binary hacks读数笔记(readelf命令)

可以用readelf命令来查看elf文件内容，跟objdump相比，这个命令更详细。

1、 readelf -h SimpleSection.o

ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00       45为E 4C为L  46为F
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              REL (Relocatable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x0
  Start of program headers:          0 (bytes into file)
  Start of section headers:          1056 (bytes into file)        段表在文件中的偏移
  Flags:                             0x0
  Size of this header:               64 (bytes)                    文件头大小
  Size of program headers:           0 (bytes)
  Number of program headers:         0
  Size of section headers:           64 (bytes)                     每个段表结构大小
  Number of section headers:         13　　　　　　　　　　　　　　　　　　段表头数目
  Section header string table index: 12

 2、readelf -S   查看段表结构

There are 13 section headers, starting at offset 0x420:

Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 1] .text             PROGBITS         0000000000000000  00000040
       0000000000000054  0000000000000000  AX       0     0     1
  [ 2] .rela.text        RELA             0000000000000000  00000310
       0000000000000078  0000000000000018   I      10     1     8
  [ 3] .data             PROGBITS         0000000000000000  00000094
       0000000000000008  0000000000000000  WA       0     0     4
  [ 4] .bss              NOBITS           0000000000000000  0000009c
       0000000000000004  0000000000000000  WA       0     0     4
  [ 5] .rodata           PROGBITS         0000000000000000  0000009c
       0000000000000004  0000000000000000   A       0     0     1
  [ 6] .comment          PROGBITS         0000000000000000  000000a0
       000000000000002e  0000000000000001  MS       0     0     1
  [ 7] .note.GNU-stack   PROGBITS         0000000000000000  000000ce
       0000000000000000  0000000000000000           0     0     1
  [ 8] .eh_frame         PROGBITS         0000000000000000  000000d0
       0000000000000058  0000000000000000   A       0     0     8
  [ 9] .rela.eh_frame    RELA             0000000000000000  00000388
       0000000000000030  0000000000000018   I      10     8     8
  [10] .symtab           SYMTAB           0000000000000000  00000128
       0000000000000180  0000000000000018          11    11     8
  [11] .strtab           STRTAB           0000000000000000  000002a8
       0000000000000066  0000000000000000           0     0     1
  [12] .shstrtab         STRTAB           0000000000000000  000003b8
       0000000000000061  0000000000000000           0     0     1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
  L (link order), O (extra OS processing required), G (group), T (TLS),
  C (compressed), x (unknown), o (OS specific), E (exclude),
  l (large), p (processor specific)

There are 13 section headers, starting at offset 0x420:
目标文件大小1888字节，段表在0x420开始，每个section header 64 bytes(见头文件)
因而: 0x420  +  64*13(dec)=1056 + 832 =1888正好。

3、查看字符串表与段表字符串表内容

od --skip-bytes 0x000002a8 --read-bytes 0x66 -t x2z SimpleSection.o（参数见2中段表信息 偏移与大小）

0001250 5300 6d69 6c70 5365 6365 6974 6e6f 632e  >.SimpleSection.c<
0001270 7300 6174 6974 5f63 6176 2e72 3731 3033  >.static_var.1730<
0001310 7300 6174 6974 5f63 6176 3272 312e 3337  >.static_var2.173<
0001330 0031 6c67 626f 6c61 695f 696e 5f74 6176  >1.global_init_va<
0001350 0072 6c67 626f 6c61 755f 696e 696e 5f74  >r.global_uninit_<
0001370 6176 0072 7566 636e 0031 7270 6e69 6674  >var.func1.printf<
0001410 6d00 6961 006e                           >.main.<
0001416

4、查看段表字符串表内容

 od --skip-bytes 0x000003b8 --read-bytes 0x61 -t x1z SimpleSection.o

0001670 00 2e 73 79 6d 74 61 62 00 2e 73 74 72 74 61 62  >..symtab..strtab<
0001710 00 2e 73 68 73 74 72 74 61 62 00 2e 72 65 6c 61  >..shstrtab..rela<
0001730 2e 74 65 78 74 00 2e 64 61 74 61 00 2e 62 73 73  >.text..data..bss<
0001750 00 2e 72 6f 64 61 74 61 00 2e 63 6f 6d 6d 65 6e  >..rodata..commen<
0001770 74 00 2e 6e 6f 74 65 2e 47 4e 55 2d 73 74 61 63  >t..note.GNU-stac<
0002010 6b 00 2e 72 65 6c 61 2e 65 68 5f 66 72 61 6d 65  >k..rela.eh_frame<
0002030 00                                               >.<
0002031

5、查看符号表信息

readelf -s SimpleSection.c  （小 写 s）

Symbol table '.symtab' contains 16 entries:
   Num:    Value(符号值)    Size Type    Bind   Vis   Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS SimpleSection.c
     2: 0000000000000000     0 SECTION LOCAL  DEFAULT    1 
     3: 0000000000000000     0 SECTION LOCAL  DEFAULT    3 
     4: 0000000000000000     0 SECTION LOCAL  DEFAULT    4 
     5: 0000000000000000     0 SECTION LOCAL  DEFAULT    5 
     6: 0000000000000004     4 OBJECT  LOCAL  DEFAULT    3 static_var.1730
     7: 0000000000000000     4 OBJECT  LOCAL  DEFAULT    4 static_var2.1731
     8: 0000000000000000     0 SECTION LOCAL  DEFAULT    7 
     9: 0000000000000000     0 SECTION LOCAL  DEFAULT    8 
    10: 0000000000000000     0 SECTION LOCAL  DEFAULT    6 
    11: 0000000000000000     4 OBJECT  GLOBAL DEFAULT    3 global_init_var     全局变量，定义在第 3 段 （.data）
    12: 0000000000000004     4 OBJECT  GLOBAL DEFAULT  COM global_uninit_var
    13: 0000000000000000    33 FUNC    GLOBAL DEFAULT    1 func1
    14: 0000000000000000     0 NOTYPE  GLOBAL DEFAULT  UND printf
    15: 0000000000000021    51 FUNC    GLOBAL DEFAULT    1 main