最简单的elf文件分析
来源:互联网 发布:网络醉了是什么意思 编辑:程序博客网 时间:2024/05/29 16:30
1. 简单的elf 汇编程序, 用它直接生成二进制文件
2. 编译生成elf 文件
nasm -f bin -o asm2 asm2.s
chmod +x asm2
3. 这个elf 简短,只有91个字节,
$ hexdump -C asm2
00000000 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 03 00 01 00 00 00 54 80 04 08 34 00 00 00 |........T...4...|
00000020 00 00 00 00 00 00 00 00 34 00 20 00 01 00 00 00 |........4. .....|
00000030 00 00 00 00 01 00 00 00 00 00 00 00 00 80 04 08 |................|
00000040 00 80 04 08 5b 00 00 00 5b 00 00 00 05 00 00 00 |....[...[.......|
00000050 00 10 00 00 b3 2a 31 c0 40 cd 80 |.....*1.@..|
你可以执行这个elf:
$ ./asm2
$ echo $?
42
4. 这个elf,
file工具认为它缺少section header, objdump, nm 也导不出东西。但readelf 可以导出它的头信息
$file asm2
asm2: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, corrupted section header size
$ objdump -d asm2
asm2: file format elf32-i386
nspiron:~/MyTest/test$ nm -D asm2
nm: asm2: no symbols
$ readelf -a asm2
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x8048054
Start of program headers: 52 (bytes into file)
Start of section headers: 0 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 1
Size of section headers: 0 (bytes)
Number of section headers: 0
Section header string table index: 0
There are no sections in this file.
There are no sections to group in this file.
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x08048000 0x08048000 0x0005b 0x0005b R E 0x1000
There is no dynamic section in this file.
There are no relocations in this file.
The decoding of unwind sections for machine type Intel 80386 is not currently supported.
Dynamic symbol information is not available for displaying symbols.
No version information found in this file.
这篇就作为elf 的开始篇
cat asm2.s BITS 32 org 0x08048000 ehdr: ; Elf32_Ehdr db 0x7F, "ELF", 1, 1, 1, 0 ; e_ident times 8 db 0 dw 2 ; e_type dw 3 ; e_machine dd 1 ; e_version dd _start ; e_entry dd phdr - $$ ; e_phoff dd 0 ; e_shoff dd 0 ; e_flags dw ehdrsize ; e_ehsize dw phdrsize ; e_phentsize dw 1 ; e_phnum dw 0 ; e_shentsize dw 0 ; e_shnum dw 0 ; e_shstrndx ehdrsize equ $ - ehdr phdr: ; Elf32_Phdr dd 1 ; p_type dd 0 ; p_offset dd $$ ; p_vaddr dd $$ ; p_paddr dd filesize ; p_filesz dd filesize ; p_memsz dd 5 ; p_flags dd 0x1000 ; p_align phdrsize equ $ - phdr _start: ; your program here mov bl, 42 ; return value B3 2A xor eax, eax ; __NR_EXIT 31 C0 inc eax ; 40 int 0x80 ; CD 80 filesize equ $ - $$
2. 编译生成elf 文件
nasm -f bin -o asm2 asm2.s
chmod +x asm2
3. 这个elf 简短,只有91个字节,
$ hexdump -C asm2
00000000 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 03 00 01 00 00 00 54 80 04 08 34 00 00 00 |........T...4...|
00000020 00 00 00 00 00 00 00 00 34 00 20 00 01 00 00 00 |........4. .....|
00000030 00 00 00 00 01 00 00 00 00 00 00 00 00 80 04 08 |................|
00000040 00 80 04 08 5b 00 00 00 5b 00 00 00 05 00 00 00 |....[...[.......|
00000050 00 10 00 00 b3 2a 31 c0 40 cd 80 |.....*1.@..|
你可以执行这个elf:
$ ./asm2
$ echo $?
42
4. 这个elf,
file工具认为它缺少section header, objdump, nm 也导不出东西。但readelf 可以导出它的头信息
$file asm2
asm2: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, corrupted section header size
$ objdump -d asm2
asm2: file format elf32-i386
nspiron:~/MyTest/test$ nm -D asm2
nm: asm2: no symbols
$ readelf -a asm2
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x8048054
Start of program headers: 52 (bytes into file)
Start of section headers: 0 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 1
Size of section headers: 0 (bytes)
Number of section headers: 0
Section header string table index: 0
There are no sections in this file.
There are no sections to group in this file.
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x08048000 0x08048000 0x0005b 0x0005b R E 0x1000
There is no dynamic section in this file.
There are no relocations in this file.
The decoding of unwind sections for machine type Intel 80386 is not currently supported.
Dynamic symbol information is not available for displaying symbols.
No version information found in this file.
这篇就作为elf 的开始篇
0 0
- 最简单的elf文件分析
- ecos最简单的helloword程序的elf格式文件内容分析!
- ELF文件病毒的分析和编写
- linux下的ELF文件分析
- ELF文件病毒的分析和编写
- 分析elf文件的利器(常用命令)
- 分析elf文件的利器(常用命令)
- 分析elf文件的利器(常用命令)
- elf文件分析
- ELF文件加载分析
- ELF文件实例分析
- uboot2 --elf文件分析
- ELF文件分析
- ELF文件头分析
- ELF文件分析
- arm elf文件格式简单分析
- arm elf文件格式简单分析
- ELF 文件数据分析: 全局变量
- Ubuntu安装Mongodb
- 从零开始学习OpenGL——简单绘图
- springboot 如何发布到外部的web服务器上
- 多线程的一些题目总结
- 基于C#的MongoDB数据库开发应用(3)--MongoDB数据库的C#开发之异步接口
- 最简单的elf文件分析
- codeforces#347div2 C. Alice and Bob
- 算法学习笔记之滑动平均滤波算法
- Android发布APK详解
- [Android] Android Studio开发NDK笔记
- C#中&与&&的区别
- xargs小结
- 为什么要使用SLF4J而不是Log4J
- JVM学习笔记(一)——本地方法栈及native方法
