[Tool] readelf usage (사용법)

readelf

    1) elf header

        readelf -h  <- header info.

            ex. readelf -h zip

    

    2) program header

        readelf -l file_name

    

    3) section header

        readelf -S file_name

    4) symbol table

        readelf -s file_name

    

    5) print hexa values from the specific position

        ex. from 0x00ff0c about 0xc7

        od --skip-bytes 0x00ff0c --read-bytes 0xc7 -t x1z -A x zip

    

    

    ELF file types

        ET_EXEC : executables

        ET_REL  : (*.o) object file (links with other object files, must have sections)

        ET_DYN  : (*.so) dynamic libraries (linkes with other object files/executables, has both segments and sections)

        ET_CORE : core files (generated e.g. when program receives SIGABRT et al, has no sections, has segments (PT_LOAD/PT_NOTE)

ex.

readelf -s ./test

Symbol table '.dynsym' contains 64 entries:

   Num:    Value          Size Type    Bind   Vis      Ndx Name

     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 

     1: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __snprintf_chk@GLIBC_2.3.4 (2)

     2: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND free@GLIBC_2.2.5 (3)

     3: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND pthread_create@GLIBC_2.2.5 (4)

     4: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __errno_location@GLIBC_2.2.5 (4)

     5: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND clock_gettime@GLIBC_2.17 (5)

     6: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND getpid@GLIBC_2.2.5 (3)

     7: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __stack_chk_fail@GLIBC_2.4 (6)

     8: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.2.5 (3)

     9: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND pthread_attr_init@GLIBC_2.2.5 (4)

    10: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND sem_wait@GLIBC_2.2.5 (4)

    11: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND syscall@GLIBC_2.2.5 (3)

    12: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__

    13: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND prctl@GLIBC_2.2.5 (3)

    14: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND pthread_attr_setdetachsta@GLIBC_2.2.5 (4)

    15: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND malloc@GLIBC_2.2.5 (3)

    16: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND sem_post@GLIBC_2.2.5 (4)

readelf -h test.a

    ELF Header:

      Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 

      Class:                             ELF32

      Data:                              2's complement, little endian

      Version:                           1 (current)

      OS/ABI:                            UNIX - System V

      ABI Version:                       0

      Type:                              REL (Relocatable file)

      Machine:                           <unknown>: 0xc3

      Version:                           0x1

      Entry point address:               0x0

      Start of program headers:          0 (bytes into file)

      Start of section headers:          15868 (bytes into file)

      Flags:                             0x0

      Size of this header:               52 (bytes)

      Size of program headers:           0 (bytes)

      Number of program headers:         0

      Size of section headers:           40 (bytes)

      Number of section headers:         174

      Section header string table index: 173

    

    File: ./aoc16/emsk/obj_mw_arcem5d/libmidcommon.a(embARC_test.o)

    ELF Header:

    ...

readelf -l ./test

    Elf file type is EXEC (Executable file)

    Entry point 0x401298

    There are 9 program headers, starting at offset 64

    

    Program Headers:

      Type           Offset             VirtAddr           PhysAddr

                     FileSiz            MemSiz              Flags  Align

      PHDR           0x0000000000000040 0x0000000000400040 0x0000000000400040

                     0x00000000000001f8 0x00000000000001f8  R E    8

      INTERP         0x0000000000000238 0x0000000000400238 0x0000000000400238

                     0x000000000000001c 0x000000000000001c  R      1

          [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]

      LOAD           0x0000000000000000 0x0000000000400000 0x0000000000400000

                     0x0000000000002b6c 0x0000000000002b6c  R E    200000

      LOAD           0x0000000000002e18 0x0000000000602e18 0x0000000000602e18

                     0x0000000000000318 0x000000000000d408  RW     200000

      DYNAMIC        0x0000000000002e40 0x0000000000602e40 0x0000000000602e40

                     0x00000000000001a0 0x00000000000001a0  RW     8

      NOTE           0x0000000000000254 0x0000000000400254 0x0000000000400254

                     0x0000000000000044 0x0000000000000044  R      4

      GNU_EH_FRAME   0x00000000000026c0 0x00000000004026c0 0x00000000004026c0

                     0x00000000000000ec 0x00000000000000ec  R      4

      GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000

                     0x0000000000000000 0x0000000000000000  RW     8

      GNU_RELRO      0x0000000000002e18 0x0000000000602e18 0x0000000000602e18

                     0x00000000000001e8 0x00000000000001e8  R      1

    

     Section to Segment mapping:

      Segment Sections...

       00     

       01     .interp 

       02     .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 

       03     .ctors .dtors .jcr .dynamic .got .got.plt .data .bss 

       04     .dynamic 

       05     .note.ABI-tag .note.gnu.build-id 

       06     .eh_frame_hdr 

       07     

       08     .ctors .dtors .jcr .dynamic .got

readelf -l ./test

    Elf file type is EXEC (Executable file)

    Entry point 0x401298

    There are 9 program headers, starting at offset 64

    

    Program Headers:

      Type           Offset             VirtAddr           PhysAddr

                     FileSiz            MemSiz              Flags  Align

      PHDR           0x0000000000000040 0x0000000000400040 0x0000000000400040

                     0x00000000000001f8 0x00000000000001f8  R E    8

      INTERP         0x0000000000000238 0x0000000000400238 0x0000000000400238

                     0x000000000000001c 0x000000000000001c  R      1

          [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]

      LOAD           0x0000000000000000 0x0000000000400000 0x0000000000400000

                     0x0000000000002b6c 0x0000000000002b6c  R E    200000

      LOAD           0x0000000000002e18 0x0000000000602e18 0x0000000000602e18

                     0x0000000000000318 0x000000000000d408  RW     200000

      DYNAMIC        0x0000000000002e40 0x0000000000602e40 0x0000000000602e40

                     0x00000000000001a0 0x00000000000001a0  RW     8

      NOTE           0x0000000000000254 0x0000000000400254 0x0000000000400254

                     0x0000000000000044 0x0000000000000044  R      4

      GNU_EH_FRAME   0x00000000000026c0 0x00000000004026c0 0x00000000004026c0

                     0x00000000000000ec 0x00000000000000ec  R      4

      GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000

                     0x0000000000000000 0x0000000000000000  RW     8

      GNU_RELRO      0x0000000000002e18 0x0000000000602e18 0x0000000000602e18

                     0x00000000000001e8 0x00000000000001e8  R      1

    

     Section to Segment mapping:

      Segment Sections...

       00     

       01     .interp 

       02     .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 

       03     .ctors .dtors .jcr .dynamic .got .got.plt .data .bss 

       04     .dynamic 

       05     .note.ABI-tag .note.gnu.build-id 

       06     .eh_frame_hdr 

       07     

       08     .ctors .dtors .jcr .dynamic .got