ELF program header segment sizes and offsets

Question

ELF program header segment sizes and offsets

I am trying to understand the ELF format, and now there are some things that I do not get about the segments defined in the program header. I have this little code that I convert to an ELF file with g ++ (x86_x64 on Linux):

#include <stdlib.h>
#include <iostream>

using namespace std;

int main(int argc, char *argv[])
{
    if (argc == 1)
    {
        cout << "Hello world!" << endl;
    }
    return 0;
}

With g++ -c -m64 -D ACIS64 main.cpp -o main.oand g++ -s -O1 -o Main main.o. Now, with readelf , I get this list of segments:

Program Headers:
Type           Offset             VirtAddr           PhysAddr
               FileSiz            MemSiz             Flags      Align
PHDR           0x0000000000000040 0x0000000000400040 0x0000000000400040
               0x00000000000001f8 0x00000000000001f8 R E        8
INTERP         0x0000000000000238 0x0000000000400238 0x0000000000400238
               0x000000000000001c 0x000000000000001c R          1
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD           0x0000000000000000 0x0000000000400000 0x0000000000400000
               0x0000000000000afc 0x0000000000000afc R E        200000
LOAD           0x0000000000000df8 0x0000000000600df8 0x0000000000600df8
               0x0000000000000270 0x00000000000003a0 RW         200000
DYNAMIC        0x0000000000000e18 0x0000000000600e18 0x0000000000600e18
               0x00000000000001e0 0x00000000000001e0 RW         8
NOTE           0x0000000000000254 0x0000000000400254 0x0000000000400254
               0x0000000000000044 0x0000000000000044 R          4
GNU_EH_FRAME   0x00000000000009a4 0x00000000004009a4 0x00000000004009a4
               0x0000000000000044 0x0000000000000044 R          4
GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000
               0x0000000000000000 0x0000000000000000 RW         10
GNU_RELRO      0x0000000000000df8 0x0000000000600df8 0x0000000000600df8
               0x0000000000000208 0x0000000000000208 R          1

With the Bless Hex Editor, I look through the code and try to find each of these segments.

I find the PHDR segment immediately after the ELF header and has the size of this entire program header. It has 8 bytes and is read / executed. [!] I do not understand why the executable file.
, PHDR. 1 .
, , [!], , . , 0x0000000000000000. , ? 0xafc ? ? ? , , 0x200000 . LOAD ?. , 764 0x0 :
( ) [!] , , . , .
DYNAMIC. 0xe18, . [!] , , , . . , "" LOAD
NOTE, , , , .
GNU, , 0x0000000000000000, , .

PE, , , .

+3

header offset elf size segment

ali 20 . '14 10:40

1

pank4j · Accepted Answer · 2014-02-26T03:28:23+0000

readelf . ( ) ELF. , .

PHDR ELF . 8 /. [!] , .

readelf, , PHDR ( VirtAddr MemSiz). , , (RX).

, , [!] , . , 0x0000000000000000. , ? 0xafc ? ? ? , 0x200000 . LOAD ?. 764 0x0:

, . (.. 0) 0xafc . , 0x0000000000400000 ELF. () ++, . , , . VirtAddr PhysAddr ( , Align!= 0 && Align!= 1). , VirtAddr 0x0000000000600df8 (0x0000000000600df8 - 0x0000000000000df8% 0x200000 == 0). ( 0xafc 0xdf8) .

( ) [!] , , . , - .

, , ( ). .

DYNAMIC. 0xe18, . [!] , , , . . , "" LOAD

, PHDR , DYNAMIC . (RW). .dynamic , , .

GNU, 0x0000000000000000, , .

GNU_EH_FRAME , GNU_RELRO (. VirtAddr MemSiz). GNU_STACK - , , , ELF . (FileSiz MemSiz 0).

:

ELF
, John R. Levine

ELF program header segment sizes and offsets

More articles: