这个工具和objdump命令提供的功能类似,但是它显示的信息更为具体,并且它不依赖BFD库(BFD库是一个GNU项目,它的目标就是希望通过一种统一的接口来处理不同的目标文件);
ELF文件类型
ELF(Executable and Linking Format)是一种对象文件的格式,用于定义不同类型的对象文件(Object files)中都放了什么东西、以及都以什么样的格式去放这些东西。它自最早在 System V 系统上出现后,被 xNIX 世界所广泛接受,作为缺省的二进制文件格式来使用。可以说,ELF是构成众多xNIX系统的基础之一。
ELF文件有三种类型:
可重定位的对象文件(Relocatable file)
由汇编器汇编生成的 .o 文件可执行的对象文件(Executable file)
可执行应用程序可被共享的对象文件(Shared object file)
动态库文件,也即 .so 文件 .text section 里装载了可执行代码;.data section 里面装载了被初始化的数据;.bss section 里面装载了未被初始化的数据;以 .rec 打头的 sections 里面装载了重定位条目;.symtab 或者 .dynsym section 里面装载了符号信息;.strtab 或者 .dynstr section 里面装载了字符串信息;
参数说明
-a --all 全部 Equivalent to: -h -l -S -s -r -d -V -A -I-h --file-header 文件头 Display the ELF file header-l --program-headers 程序 Display the program headers–segments An alias for --program-headers-S --section-headers 段头 Display the sections’ header–sections An alias for --section-headers-e --headers 全部头 Equivalent to: -h -l -S-s --syms 符号表 Display the symbol table–symbols An alias for --syms-n --notes 内核注释 Display the core notes (if present)-r --relocs 重定位 Display the relocations (if present)-u --unwind Display the unwind info (if present)-d --dynamic 动态段 Display the dynamic segment (if present)-V --version-info 版本 Display the version sections (if present)-A --arch-specific CPU构架 Display architecture specific information (if any).-D --use-dynamic 动态段 Use the dynamic section info when displaying symbols-x --hex-dump= 显示 段内内容Dump the contents of section -w[liaprmfFso] or-I --histogram Display histogram of bucket list lengths-W --wide 宽行输出 Allow output width to exceed 80 characters-H --help Display this information-v --version Display the version number of readelf示例
想知道一个应用程序的可运行的架构平台::
$readelf -h main| grep Machine
-h选项将显示文件头的概要信息,从里面可以看到,有很多有用的信息:
$readelf -h mainELF Header:Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00Class: ELF64Data:2 s complement, little endianVersion: 1 (current)OS/ABI: UNIX - System VABI Version: 0Type:EXEC (Executable file)Machine: Advanced Micro Devices X86-64Version: 0x1Entry point address:0x400790Start of program headers:64 (bytes into file)Start of section headers:5224 (bytes into file)Flags: 0x0Size of this header:64 (bytes)Size of program headers: 56 (bytes)Number of program headers: 8Size of section headers: 64 (bytes)Number of section headers: 29Section header string table index: 26
一个编译好的应用程序,想知道其编译时是否使用了-g选项(加入调试信息):
$readelf -S main| grep debug
用-S选项是显示所有段信息;如果编译时使用了-g选项,则会有debug段;
查看.o文件是否编入了调试信息(编译的时候是否加了-g)::
$readelf -S Shpos.o | grep debug
完整输出
readelf输出的完整内容:
$readelf -all a.outELF Header:Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 Class: ELF32Data:2's complement, little endianVersion: 1 (current)OS/ABI: UNIX - System VABI Version: 0Type:EXEC (Executable file)Machine: Intel 80386Version: 0x1Entry point address:0x8048330Start of program headers:52 (bytes into file)Start of section headers:4412 (bytes into file)Flags: 0x0Size of this header:52 (bytes)Size of program headers: 32 (bytes)Number of program headers: 9Size of section headers: 40 (bytes)Number of section headers: 30Section header string table index: 27Section Headers:[Nr] Name Type AddrOff Size ES Flg Lk Inf Al[ 0] NULL 00000000 000000 000000 000 0 0[ 1] .interp PROGBITS 08048154 000154 000013 00 A 0 0 1[ 2] .note.ABI-tagNOTE 08048168 000168 000020 00 A 0 0 4[ 3] .note.gnu.build-i NOTE 08048188 000188 000024 00 A 0 0 4[ 4] .gnu.hash GNU_HASH 080481ac 0001ac 000020 04 A 5 0 4[ 5] .dynsym DYNSYM080481cc 0001cc 000050 10 A 6 1 4[ 6] .dynstr STRTAB0804821c 00021c 00004c 00 A 0 0 1[ 7] .gnu.versionVERSYM08048268 000268 00000a 02 A 5 0 2[ 8] .gnu.version_r VERNEED 08048274 000274 000020 00 A 6 1 4[ 9] .rel.dynREL 08048294 000294 000008 08 A 5 0 4[10] .rel.pltREL 0804829c 00029c 000018 08 A 5 12 4[11] .init PROGBITS 080482b4 0002b4 00002e 00 AX 0 0 4[12] .plt PROGBITS 080482f0 0002f0 000040 04 AX 0 0 16[13] .text PROGBITS 08048330 000330 00018c 00 AX 0 0 16[14] .fini PROGBITS 080484bc 0004bc 00001a 00 AX 0 0 4[15] .rodata PROGBITS 080484d8 0004d8 000011 00 A 0 0 4[16] .eh_frame_hdrPROGBITS 080484ec 0004ec 000034 00 A 0 0 4[17] .eh_frame PROGBITS 08048520 000520 0000c4 00 A 0 0 4[18] .ctors PROGBITS 08049f14 000f14 000008 00 WA 0 0 4[19] .dtors PROGBITS 08049f1c 000f1c 000008 00 WA 0 0 4[20] .jcr PROGBITS 08049f24 000f24 000004 00 WA 0 0 4[21] .dynamicDYNAMIC 08049f28 000f28 0000c8 08 WA 6 0 4[22] .got PROGBITS 08049ff0 000ff0 000004 04 WA 0 0 4[23] .got.pltPROGBITS 08049ff4 000ff4 000018 04 WA 0 0 4[24] .data PROGBITS 0804a00c 00100c 000008 00 WA 0 0 4[25] .bss NOBITS0804a014 001014 000008 00 WA 0 0 4[26] .commentPROGBITS 00000000 001014 00002a 01 MS 0 0 1[27] .shstrtab STRTAB00000000 00103e 0000fc 000 0 1[28] .symtab SYMTAB00000000 0015ec 000410 1029 45 4[29] .strtab STRTAB00000000 0019fc 0001f9 000 0 1Key to Flags:W (write), A (alloc), X (execute), M (merge), S (strings)I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)O (extra OS processing required) o (OS specific), p (processor specific)There are no section groups in this file.Program Headers:Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg AlignPHDR 0x000034 0x08048034 0x08048034 0x00120 0x00120 R E 0x4INTERP 0x000154 0x08048154 0x08048154 0x00013 0x00013 R 0x1[Requesting program interpreter: /lib/ld-linux.so.2]LOAD 0x000000 0x08048000 0x08048000 0x005e4 0x005e4 R E 0x1000LOAD 0x000f14 0x08049f14 0x08049f14 0x00100 0x00108 RW 0x1000DYNAMIC 0x000f28 0x08049f28 0x08049f28 0x000c8 0x000c8 RW 0x4NOTE 0x000168 0x08048168 0x08048168 0x00044 0x00044 R 0x4GNU_EH_FRAME 0x0004ec 0x080484ec 0x080484ec 0x00034 0x00034 R 0x4GNU_STACK0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4GNU_RELRO0x000f14 0x08049f14 0x08049f14 0x000ec 0x000ec R 0x1Section to Segment mapping:Segment Sections...0001.interp 02.interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03.ctors .dtors .jcr .dynamic .got .got.plt .data .bss 04.dynamic 05.note.ABI-tag .note.gnu.build-id 06.eh_frame_hdr 0708.ctors .dtors .jcr .dynamic .got Dynamic section at offset 0xf28 contains 20 entries:Tag TypeName/Value0x00000001 (NEEDED) Shared library: [libc.so.6]0x0000000c (INIT) 0x80482b40x0000000d (FINI) 0x80484bc0x6ffffef5 (GNU_HASH) 0x80481ac0x00000005 (STRTAB) 0x804821c0x00000006 (SYMTAB) 0x80481cc0x0000000a (STRSZ) 76 (bytes)0x0000000b (SYMENT) 16 (bytes)0x00000015 (DEBUG) 0x00x00000003 (PLTGOT) 0x8049ff40x00000002 (PLTRELSZ) 24 (bytes)0x00000014 (PLTREL) REL0x00000017 (JMPREL) 0x804829c0x00000011 (REL) 0x80482940x00000012 (RELSZ) 8 (bytes)0x00000013 (RELENT) 8 (bytes)0x6ffffffe (VERNEED)0x80482740x6fffffff (VERNEEDNUM) 10x6ffffff0 (VERSYM) 0x80482680x00000000 (NULL) 0x0Relocation section '.rel.dyn' at offset 0x294 contains 1 entries:OffsetInfo Type Sym.Value Sym. Name08049ff0 00000206 R_386_GLOB_DAT 00000000 __gmon_start__Relocation section '.rel.plt' at offset 0x29c contains 3 entries:OffsetInfo Type Sym.Value Sym. Name0804a000 00000107 R_386_JUMP_SLOT 00000000 printf0804a004 00000207 R_386_JUMP_SLOT 00000000 __gmon_start__0804a008 00000307 R_386_JUMP_SLOT 00000000 __libc_start_mainThere are no unwind sections in this file.Symbol table '.dynsym' contains 5 entries:Num: Value Size Type Bind VisNdx Name0: 000000000 NOTYPE LOCAL DEFAULT UND 1: 000000000 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.0 (2)2: 000000000 NOTYPE WEAK DEFAULT UND __gmon_start__3: 000000000 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (2)4: 080484dc4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_usedSymbol table '.symtab' contains 65 entries:Num: Value Size Type Bind VisNdx Name0: 000000000 NOTYPE LOCAL DEFAULT UND 1: 080481540 SECTION LOCAL DEFAULT 1 2: 080481680 SECTION LOCAL DEFAULT 2 3: 080481880 SECTION LOCAL DEFAULT 3 4: 080481ac0 SECTION LOCAL DEFAULT 4 5: 080481cc0 SECTION LOCAL DEFAULT 5 6: 0804821c0 SECTION LOCAL DEFAULT 6 7: 080482680 SECTION LOCAL DEFAULT 7 8: 080482740 SECTION LOCAL DEFAULT 8 9: 080482940 SECTION LOCAL DEFAULT 9 10: 0804829c0 SECTION LOCAL DEFAULT 10 11: 080482b40 SECTION LOCAL DEFAULT 11 12: 080482f00 SECTION LOCAL DEFAULT 12 13: 080483300 SECTION LOCAL DEFAULT 13 14: 080484bc0 SECTION LOCAL DEFAULT 14 15: 080484d80 SECTION LOCAL DEFAULT 15 16: 080484ec0 SECTION LOCAL DEFAULT 16 17: 080485200 SECTION LOCAL DEFAULT 17 18: 08049f140 SECTION LOCAL DEFAULT 18 19: 08049f1c0 SECTION LOCAL DEFAULT 19 20: 08049f240 SECTION LOCAL DEFAULT 20 21: 08049f280 SECTION LOCAL DEFAULT 21 22: 08049ff00 SECTION LOCAL DEFAULT 22 23: 08049ff40 SECTION LOCAL DEFAULT 23 24: 0804a00c0 SECTION LOCAL DEFAULT 24 25: 0804a0140 SECTION LOCAL DEFAULT 25 26: 000000000 SECTION LOCAL DEFAULT 26 27: 000000000 FILE LOCAL DEFAULT ABS crtstuff.c28: 08049f140 OBJECT LOCAL DEFAULT 18 __CTOR_LIST__29: 08049f1c0 OBJECT LOCAL DEFAULT 19 __DTOR_LIST__30: 08049f240 OBJECT LOCAL DEFAULT 20 __JCR_LIST__31: 080483600 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux32: 0804a0141 OBJECT LOCAL DEFAULT 25 completed.608633: 0804a0184 OBJECT LOCAL DEFAULT 25 dtor_idx.608834: 080483c00 FUNC LOCAL DEFAULT 13 frame_dummy35: 000000000 FILE LOCAL DEFAULT ABS crtstuff.c36: 08049f180 OBJECT LOCAL DEFAULT 18 __CTOR_END__37: 080485e00 OBJECT LOCAL DEFAULT 17 __FRAME_END__38: 08049f240 OBJECT LOCAL DEFAULT 20 __JCR_END__39: 080484900 FUNC LOCAL DEFAULT 13 __do_global_ctors_aux40: 000000000 FILE LOCAL DEFAULT ABS a.c41: 08049f140 NOTYPE LOCAL DEFAULT 18 __init_array_end42: 08049f280 OBJECT LOCAL DEFAULT 21 _DYNAMIC43: 08049f140 NOTYPE LOCAL DEFAULT 18 __init_array_start44: 08049ff40 OBJECT LOCAL DEFAULT 23 _GLOBAL_OFFSET_TABLE_45: 080484802 FUNC GLOBAL DEFAULT 13 __libc_csu_fini46: 080484820 FUNC GLOBAL HIDDEN 13 __i686.get_pc_thunk.bx47: 0804a00c0 NOTYPE WEAK DEFAULT 24 data_start48: 000000000 FUNC GLOBAL DEFAULT UND printf@@GLIBC_2.049: 0804a0140 NOTYPE GLOBAL DEFAULT ABS _edata50: 080484bc0 FUNC GLOBAL DEFAULT 14 _fini51: 08049f200 OBJECT GLOBAL HIDDEN 19 __DTOR_END__52: 0804a00c0 NOTYPE GLOBAL DEFAULT 24 __data_start53: 000000000 NOTYPE WEAK DEFAULT UND __gmon_start__54: 0804a0100 OBJECT GLOBAL HIDDEN 24 __dso_handle55: 080484dc4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used56: 000000000 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_57: 08048410 97 FUNC GLOBAL DEFAULT 13 __libc_csu_init58: 0804a01c0 NOTYPE GLOBAL DEFAULT ABS _end59: 080483300 FUNC GLOBAL DEFAULT 13 _start60: 080484d84 OBJECT GLOBAL DEFAULT 15 _fp_hw61: 0804a0140 NOTYPE GLOBAL DEFAULT ABS __bss_start62: 080483e4 40 FUNC GLOBAL DEFAULT 13 main63: 000000000 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses64: 080482b40 FUNC GLOBAL DEFAULT 11 _initHistogram for `.gnu.hash' bucket list length (total of 2 buckets):Length Number% of total Coverage0 1( 50.0%)1 1( 50.0%) 100.0%Version symbols section '.gnu.version' contains 5 entries:Addr: 0000000008048268 Offset: 0x000268 Link: 5 (.dynsym)000: 0 (*local*) 2 (GLIBC_2.0)0 (*local*) 2 (GLIBC_2.0) 004: 1 (*global*) Version needs section '.gnu.version_r' contains 1 entries:Addr: 0x0000000008048274 Offset: 0x000274 Link: 6 (.dynstr)000000: Version: 1 File: libc.so.6 Cnt: 10x0010: Name: GLIBC_2.0 Flags: none Version: 2Notes at offset 0x00000168 with length 0x00000020:Owner Data sizeDescriptionGNU 0x00000010NT_GNU_ABI_TAG (ABI version tag)OS: Linux, ABI: 2.6.15Notes at offset 0x00000188 with length 0x00000024:Owner Data sizeDescriptionGNU 0x00000014NT_GNU_BUILD_ID (unique build ID bitstring)Build ID: 17fb9651029b6a8543bfafec9eea23bd16454e65
关于ELF文件格式的参考:/xmphoenix/archive//10/23/2221879.html
参考
https://linuxtools-rst.readthedocs.io/zh_CN/latest/tool/readelf.html
