ELF文件分析
文章目录
- 前言
- ELF header
- Program header
- segment
- 第一个segment
- 第二个segment
- Section和Segment的区别和联系
- segment
- Section Header
- 寻找symtab section
前言
实例分析ELF文件
#include <stdio.h>
int main()
{
printf("Hello World!\n");
return 0;
}ELF header
# readelf -h hello
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x400440
Start of program headers: 64 (bytes into file)
Start of section headers: 6480 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 9
Size of section headers: 64 (bytes)
Number of section headers: 30
Section header string table index: 29起始地址查看64字节 = ELF头
# hexdump -n 64 -C hello
00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 3e 00 01 00 00 00 40 04 40 00 00 00 00 00 |..>.....@.@.....|
00000020 40 00 00 00 00 00 00 00 50 19 00 00 00 00 00 00 |@.......P.......|
00000030 00 00 00 00 40 00 38 00 09 00 40 00 1e 00 1d 00 |....@.8...@.....|
e_ident : 十六个字节,可通过这个字段对ELF文件进行识别,其中包括五个部分:
第一部分:占四个字节。7f 45 4c 46,对应ASCII码.ELF,表示这是一个ELF对象。 第二部分:占一个字节。02表示是一个64位对象。 第三部分:占一个字节。01表示是小端表示法。 第四部分:占一个字节。01表示文件头版本。 其余默认为0。
e_type:两个字节,02 00表示是一个可执行文件(ET_EXEC)。 e_machine:两个字节,3e 00表示是intel80386处理器体系结构。 e_version:四个字节,01 00 00 00表示是当前版本。 e_entry:八个字节,40 04 40 00 00 00 00 00表示当前程序入口点。 e_phoff:八个字节,40 00 00 00 00 00 00 00表示程序头表的偏移地址在 00 00 00 00 00 00 00 40处(这个地址是相对于本示例中的elf文件hellowrold来说,即程序表头在helloworld文件的0x40处,前面的0x40用来存放Elf64_Ehdr结构体信息)。 e_shoff:八个字节,50 19 00 00 00 00 00 00表示段表的偏移地址在 00 00 00 00 00 00 19 50处。 e_flags:四个字节,00 00 00 00表示未知处理器特定标志#define EF_SH_UNKNOWN 0x0。 e_ehsize:两个字节,40 00表示elf文件头大小为00 40(64个字节)。 e_phentsize:两个字节,38 00表示重定位文件每个程序头表大小为00 38(56字节,从上面的e_phoff这个字段可以看出,程序表头是在elf文件头的后面)。 e_phnum:两个字节,09 00表示重定位文件程序头表的个数为00 09(即9个程序表头,每个程序表头56字节)。 e_ehentsize:两个字节,40 00 表示段头大小为00 40(64字节),section header table中每个header的大小。 e_shnum:两个字节,1e 00表示段表入口有30个,即段表有30段。 e_shstrndx:两个字节,1b 00 表示段表字符串在段表中的索引号,.shstrab段的段表索引号为00 1b,即27。
Program header
程序头表告诉系统如何创建进程image。 它位于文件偏移e_phoff处,由e_phnum条目组成,每个条目的大小为e_phentsize。
segment
上图看到segment有九个,每个大小为0x38=56字节。共56 x 9 = 504 字节。
起始偏移地址为64
偏移64字节 查看504字节 = Program Header
# hexdump -s 64 -n 504 -C hello
00000040 06 00 00 00 05 00 00 00 40 00 00 00 00 00 00 00 |........@.......|
00000050 40 00 40 00 00 00 00 00 40 00 40 00 00 00 00 00 |@.@.....@.@.....|
00000060 f8 01 00 00 00 00 00 00 f8 01 00 00 00 00 00 00 |................|
00000070 08 00 00 00 00 00 00 00 03 00 00 00 04 00 00 00 |................|
00000080 38 02 00 00 00 00 00 00 38 02 40 00 00 00 00 00 |8.......8.@.....|
00000090 38 02 40 00 00 00 00 00 1c 00 00 00 00 00 00 00 |8.@.............|
000000a0 1c 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
000000b0 01 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 |................|
000000c0 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 |..@.......@.....|
000000d0 1c 07 00 00 00 00 00 00 1c 07 00 00 00 00 00 00 |................|
000000e0 00 00 20 00 00 00 00 00 01 00 00 00 06 00 00 00 |.. .............|
000000f0 10 0e 00 00 00 00 00 00 10 0e 60 00 00 00 00 00 |..........`.....|
00000100 10 0e 60 00 00 00 00 00 24 02 00 00 00 00 00 00 |..`.....$.......|
00000110 28 02 00 00 00 00 00 00 00 00 20 00 00 00 00 00 |(......... .....|
00000120 02 00 00 00 06 00 00 00 28 0e 00 00 00 00 00 00 |........(.......|
00000130 28 0e 60 00 00 00 00 00 28 0e 60 00 00 00 00 00 |(.`.....(.`.....|
00000140 d0 01 00 00 00 00 00 00 d0 01 00 00 00 00 00 00 |................|
00000150 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00 |................|
00000160 54 02 00 00 00 00 00 00 54 02 40 00 00 00 00 00 |T.......T.@.....|
00000170 54 02 40 00 00 00 00 00 44 00 00 00 00 00 00 00 |T.@.....D.......|
00000180 44 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |D...............|
00000190 50 e5 74 64 04 00 00 00 f0 05 00 00 00 00 00 00 |P.td............|
000001a0 f0 05 40 00 00 00 00 00 f0 05 40 00 00 00 00 00 |..@.......@.....|
000001b0 34 00 00 00 00 00 00 00 34 00 00 00 00 00 00 00 |4.......4.......|
000001c0 04 00 00 00 00 00 00 00 51 e5 74 64 06 00 00 00 |........Q.td....|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001f0 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 |................|
00000200 52 e5 74 64 04 00 00 00 10 0e 00 00 00 00 00 00 |R.td............|
00000210 10 0e 60 00 00 00 00 00 10 0e 60 00 00 00 00 00 |..`.......`.....|
00000220 f0 01 00 00 00 00 00 00 f0 01 00 00 00 00 00 00 |................|
00000230 01 00 00 00 00 00 00 00 |........|
00000238第一个segment
segment containing program header table itself
对应
第二个segment
Section和Segment的区别和联系
可执行文件中,一个program header描述的内容称为一个段(segment)。
Segment包含一个或者多个section,我们以我们这个例子为例,看一下section与segment的映射关系
# readelf -l hello
Elf file type is EXEC (Executable file)
Entry point 0x400440
There are 9 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040
0x00000000000001f8 0x00000000000001f8 R E 8
INTERP 0x0000000000000238 0x0000000000400238 0x0000000000400238
0x000000000000001c 0x000000000000001c R 1
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
0x000000000000071c 0x000000000000071c R E 200000
LOAD 0x0000000000000e10 0x0000000000600e10 0x0000000000600e10
0x0000000000000224 0x0000000000000228 RW 200000
DYNAMIC 0x0000000000000e28 0x0000000000600e28 0x0000000000600e28
0x00000000000001d0 0x00000000000001d0 RW 8
NOTE 0x0000000000000254 0x0000000000400254 0x0000000000400254
0x0000000000000044 0x0000000000000044 R 4
GNU_EH_FRAME 0x00000000000005f0 0x00000000004005f0 0x00000000004005f0
0x0000000000000034 0x0000000000000034 R 4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 10
GNU_RELRO 0x0000000000000e10 0x0000000000600e10 0x0000000000600e10
0x00000000000001f0 0x00000000000001f0 R 1
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
03 .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss
04 .dynamic
05 .note.ABI-tag .note.gnu.build-id
06 .eh_frame_hdr
07
08 .init_array .fini_array .jcr .dynamic .gotSection Header
section表偏移地址:00 00 00 00 00 00 19 50
段表长度由e_ehentsize为00 40(64字节) 段表个数由e_shnum可知有30个
读取所有section:
上图中可以看到,text section索引序号为13,我们的段表的起始偏移地址为0x1950,每个段长度为0x40,其前面有13个段,所以我们text section的起始地址应该是0x1950 + (0x40*0x0d) = 0x1c90
sh_name:四个字节,94 00 00 00表示该段名称在.shstrtab中偏移量,验证确实是.text
readelf -x .shstrtab hello
继续看section的内容:
按照上述值,在文件偏移0x0440处,长度为0x0182的数据存放具体的.text section内容:
# hexdump -s 0x0440 -n 0x0182 -C hello
00000440 31 ed 49 89 d1 5e 48 89 e2 48 83 e4 f0 50 54 49 |1.I..^H..H...PTI|
00000450 c7 c0 c0 05 40 00 48 c7 c1 50 05 40 00 48 c7 c7 |....@.H..P.@.H..|
00000460 2d 05 40 00 e8 b7 ff ff ff f4 66 0f 1f 44 00 00 |-.@.......f..D..|
00000470 b8 3f 10 60 00 55 48 2d 38 10 60 00 48 83 f8 0e |.?.`.UH-8.`.H...|
00000480 48 89 e5 77 02 5d c3 b8 00 00 00 00 48 85 c0 74 |H..w.]......H..t|
00000490 f4 5d bf 38 10 60 00 ff e0 0f 1f 80 00 00 00 00 |.].8.`..........|
000004a0 b8 38 10 60 00 55 48 2d 38 10 60 00 48 c1 f8 03 |.8.`.UH-8.`.H...|
000004b0 48 89 e5 48 89 c2 48 c1 ea 3f 48 01 d0 48 d1 f8 |H..H..H..?H..H..|
000004c0 75 02 5d c3 ba 00 00 00 00 48 85 d2 74 f4 5d 48 |u.]......H..t.]H|
000004d0 89 c6 bf 38 10 60 00 ff e2 0f 1f 80 00 00 00 00 |...8.`..........|
000004e0 80 3d 4d 0b 20 00 00 75 11 55 48 89 e5 e8 7e ff |.=M. ..u.UH...~.|
000004f0 ff ff 5d c6 05 3a 0b 20 00 01 f3 c3 0f 1f 40 00 |..]..:. ......@.|
00000500 48 83 3d 18 09 20 00 00 74 1e b8 00 00 00 00 48 |H.=.. ..t......H|
00000510 85 c0 74 14 55 bf 20 0e 60 00 48 89 e5 ff d0 5d |..t.U. .`.H....]|
00000520 e9 7b ff ff ff 0f 1f 00 e9 73 ff ff ff 55 48 89 |.{.......s...UH.|
00000530 e5 bf e0 05 40 00 e8 d5 fe ff ff b8 00 00 00 00 |....@...........|
00000540 5d c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 |].f...........@.|
00000550 41 57 41 89 ff 41 56 49 89 f6 41 55 49 89 d5 41 |AWA..AVI..AUI..A|
00000560 54 4c 8d 25 a8 08 20 00 55 48 8d 2d a8 08 20 00 |TL.%.. .UH.-.. .|
00000570 53 4c 29 e5 31 db 48 c1 fd 03 48 83 ec 08 e8 5d |SL).1.H...H....]|
00000580 fe ff ff 48 85 ed 74 1e 0f 1f 84 00 00 00 00 00 |...H..t.........|
00000590 4c 89 ea 4c 89 f6 44 89 ff 41 ff 14 dc 48 83 c3 |L..L..D..A...H..|
000005a0 01 48 39 eb 75 ea 48 83 c4 08 5b 5d 41 5c 41 5d |.H9.u.H...[]A\A]|
000005b0 41 5e 41 5f c3 90 66 2e 0f 1f 84 00 00 00 00 00 |A^A_..f.........|
000005c0 f3 c3 |..|
000005c2用工具读取:
# readelf -x .text hello
Hex dump of section '.text':
0x00400440 31ed4989 d15e4889 e24883e4 f0505449 1.I..^H..H...PTI
0x00400450 c7c0c005 400048c7 c1500540 0048c7c7 ....@.H..P.@.H..
0x00400460 2d054000 e8b7ffff fff4660f 1f440000 -.@.......f..D..
0x00400470 b83f1060 0055482d 38106000 4883f80e .?.`.UH-8.`.H...
0x00400480 4889e577 025dc3b8 00000000 4885c074 H..w.]......H..t
0x00400490 f45dbf38 106000ff e00f1f80 00000000 .].8.`..........
0x004004a0 b8381060 0055482d 38106000 48c1f803 .8.`.UH-8.`.H...
0x004004b0 4889e548 89c248c1 ea3f4801 d048d1f8 H..H..H..?H..H..
0x004004c0 75025dc3 ba000000 004885d2 74f45d48 u.]......H..t.]H
0x004004d0 89c6bf38 106000ff e20f1f80 00000000 ...8.`..........
0x004004e0 803d4d0b 20000075 11554889 e5e87eff .=M. ..u.UH...~.
0x004004f0 ffff5dc6 053a0b20 0001f3c3 0f1f4000 ..]..:. ......@.
0x00400500 48833d18 09200000 741eb800 00000048 H.=.. ..t......H
0x00400510 85c07414 55bf200e 60004889 e5ffd05d ..t.U. .`.H....]
0x00400520 e97bffff ff0f1f00 e973ffff ff554889 .{.......s...UH.
0x00400530 e5bfe005 4000e8d5 feffffb8 00000000 ....@...........
0x00400540 5dc3662e 0f1f8400 00000000 0f1f4000 ].f...........@.
0x00400550 41574189 ff415649 89f64155 4989d541 AWA..AVI..AUI..A
0x00400560 544c8d25 a8082000 55488d2d a8082000 TL.%.. .UH.-.. .
0x00400570 534c29e5 31db48c1 fd034883 ec08e85d SL).1.H...H....]
0x00400580 feffff48 85ed741e 0f1f8400 00000000 ...H..t.........
0x00400590 4c89ea4c 89f64489 ff41ff14 dc4883c3 L..L..D..A...H..
0x004005a0 014839eb 75ea4883 c4085b5d 415c415d .H9.u.H...[]A\A]
0x004005b0 415e415f c390662e 0f1f8400 00000000 A^A_..f.........
0x004005c0 f3c3结果是一致的
寻找symtab section
这里我比较关心的是符号表的位置,首先看一下Symbol table的定义:
sh_type = 0x2 : SHT_SYMTAB Symbol table sh_type = 0x12 : SHT_SYMTAB_SHNDX Extended section indices
上述分析可知:
上图中可以看到,我们的段表的起始偏移地址为0x1950,每个段长度为0x40。
30个section的起始地址应该是
0x1950 + (0x40*0x00)
0x1950 + (0x40*0x01)
0x1950 + (0x40*0x02)
0x1950 + (0x40*0x03)
0x1950 + (0x40*0x04)
0x1950 + (0x40*0x05)
0x1950 + (0x40*0x06)
0x1950 + (0x40*0x07)
0x1950 + (0x40*0x08)
0x1950 + (0x40*0x09)
0x1950 + (0x40*0x0a)
0x1950 + (0x40*0x0b)
0x1950 + (0x40*0x0c)
0x1950 + (0x40*0x0d)
0x1950 + (0x40*0x0e)
0x1950 + (0x40*0x0f)
0x1950 + (0x40*0x10)
0x1950 + (0x40*0x11)
0x1950 + (0x40*0x12)
0x1950 + (0x40*0x13)
0x1950 + (0x40*0x14)
0x1950 + (0x40*0x15)
0x1950 + (0x40*0x16)
0x1950 + (0x40*0x17)
0x1950 + (0x40*0x18)
0x1950 + (0x40*0x19)
0x1950 + (0x40*0x1a)
0x1950 + (0x40*0x1b)
0x1950 + (0x40*0x1c)
0x1950 + (0x40*0x1d)我只想看到sh_type在偏移4个字节:
0x1950 + (0x40*0x00) + 0x04
0x1950 + (0x40*0x01) + 0x04
0x1950 + (0x40*0x02) + 0x04
0x1950 + (0x40*0x03) + 0x04
0x1950 + (0x40*0x04) + 0x04
0x1950 + (0x40*0x05) + 0x04
0x1950 + (0x40*0x06) + 0x04
0x1950 + (0x40*0x07) + 0x04
0x1950 + (0x40*0x08) + 0x04
0x1950 + (0x40*0x09) + 0x04
0x1950 + (0x40*0x0a) + 0x04
0x1950 + (0x40*0x0b) + 0x04
0x1950 + (0x40*0x0c) + 0x04
0x1950 + (0x40*0x0d) + 0x04
0x1950 + (0x40*0x0e) + 0x04
0x1950 + (0x40*0x0f) + 0x04
0x1950 + (0x40*0x10) + 0x04
0x1950 + (0x40*0x11) + 0x04
0x1950 + (0x40*0x12) + 0x04
0x1950 + (0x40*0x13) + 0x04
0x1950 + (0x40*0x14) + 0x04
0x1950 + (0x40*0x15) + 0x04
0x1950 + (0x40*0x16) + 0x04
0x1950 + (0x40*0x17) + 0x04
0x1950 + (0x40*0x18) + 0x04
0x1950 + (0x40*0x19) + 0x04
0x1950 + (0x40*0x1a) + 0x04
0x1950 + (0x40*0x1b) + 0x04
0x1950 + (0x40*0x1c) + 0x04
0x1950 + (0x40*0x1d) + 0x04下面看一下每个段的类型:
hexdump -s 0x1954 -n 0x4 -C hello
hexdump -s 0x1994 -n 0x4 -C hello
hexdump -s 0x19d4 -n 0x4 -C hello
hexdump -s 0x1a14 -n 0x4 -C hello
hexdump -s 0x1a54 -n 0x4 -C hello
hexdump -s 0x1a94 -n 0x4 -C hello
hexdump -s 0x1ad4 -n 0x4 -C hello
hexdump -s 0x1b14 -n 0x4 -C hello
hexdump -s 0x1b54 -n 0x4 -C hello
hexdump -s 0x1b94 -n 0x4 -C hello
hexdump -s 0x1bd4 -n 0x4 -C hello
hexdump -s 0x1c14 -n 0x4 -C hello
hexdump -s 0x1c54 -n 0x4 -C hello
hexdump -s 0x1c94 -n 0x4 -C hello
hexdump -s 0x1cd4 -n 0x4 -C hello
hexdump -s 0x1d14 -n 0x4 -C hello
hexdump -s 0x1d54 -n 0x4 -C hello
hexdump -s 0x1d94 -n 0x4 -C hello
hexdump -s 0x1dd4 -n 0x4 -C hello
hexdump -s 0x1e14 -n 0x4 -C hello
hexdump -s 0x1e54 -n 0x4 -C hello
hexdump -s 0x1e94 -n 0x4 -C hello
hexdump -s 0x1ed4 -n 0x4 -C hello
hexdump -s 0x1f14 -n 0x4 -C hello
hexdump -s 0x1f54 -n 0x4 -C hello
hexdump -s 0x1f94 -n 0x4 -C hello
hexdump -s 0x1fd4 -n 0x4 -C hello
hexdump -s 0x2014 -n 0x4 -C hello
hexdump -s 0x2054 -n 0x4 -C hello
hexdump -s 0x2094 -n 0x4 -C hello输出结果
00001954 00 00 00 00 |....|
00001958
00001994 01 00 00 00 |....|
00001998
000019d4 07 00 00 00 |....|
000019d8
00001a14 07 00 00 00 |....|
00001a18
00001a54 f6 ff ff 6f |...o|
00001a58
00001a94 0b 00 00 00 |....|
00001a98
00001ad4 03 00 00 00 |....|
00001ad8
00001b14 ff ff ff 6f |...o|
00001b18
00001b54 fe ff ff 6f |...o|
00001b58
00001b94 04 00 00 00 |....|
00001b98
00001bd4 04 00 00 00 |....|
00001bd8
00001c14 01 00 00 00 |....|
00001c18
00001c54 01 00 00 00 |....|
00001c58
00001c94 01 00 00 00 |....|
00001c98
00001cd4 01 00 00 00 |....|
00001cd8
00001d14 01 00 00 00 |....|
00001d18
00001d54 01 00 00 00 |....|
00001d58
00001d94 01 00 00 00 |....|
00001d98
00001dd4 0e 00 00 00 |....|
00001dd8
00001e14 0f 00 00 00 |....|
00001e18
00001e54 01 00 00 00 |....|
00001e58
00001e94 06 00 00 00 |....|
00001e98
00001ed4 01 00 00 00 |....|
00001ed8
00001f14 01 00 00 00 |....|
00001f18
00001f54 01 00 00 00 |....|
00001f58
00001f94 08 00 00 00 |....|
00001f98
00001fd4 01 00 00 00 |....|
00001fd8
00002014 02 00 00 00 |....|
00002018
00002054 03 00 00 00 |....|
00002058
00002094 03 00 00 00 |....|
00002098与readelf -S hello结果一致,第27个section是符号表:
工具读取 readelf -x .symtab hello
Hex dump of section '.symtab':
0x00000000 00000000 00000000 00000000 00000000 ................
0x00000010 00000000 00000000 00000000 03000100 ................
0x00000020 38024000 00000000 00000000 00000000 8.@.............
0x00000030 00000000 03000200 54024000 00000000 ........T.@.....
0x00000040 00000000 00000000 00000000 03000300 ................
0x00000050 74024000 00000000 00000000 00000000 t.@.............
0x00000060 00000000 03000400 98024000 00000000 ..........@.....
0x00000070 00000000 00000000 00000000 03000500 ................
0x00000080 b8024000 00000000 00000000 00000000 ..@.............
0x00000090 00000000 03000600 18034000 00000000 ..........@.....
0x000000a0 00000000 00000000 00000000 03000700 ................
0x000000b0 56034000 00000000 00000000 00000000 V.@.............
0x000000c0 00000000 03000800 60034000 00000000 ........`.@.....
0x000000d0 00000000 00000000 00000000 03000900 ................
0x000000e0 80034000 00000000 00000000 00000000 ..@.............
0x000000f0 00000000 03000a00 98034000 00000000 ..........@.....
0x00000100 00000000 00000000 00000000 03000b00 ................
0x00000110 e0034000 00000000 00000000 00000000 ..@.............
0x00000120 00000000 03000c00 00044000 00000000 ..........@.....
0x00000130 00000000 00000000 00000000 03000d00 ................
0x00000140 40044000 00000000 00000000 00000000 @.@.............
0x00000150 00000000 03000e00 c4054000 00000000 ..........@.....
0x00000160 00000000 00000000 00000000 03000f00 ................
0x00000170 d0054000 00000000 00000000 00000000 ..@.............
0x00000180 00000000 03001000 f0054000 00000000 ..........@.....
0x00000190 00000000 00000000 00000000 03001100 ................
0x000001a0 28064000 00000000 00000000 00000000 (.@.............
0x000001b0 00000000 03001200 100e6000 00000000 ..........`.....
0x000001c0 00000000 00000000 00000000 03001300 ................
0x000001d0 180e6000 00000000 00000000 00000000 ..`.............
0x000001e0 00000000 03001400 200e6000 00000000 ........ .`.....
0x000001f0 00000000 00000000 00000000 03001500 ................
0x00000200 280e6000 00000000 00000000 00000000 (.`.............
0x00000210 00000000 03001600 f80f6000 00000000 ..........`.....
0x00000220 00000000 00000000 00000000 03001700 ................
0x00000230 00106000 00000000 00000000 00000000 ..`.............
0x00000240 00000000 03001800 30106000 00000000 ........0.`.....
0x00000250 00000000 00000000 00000000 03001900 ................
0x00000260 34106000 00000000 00000000 00000000 4.`.............
0x00000270 00000000 03001a00 00000000 00000000 ................
0x00000280 00000000 00000000 01000000 0400f1ff ................
0x00000290 00000000 00000000 00000000 00000000 ................
0x000002a0 0c000000 01001400 200e6000 00000000 ........ .`.....
0x000002b0 00000000 00000000 19000000 02000d00 ................
0x000002c0 70044000 00000000 00000000 00000000 p.@.............
0x000002d0 1b000000 02000d00 a0044000 00000000 ..........@.....
0x000002e0 00000000 00000000 2e000000 02000d00 ................
0x000002f0 e0044000 00000000 00000000 00000000 ..@.............
0x00000300 44000000 01001900 34106000 00000000 D.......4.`.....
0x00000310 01000000 00000000 53000000 01001300 ........S.......
0x00000320 180e6000 00000000 00000000 00000000 ..`.............
0x00000330 7a000000 02000d00 00054000 00000000 z.........@.....
0x00000340 00000000 00000000 86000000 01001200 ................
0x00000350 100e6000 00000000 00000000 00000000 ..`.............
0x00000360 a5000000 0400f1ff 00000000 00000000 ................
0x00000370 00000000 00000000 01000000 0400f1ff ................
0x00000380 00000000 00000000 00000000 00000000 ................
0x00000390 ad000000 01001100 18074000 00000000 ..........@.....
0x000003a0 00000000 00000000 bb000000 01001400 ................
0x000003b0 200e6000 00000000 00000000 00000000 .`.............
0x000003c0 00000000 0400f1ff 00000000 00000000 ................
0x000003d0 00000000 00000000 c7000000 00001200 ................
0x000003e0 180e6000 00000000 00000000 00000000 ..`.............
0x000003f0 d8000000 01001500 280e6000 00000000 ........(.`.....
0x00000400 00000000 00000000 e1000000 00001200 ................
0x00000410 100e6000 00000000 00000000 00000000 ..`.............
0x00000420 f4000000 00001000 f0054000 00000000 ..........@.....
0x00000430 00000000 00000000 07010000 01001700 ................
0x00000440 00106000 00000000 00000000 00000000 ..`.............
0x00000450 1d010000 12000d00 c0054000 00000000 ..........@.....
0x00000460 02000000 00000000 67010000 20001800 ........g... ...
0x00000470 30106000 00000000 00000000 00000000 0.`.............
0x00000480 2d010000 12000000 00000000 00000000 -...............
0x00000490 00000000 00000000 3f010000 10001800 ........?.......
0x000004a0 34106000 00000000 00000000 00000000 4.`.............
0x000004b0 27010000 12000e00 c4054000 00000000 '.........@.....
0x000004c0 00000000 00000000 46010000 12000000 ........F.......
0x000004d0 00000000 00000000 00000000 00000000 ................
0x000004e0 65010000 10001800 30106000 00000000 e.......0.`.....
0x000004f0 00000000 00000000 72010000 20000000 ........r... ...
0x00000500 00000000 00000000 00000000 00000000 ................
0x00000510 81010000 11020f00 d8054000 00000000 ..........@.....
0x00000520 00000000 00000000 8e010000 11000f00 ................
0x00000530 d0054000 00000000 04000000 00000000 ..@.............
0x00000540 9d010000 12000d00 50054000 00000000 ........P.@.....
0x00000550 65000000 00000000 d3000000 10001900 e...............
0x00000560 38106000 00000000 00000000 00000000 8.`.............
0x00000570 6b010000 12000d00 40044000 00000000 k.......@.@.....
0x00000580 00000000 00000000 ad010000 10001900 ................
0x00000590 34106000 00000000 00000000 00000000 4.`.............
0x000005a0 b9010000 12000d00 2d054000 00000000 ........-.@.....
0x000005b0 15000000 00000000 be010000 11021800 ................
0x000005c0 38106000 00000000 00000000 00000000 8.`.............
0x000005d0 a7010000 12000b00 e0034000 00000000 ..........@.....
0x000005e0 00000000 00000000 ........定义
typedef struct {
Elf32_Word st_name;
Elf32_Addr st_value;
Elf32_Word st_size;
unsigned char st_info;
unsigned char st_other;
Elf32_Half st_shndx;
} Elf32_Sym;
typedef struct {
Elf64_Word st_name;
unsigned char st_info;
unsigned char st_other;
Elf64_Half st_shndx;
Elf64_Addr st_value;
Elf64_Xword st_size;
} Elf64_Sym;本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2020-12-28,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
腾讯云开发者
