如何查看ELF文件
来源:互联网 发布:淘宝买的lol号安全吗 编辑:程序博客网 时间:2024/06/06 01:43
查看elf文件
以一个简单的C程序为例:
#include <stdio.h>#include <string.h>int main(int argc, char**argv){ printf("build date: %s %s\n", __DATE__, __TIME__); return 0;}
编译、执行
➜ ~ gcc test.c -o test➜ ~ ./test build date: Nov 12 2017 22:07:06➜ ~
查看elf文件头信息–readelf -h
➜ ~ readelf -h testELF Header: Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: Advanced Micro Devices X86-64 Version: 0x1 Entry point address: 0x400430 Start of program headers: 64 (bytes into file) Start of section headers: 6624 (bytes into file) Flags: 0x0 Size of this header: 64 (bytes) Size of program headers: 56 (bytes) Number of program headers: 9 Size of section headers: 64 (bytes) Number of section headers: 31 Section header string table index: 28
查看Sections—readelf -S
➜ ~ readelf -S testThere are 31 section headers, starting at offset 0x19e0:Section Headers: [Nr] Name Type Address Offset Size EntSize Flags Link Info Align [ 0] NULL 0000000000000000 00000000 0000000000000000 0000000000000000 0 0 0 [ 1] .interp PROGBITS 0000000000400238 00000238 000000000000001c 0000000000000000 A 0 0 1 [ 2] .note.ABI-tag NOTE 0000000000400254 00000254 0000000000000020 0000000000000000 A 0 0 4 [ 3] .note.gnu.build-i NOTE 0000000000400274 00000274 0000000000000024 0000000000000000 A 0 0 4 [ 4] .gnu.hash GNU_HASH 0000000000400298 00000298 000000000000001c 0000000000000000 A 5 0 8 [ 5] .dynsym DYNSYM 00000000004002b8 000002b8 0000000000000060 0000000000000018 A 6 1 8 [ 6] .dynstr STRTAB 0000000000400318 00000318 000000000000003f 0000000000000000 A 0 0 1 [ 7] .gnu.version VERSYM 0000000000400358 00000358 0000000000000008 0000000000000002 A 5 0 2 [ 8] .gnu.version_r VERNEED 0000000000400360 00000360 0000000000000020 0000000000000000 A 6 1 8 [ 9] .rela.dyn RELA 0000000000400380 00000380 0000000000000018 0000000000000018 A 5 0 8 [10] .rela.plt RELA 0000000000400398 00000398 0000000000000030 0000000000000018 AI 5 24 8 [11] .init PROGBITS 00000000004003c8 000003c8 000000000000001a 0000000000000000 AX 0 0 4 [12] .plt PROGBITS 00000000004003f0 000003f0 0000000000000030 0000000000000010 AX 0 0 16 [13] .plt.got PROGBITS 0000000000400420 00000420 0000000000000008 0000000000000000 AX 0 0 8 [14] .text PROGBITS 0000000000400430 00000430 00000000000001a2 0000000000000000 AX 0 0 16 [15] .fini PROGBITS 00000000004005d4 000005d4 0000000000000009 0000000000000000 AX 0 0 4 [16] .rodata PROGBITS 00000000004005e0 000005e0 000000000000002c 0000000000000000 A 0 0 4 [17] .eh_frame_hdr PROGBITS 000000000040060c 0000060c 0000000000000034 0000000000000000 A 0 0 4 [18] .eh_frame PROGBITS 0000000000400640 00000640 00000000000000f4 0000000000000000 A 0 0 8 [19] .init_array INIT_ARRAY 0000000000600e10 00000e10 0000000000000008 0000000000000000 WA 0 0 8 [20] .fini_array FINI_ARRAY 0000000000600e18 00000e18 0000000000000008 0000000000000000 WA 0 0 8 [21] .jcr PROGBITS 0000000000600e20 00000e20 0000000000000008 0000000000000000 WA 0 0 8 [22] .dynamic DYNAMIC 0000000000600e28 00000e28 00000000000001d0 0000000000000010 WA 6 0 8 [23] .got PROGBITS 0000000000600ff8 00000ff8 0000000000000008 0000000000000008 WA 0 0 8 [24] .got.plt PROGBITS 0000000000601000 00001000 0000000000000028 0000000000000008 WA 0 0 8 [25] .data PROGBITS 0000000000601028 00001028 0000000000000010 0000000000000000 WA 0 0 8 [26] .bss NOBITS 0000000000601038 00001038 0000000000000008 0000000000000000 WA 0 0 1 [27] .comment PROGBITS 0000000000000000 00001038 0000000000000034 0000000000000001 MS 0 0 1 [28] .shstrtab STRTAB 0000000000000000 000018cd 000000000000010c 0000000000000000 0 0 1 [29] .symtab SYMTAB 0000000000000000 00001070 0000000000000648 0000000000000018 30 47 8 [30] .strtab STRTAB 0000000000000000 000016b8 0000000000000215 0000000000000000 0 0 1Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings), l (large) I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown) O (extra OS processing required) o (OS specific), p (processor specific)➜ ~
查看符号表,并排序 – readelf -s
通过readelf -s命令可以查看符号表。
通过awk命令可以提取出类型、符号名、大小等信息。
通过sort可以对符号表进行排序。
通过grep命令可以提取出OBJ或者FUNCTION。
这些命令的组合,可以实现很多强大的功能。
如下图查看test里面最大的函数:
➜ ~ readelf -s test |awk '{print $3"\t"$4"\t"$8}' |grep FUNC |sort -rh |head -n 5101 FUNC __libc_csu_init47 FUNC main42 FUNC _start2 FUNC __libc_csu_fini0 FUNC register_tm_clones
如下图查看test里面最大的变量:
➜ ~ readelf -s test |awk '{print $3"\t"$4"\t"$8}' |grep OBJ |sort -rh |head -n 14 OBJECT _IO_stdin_used
阅读全文
0 0
- 如何查看ELF文件
- 查看ELF 文件版本信息
- ELF Bin 文件查看 ELF Bin 文件区别
- ELF Bin 文件查看 ELF Bin 文件区别
- ELF文件查看利器之objdump用法
- ELF文件查看利器之readelf用法
- csky elf文件 查看符号表
- linux file命令查看elf文件信息
- ELF文件查看利器之objdump用法
- ELF文件查看利器之objdump用法
- 查看elf文件中的符号表
- 看开源代码如何解析ELF文件
- 对比objdump与readelf (elf 文件查看)
- 一个简单的elf文件头查看工具
- 使用010Editor模板查看ELF、DEX等文件结构
- ELF文件
- ELF文件
- ELF文件
- markdown语法之数学符号汇总
- 新增其他常用元素
- mybatis的批量删除
- Effective STL学习笔记-条款33
- SpringBoot学习笔记——浅谈AOP
- 如何查看ELF文件
- 设计模式--工厂模式
- 【总结】NOIP2017 提高组
- ntfs-3g MacOS High Sierra 10.13.1 brew编译失败解决方案
- 实验一:写一个hello world小程序
- [c/c++]c语言经典之求最大公约数的3中简单方法(速成)
- 批处理之优盘中毒处理
- 一、Linux内核简介
- 今天是个烧纸的日子