub x1, x1, x0
400504: 9343fc21 asr x1, x1, #3
400508: 8b41fc21 add x1, x1, x1, lsr #63
40050c: 9341fc21 asr x1, x1, #1
400510: b40000a1 cbz x1, 400524
400514: 90000002 adrp x2, 400000 <_init-0x3e8>
400518: f9433c42 ldr x2, [x2, #1656]
40051c: b4000042 cbz x2, 400524
400520: d61f0040 br x2
400524: d65f03c0 ret
0000000000400528 <__do_global_dtors_aux>:
400528: a9be7bfd stp x29, x30, [sp, #-32]!
40052c: 910003fd mov x29, sp
400530: f9000bf3 str x19, [sp, #16]
400534: b0000093 adrp x19, 411000 <__libc_start_main@GLIBC_2.17>
400538: 3940e260 ldrb w0, [x19, #56]
40053c: 35000080 cbnz w0, 40054c <__do_global_dtors_aux+0x24>
400540: 97ffffe0 bl 4004c0
400544: 52800020 mov w0, #0x1 // #1
400548: 3900e260 strb w0, [x19, #56]
40054c: f9400bf3 ldr x19, [sp, #16]
400550: a8c27bfd ldp x29, x30, [sp], #32
400554: d65f03c0 ret
0000000000400558 :
400558: 17ffffe6 b 4004f0
000000000040055c :
40055c: a9be7bfd stp x29, x30, [sp, #-32]!
400560: 910003fd mov x29, sp
400564: b9001fa0 str w0, [x29, #28]
400568: 90000000 adrp x0, 400000 <_init-0x3e8>
40056c: 911a0000 add x0, x0, #0x680
400570: b9401fa1 ldr w1, [x29, #28]
400574: 97ffffb7 bl 400450
400578: d503201f nop
40057c: a8c27bfd ldp x29, x30, [sp], #32
400580: d65f03c0 ret
0000000000400584 :
400584: a9be7bfd stp x29, x30, [sp, #-32]!
400588: 910003fd mov x29, sp
40058c: 528000c0 mov w0, #0x6 // #6
400590: b9001fa0 str w0, [x29, #28]
400594: b0000080 adrp x0, 411000 <__libc_start_main@GLIBC_2.17>
400598: 9100d000 add x0, x0, #0x34
40059c: b9400001 ldr w1, [x0]
4005a0: b0000080 adrp x0, 411000 <__libc_start_main@GLIBC_2.17>
4005a4: 9100f000 add x0, x0, #0x3c
4005a8: b9400000 ldr w0, [x0]
4005ac: 0b000021 add w1, w1, w0
4005b0: b9401fa0 ldr w0, [x29, #28]
4005b4: 0b000021 add w1, w1, w0
4005b8: b9401ba0 ldr w0, [x29, #24]
4005bc: 0b000020 add w0, w1, w0
4005c0: 97ffffe7 bl 40055c
4005c4: b9401fa0 ldr w0, [x29, #28]
4005c8: a8c27bfd ldp x29, x30, [sp], #32
4005cc: d65f03c0 ret
00000000004005d0 <__libc_csu_init>:
4005d0: a9bc7bfd stp x29, x30, [sp, #-64]!
4005d4: 910003fd mov x29, sp
4005d8: a901d7f4 stp x20, x21, [sp, #24]
4005dc: 90000094 adrp x20, 410000 <__FRAME_END__+0xf970>
4005e0: 90000095 adrp x21, 410000 <__FRAME_END__+0xf970>
4005e4: 91380294 add x20, x20, #0xe00
4005e8: 9137e2b5 add x21, x21, #0xdf8
4005ec: a902dff6 stp x22, x23, [sp, #40]
4005f0: cb150294 sub x20, x20, x21
4005f4: f9001ff8 str x24, [sp, #56]
4005f8: 2a0003f6 mov w22, w0
4005fc: aa0103f7 mov x23, x1
400600: 9343fe94 asr x20, x20, #3
400604: aa0203f8 mov x24, x2
400608: 97ffff78 bl 4003e8 <_init>
40060c: b4000194 cbz x20, 40063c <__libc_csu_init+0x6c>
400610: f9000bb3 str x19, [x29, #16]
400614: d2800013 mov x19, #0x0 // #0
400618: f8737aa3 ldr x3, [x21, x19, lsl #3]
40061c: aa1803e2 mov x2, x24
400620: aa1703e1 mov x1, x23
400624: 2a1603e0 mov w0, w22
400628: 91000673 add x19, x19, #0x1
40062c: d63f0060 blr x3
400630: eb13029f cmp x20, x19
400634: 54ffff21 b.ne 400618 <__libc_csu_init+0x48> // b.any
400638: f9400bb3 ldr x19, [x29, #16]
40063c: a941d7f4 ldp x20, x21, [sp, #24]
400640: a942dff6 ldp x22, x23, [sp, #40]
400644: f9401ff8 ldr x24, [sp, #56]
400648: a8c47bfd ldp x29, x30, [sp], #64
40064c: d65f03c0 ret
0000000000400650 <__libc_csu_fini>:
400650: d65f03c0 ret
Disassembly of section .fini:
0000000000400654 <_fini>:
400654: a9bf7bfd stp x29, x30, [sp, #-16]!
400658: 910003fd mov x29, sp
40065c: a8c17bfd ldp x29, x30, [sp], #16
400660: d65f03c0 ret
参考文献:
Meaning of "CONTENTS, ALLOC, LOAD, READONLY, CODE" in ELF sections - Lynxbee