readelf命令是Linux下的分析ELF文件的命令,这个命令在分析ELF文件格式时非常有用,下面以ELF格式可执行文件test为例详细介绍:
readelf -h a.out
显示a.out的ELF Header的文件头信息。
1 [root@robot ~]# vim main.c 2 [root@robot ~]# gcc main.c 3 [root@robot ~]# readelf -h a.out 4 ELF Header: 5 Magic: 7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00 6 Class: ELF32 7 Data: 2's complement, little endian // 可以看到是小端的程序 8 Version: 1 (current) 9 OS/ABI: UNIX - Linux 10 ABI Version: 0 11 Type: EXEC (Executable file) 12 Machine: Intel 80386 13 Version: 0x1 14 Entry point address: 0x8048300 // 载入的地址 15 Start of program headers: 52 (bytes into file) 16 Start of section headers: 1936 (bytes into file) 17 Flags: 0x0 18 Size of this header: 52 (bytes) 19 Size of program headers: 32 (bytes) 20 Number of program headers: 8 21 Size of section headers: 40 (bytes) 22 Number of section headers: 30 23 Section header string table index: 27 24 [root@robot ~]#
readelf -l a.out
显示a.out的Program Header Table中的每个Prgram Header Entry的信息(如果有)
查看文件的程序头表信息
1 [root@robot ~]# readelf -l a.out 2 3 Elf file type is EXEC (Executable file) 4 Entry point 0x8048300 5 There are 8 program headers, starting at offset 52 6 7 Program Headers: 8 Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align 9 PHDR 0x000034 0x08048034 0x08048034 0x00100 0x00100 R E 0x4 10 INTERP 0x000134 0x08048134 0x08048134 0x00013 0x00013 R 0x1 11 [Requesting program interpreter: /lib/ld-linux.so.2] 12 LOAD 0x000000 0x08048000 0x08048000 0x0053c 0x0053c R E 0x1000 13 LOAD 0x00053c 0x0804953c 0x0804953c 0x000fc 0x00104 RW 0x1000 14 DYNAMIC 0x000550 0x08049550 0x08049550 0x000c8 0x000c8 RW 0x4 15 NOTE 0x000148 0x08048148 0x08048148 0x00044 0x00044 R 0x4 16 GNU_EH_FRAME 0x00049c 0x0804849c 0x0804849c 0x00024 0x00024 R 0x4 17 GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4 18 19 Section to Segment mapping: 20 Segment Sections... 21 00 22 01 .interp 23 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 24 03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss 25 04 .dynamic 26 05 .note.ABI-tag .note.gnu.build-id 27 06 .eh_frame_hdr 28 07 29 [root@robot ~]#
readelf -S a.out
显示a.out的Section Header Table中的每个Section Header Entry的信息(如果有)
显示文件的节信息
1 [root@robot ~]# readelf -S a.out 2 There are 30 section headers, starting at offset 0x790: 3 4 Section Headers: 5 [Nr] Name Type Addr Off Size ES Flg Lk Inf Al 6 [ 0] NULL 00000000 000000 000000 00 0 0 0 7 [ 1] .interp PROGBITS 08048134 000134 000013 00 A 0 0 1 8 [ 2] .note.ABI-tag NOTE 08048148 000148 000020 00 A 0 0 4 9 [ 3] .note.gnu.build-i NOTE 08048168 000168 000024 00 A 0 0 4 10 [ 4] .gnu.hash GNU_HASH 0804818c 00018c 000020 04 A 5 0 4 11 [ 5] .dynsym DYNSYM 080481ac 0001ac 000050 10 A 6 1 4 12 [ 6] .dynstr STRTAB 080481fc 0001fc 00004a 00 A 0 0 1 13 [ 7] .gnu.version VERSYM 08048246 000246 00000a 02 A 5 0 2 14 [ 8] .gnu.version_r VERNEED 08048250 000250 000020 00 A 6 1 4 15 [ 9] .rel.dyn REL 08048270 000270 000008 08 A 5 0 4 16 [10] .rel.plt REL 08048278 000278 000018 08 A 5 12 4 17 [11] .init PROGBITS 08048290 000290 000030 00 AX 0 0 4 18 [12] .plt PROGBITS 080482c0 0002c0 000040 04 AX 0 0 4 19 [13] .text PROGBITS 08048300 000300 00016c 00 AX 0 0 16 20 [14] .fini PROGBITS 0804846c 00046c 00001c 00 AX 0 0 4 21 [15] .rodata PROGBITS 08048488 000488 000013 00 A 0 0 4 22 [16] .eh_frame_hdr PROGBITS 0804849c 00049c 000024 00 A 0 0 4 23 [17] .eh_frame PROGBITS 080484c0 0004c0 00007c 00 A 0 0 4 24 [18] .ctors PROGBITS 0804953c 00053c 000008 00 WA 0 0 4 25 [19] .dtors PROGBITS 08049544 000544 000008 00 WA 0 0 4 26 [20] .jcr PROGBITS 0804954c 00054c 000004 00 WA 0 0 4 27 [21] .dynamic DYNAMIC 08049550 000550 0000c8 08 WA 6 0 4 28 [22] .got PROGBITS 08049618 000618 000004 04 WA 0 0 4 29 [23] .got.plt PROGBITS 0804961c 00061c 000018 04 WA 0 0 4 30 [24] .data PROGBITS 08049634 000634 000004 00 WA 0 0 4 31 [25] .bss NOBITS 08049638 000638 000008 00 WA 0 0 4 32 [26] .comment PROGBITS 00000000 000638 000059 01 MS 0 0 1 33 [27] .shstrtab STRTAB 00000000 000691 0000fc 00 0 0 1 34 [28] .symtab SYMTAB 00000000 000c40 000410 10 29 45 4 35 [29] .strtab STRTAB 00000000 001050 0001fa 00 0 0 1 36 Key to Flags: 37 W (write), A (alloc), X (execute), M (merge), S (strings) 38 I (info), L (link order), G (group), x (unknown) 39 O (extra OS processing required) o (OS specific), p (processor specific) 40 [root@robot ~]#
readelf -d a.out
显示a.out中的Dynamic Section的信息(如果有)
1 [root@robot ~]# readelf -d a.out 2 3 Dynamic section at offset 0x550 contains 20 entries: 4 Tag Type Name/Value 5 0x00000001 (NEEDED) Shared library: [libc.so.6] 6 0x0000000c (INIT) 0x8048290 7 0x0000000d (FINI) 0x804846c 8 0x6ffffef5 (GNU_HASH) 0x804818c 9 0x00000005 (STRTAB) 0x80481fc 10 0x00000006 (SYMTAB) 0x80481ac 11 0x0000000a (STRSZ) 74 (bytes) 12 0x0000000b (SYMENT) 16 (bytes) 13 0x00000015 (DEBUG) 0x0 14 0x00000003 (PLTGOT) 0x804961c 15 0x00000002 (PLTRELSZ) 24 (bytes) 16 0x00000014 (PLTREL) REL 17 0x00000017 (JMPREL) 0x8048278 18 0x00000011 (REL) 0x8048270 19 0x00000012 (RELSZ) 8 (bytes) 20 0x00000013 (RELENT) 8 (bytes) 21 0x6ffffffe (VERNEED) 0x8048250 22 0x6fffffff (VERNEEDNUM) 1 23 0x6ffffff0 (VERSYM) 0x8048246 24 0x00000000 (NULL) 0x0 25 [root@robot ~]#