elf和AXF中头部信息分析

编译出来的可执行文件elf或者axf的理解一致被忽视，正确理解整体结构和内部细节可以自主的修改部分信息增加调试自由度。

elf文件全称是 Executable and Linking Format 是由编译器编译再由链接器链接而成

看头部信息可以利用linux下的readelf工具进行分析显示

readelf 的使用参数为

一般使用可以用 readelf -h  文件

看到内容为

里面可以看到有magic  class  data   version 。。。。

Figure 1-3. ELF Header
#define EI_NIDENT 16
typedef struct {

                       unsigned char  e_ident[EI_NIDENT];
                       Elf32_Half           e_type;
                       Elf32_Half          e_machine;
                       Elf32_Word        e_version;
                       Elf32_Addr         e_entry;
                       Elf32_Off            e_phoff;
                       Elf32_Off           e_shoff;
                       Elf32_Word       e_flags;
                       Elf32_Half        e_ehsize;
                       Elf32_Half        e_phentsize;
                       Elf32_Half         e_phnum;
                       Elf32_Half         e_shentsize;
                       Elf32_Half         e_shnum;
                       Elf32_Half         e_shstrndx;
} Elf32_Ehdr;
Name Value Meaning
ET_NONE 0 No file type
ET_REL 1 Relocatable file
ET_EXEC 2 Executable file
ET_DYN 3 Shared object file
ET_CORE 4 Core file
ET_LOPROC 0xff00 Processor-specific
ET_HIPROC 0xffff Processor-specific

ELF Header

Although the core file contents are unspecified, type ET_CORE is reserved to mark
the file type. Values from ET_LOPROC through ET_HIPROC (inclusive) are
reserved for processor-specific semantics. Other values are reserved and will be
assigned to new object file types as necessary.

e_machine

This member's value specifies the required architecture for an individual file.

Name          Value    Meaning
ET_NONE   0           No machine
EM_M32      1           AT&T WE 32100
EM_SPARC 2        SPARC
EM_386       3        Intel Architecture
EM_68K      4        Motorola 68000
EM_88K     5         Motorola 88000
EM_860     7          Intel 80860
EM_MIPS   8           MIPS RS3000 Big-Endian
EM_MIPS_RS4_BE 10     MIPS RS4000 Big-Endian
RESERVED 11-16 Reserved for future use

Other values are reserved and will be assigned to new machines as necessary.
Processor-specific ELF names use the machine name to distinguish them. For
example, the flags mentioned below use the prefix EF_; a flag named WIDGET for
the EM_XYZ machine would be called EF_XYZ_WIDGET.

e_version

This member identifies the object file version.

Name            Value         Meaning
EV_NONE         0            Invalid versionn
EV_CURRENT 1            Current version
The value 1 signifies the original file format; extensions will create new versions
with higher numbers. The value of EV_CURRENT, though given as 1 above, will
change as necessary to reflect the current version number.
e_entry

This member gives the virtual address to which the system first transfers control,
thus starting the process. If the file has no associated entry point, this member holds
zero.
e_phoff

This member holds the program header table's file offset in bytes. If the file has no
program header table, this member holds zero.
e_shoff

This member holds the section header table's file offset in bytes. If the file has no
section header table, this member holds zero.
e_flags

This member holds processor-specific flags associated with the file. Flag names
take the form EF_machine_flag.
e_ehsize

This member holds the ELF header's size in bytes.

以上这些是在Tool Interface Standard (TIS) Executable and Linking Format (ELF)  Specification   Version 1.2中摘抄   有兴趣想深入理解的可以在我的上传资源中找到原官方文档看一看