手拆ELF(三,節區頭表)
節區頭表
節區頭的資料結構為Elf32_Shdr,大小為40位元組,其資料結構如下:
/* Section header. */
typedef struct
{
Elf32_Word sh_name; /* Section name (string tbl index) */
Elf32_Word sh_type; /* Section type */
Elf32_Word sh_flags; /* Section flags */
Elf32_Addr sh_addr; /* Section virtual addr at execution */
Elf32_Off sh_offset; /* Section file offset */
Elf32_Word sh_size; /* Section size in bytes */
Elf32_Word sh_link; /* Link to another section */
Elf32_Word sh_info; /* Additional section information */
Elf32_Word sh_addralign; /* Section alignment */
Elf32_Word sh_entsize; /* Entry size if section holds table */
} Elf32_Shdr;
注意:32bit和64bit的節區頭沒有實質性區別
sh_name
該成員的值為一個指向節區頭字元表節的索引,通過該索引可以在節區頭字元表節中找到節區的名稱。
sh_type
該成員歸類節區的內容和語義,標明節區是什麼型別,有什麼作用。
/* Legal values for sh_type (section type). */
#define SHT_NULL 0 /* Section header table entry unused */
#define SHT_PROGBITS 1 /* Program data */
#define SHT_SYMTAB 2 /* Symbol table */
#define SHT_STRTAB 3 /* String table */
#define SHT_RELA 4 /* Relocation entries with addends */
#define SHT_HASH 5 /* Symbol hash table */
#define SHT_DYNAMIC 6 /* Dynamic linking information */
#define SHT_NOTE 7 /* Notes */
#define SHT_NOBITS 8 /* Program space with no data (bss) */
#define SHT_REL 9 /* Relocation entries, no addends */
#define SHT_SHLIB 10 /* Reserved */
#define SHT_DYNSYM 11 /* Dynamic linker symbol table */
#define SHT_INIT_ARRAY 14 /* Array of constructors */
#define SHT_FINI_ARRAY 15 /* Array of destructors */
#define SHT_PREINIT_ARRAY 16 /* Array of pre-constructors */
#define SHT_GROUP 17 /* Section group */
#define SHT_SYMTAB_SHNDX 18 /* Extended section indeces */
#define SHT_NUM 19 /* Number of defined types. */
#define SHT_LOOS 0x60000000 /* Start OS-specific. */
#define SHT_GNU_ATTRIBUTES 0x6ffffff5 /* Object attributes. */
#define SHT_GNU_HASH 0x6ffffff6 /* GNU-style hash table. */
#define SHT_GNU_LIBLIST 0x6ffffff7 /* Prelink library list */
#define SHT_CHECKSUM 0x6ffffff8 /* Checksum for DSO content. */
#define SHT_LOSUNW 0x6ffffffa /* Sun-specific low bound. */
#define SHT_SUNW_move 0x6ffffffa
#define SHT_SUNW_COMDAT 0x6ffffffb
#define SHT_SUNW_syminfo 0x6ffffffc
#define SHT_GNU_verdef 0x6ffffffd /* Version definition section. */
#define SHT_GNU_verneed 0x6ffffffe /* Version needs section. */
#define SHT_GNU_versym 0x6fffffff /* Version symbol table. */
#define SHT_HISUNW 0x6fffffff /* Sun-specific high bound. */
#define SHT_HIOS 0x6fffffff /* End OS-specific type */
#define SHT_LOPROC 0x70000000 /* Start of processor-specific */
#define SHT_HIPROC 0x7fffffff /* End of processor-specific */
#define SHT_LOUSER 0x80000000 /* Start of application-specific */
#define SHT_HIUSER 0x8fffffff /* End of application-specific */
| macro | description |
|---|---|
| SHT_NULL | This value marks the section header as inactive. It does not have an associated section. Other members of the section header have undefined values. |
| SHT_PROGBITS | This section holds information defined by the program, whose format and meaning are determined solely by the program. |
| SHT_SYMTAB | This section holds a symbol table. Typically, SHT_SYMTAB provides symbols for link editing, though it may also be used for dynamic linking. As a complete symbol table, it may contain many symbols unnecessary for dynamic linking. An object file can also contain a SHT_DYNSYM section. |
| SHT_STRTAB | This section holds a string table. An object file may have multiple string table sections. |
| SHT_RELA | This section holds relocation entries with explicit addends, such as type Elf32_Rela for the 32-bit class of object files. An object may have multiple relocation sections. |
| SHT_HASH | This section holds a symbol hash table. An object participating in dynamic linking must contain a symbol hash table. An object file may have only one hash table. |
| SHT_DYNAMIC | This section holds information for dynamic linking. An object file may have only one dynamic section. |
| SHT_NOTE | This section holds information that marks the file in some way. |
| SHT_NOBITS | A section of this type occupies no space in the file but otherwise resembles SHT_PROGBITS. Although this section contains no bytes, the sh_offset member contains the conceptual file offset. |
| SHT_REL | This section holds relocation offsets without explicit addends, such as type Elf32_Rel for the 32-bit class of object files. An object file may have multiple relocation sections. |
| SHT_SHLIB | This section is reserved but has unspecified semantics. |
| SHT_DYNSYM | This section holds a minimal set of dynamic linking symbols. An object file can also contain a SHT_SYMTAB section. |
| SHT_LOPROC | This value up to and including SHT_HIPROC is reserved for processor-specific semantics. |
| SHT_HIPROC | This value down to and including SHT_LOPROC is reserved for processor-specific semantics. |
| SHT_LOUSER | This value specifies the lower bound of the range of indices reserved for application programs. |
| SHT_HIUSER | This value specifies the upper bound of the range of indices reserved for application programs. Section types between SHT_LOUSER and SHT_HIUSER may be used by the application, without conflicting with current or future system-defined section types. |
sh_flags
Sections support one-bit flags that describe miscellaneous attributes. If a flag bit is set in sh_flags, the attribute is “on” for the section. Otherwise, the attribute is “off” or does not apply. Undefined attributes are set to zero.
/* Legal values for sh_flags (section flags). */
#define SHF_WRITE (1 << 0) /* Writable */
#define SHF_ALLOC (1 << 1) /* Occupies memory during execution */
#define SHF_EXECINSTR (1 << 2) /* Executable */
#define SHF_MERGE (1 << 4) /* Might be merged */
#define SHF_STRINGS (1 << 5) /* Contains nul-terminated strings */
#define SHF_INFO_LINK (1 << 6) /* `sh_info' contains SHT index */
#define SHF_LINK_ORDER (1 << 7) /* Preserve order after combining */
#define SHF_OS_NONCONFORMING (1 << 8) /* Non-standard OS specific handling
required */
#define SHF_GROUP (1 << 9) /* Section is member of a group. */
#define SHF_TLS (1 << 10) /* Section hold thread-local data. */
#define SHF_COMPRESSED (1 << 11) /* Section with compressed data. */
#define SHF_MASKOS 0x0ff00000 /* OS-specific. */
#define SHF_MASKPROC 0xf0000000 /* Processor-specific */
#define SHF_ORDERED (1 << 30) /* Special ordering requirement
(Solaris). */
#define SHF_EXCLUDE (1U << 31) /* Section is excluded unless
referenced or allocated (Solaris).*/
| macro | description |
|---|---|
| SHF_WRITE | This section contains data that should be writable during process execution. |
| SHF_ALLOC | This section occupies memory during process execution. Some control sections do not reside in the memory image of an object file. This attribute is off for those sections. |
| SHF_EXECINSTR | This section contains executable machine instructions. |
| SHF_MASKPROC | All bits included in this mask are reserved for processor-specific semantics. |
sh_addr
If this section appears in the memory image of a process, this member holds the address at which the section’s first byte should reside. Otherwise, the member contains zero.
sh_offset
This member’s value holds the byte offset from the beginning of the file to the first byte in the section. One section type, SHT_NOBITS, occupies no space in the file, and its sh_offset member locates the conceptual placement in the file.
sh_size
This member holds the section’s size in bytes. Unless the section type is SHT_NOBITS, the section occupies sh_size bytes in the file. A section of type SHT_NOBITS may have a nonzero size, but it occupies no space in the file.
sh_link
This member holds a section header table index link, whose interpretation depends on the section type.
sh_info
This member holds extra information, whose interpretation depends on the section type.
sh_addralign
Some sections have address alignment constraints. If a section holds a doubleword, the system must ensure doubleword alignment for the entire section. That is, the value of sh_addr must be congruent to zero, modulo the value of sh_addralign. Only zero and positive integral powers of two are allowed. Values of zero or one mean the section has no alignment constraints.
sh_entsize
Some sections hold a table of fixed-sized entries, such as a symbol table. For such a section, this member gives the size in bytes for each entry. This member contains zero if the section does not hold a table of fixed-size entries.
例項
手拆ELF(一) 知道節區表的偏移地址為0x000019a8,節區頭大小為40位元組,有29個節區頭,節區頭表大小為29*40=1160=0x488位元組。
young@ubuntu:~/c/elf$ readelf -S elf32
There are 29 section headers, starting at offset 0x19a8:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .interp PROGBITS 00000154 000154 000013 00 A 0 0 1
[ 2] .note.ABI-tag NOTE 00000168 000168 000020 00 A 0 0 4
[ 3] .note.gnu.build-i NOTE 00000188 000188 000024 00 A 0 0 4
[ 4] .gnu.hash GNU_HASH 000001ac 0001ac 000020 04 A 5 0 4
[ 5] .dynsym DYNSYM 000001cc 0001cc 000130 10 A 6 1 4
[ 6] .dynstr STRTAB 000002fc 0002fc 000136 00 A 0 0 1
[ 7] .gnu.version VERSYM 00000432 000432 000026 02 A 5 0 2
[ 8] .gnu.version_r VERNEED 00000458 000458 0000a0 00 A 6 3 4
[ 9] .rel.dyn REL 000004f8 0004f8 000040 08 A 5 0 4
[10] .rel.plt REL 00000538 000538 000068 08 AI 5 22 4
[11] .init PROGBITS 000005a0 0005a0 000023 00 AX 0 0 4
[12] .plt PROGBITS 000005d0 0005d0 0000e0 04 AX 0 0 16
[13] .plt.got PROGBITS 000006b0 0006b0 000010 08 AX 0 0 8
[14] .text PROGBITS 000006c0 0006c0 000434 00 AX 0 0 16
[15] .fini PROGBITS 00000af4 000af4 000014 00 AX 0 0 4
[16] .rodata PROGBITS 00000b08 000b08 000089 00 A 0 0 4
[17] .eh_frame_hdr PROGBITS 00000b94 000b94 00005c 00 A 0 0 4
[18] .eh_frame PROGBITS 00000bf0 000bf0 000180 00 A 0 0 4
[19] .init_array INIT_ARRAY 00001e9c 000e9c 000004 04 WA 0 0 4
[20] .fini_array FINI_ARRAY 00001ea0 000ea0 000004 04 WA 0 0 4
[21] .dynamic DYNAMIC 00001ea4 000ea4 000108 08 WA 6 0 4
[22] .got PROGBITS 00001fac 000fac 000054 04 WA 0 0 4
[23] .data PROGBITS 00002000 001000 000008 00 WA 0 0 4
[24] .bss NOBITS 00002008 001008 000004 00 WA 0 0 1
[25] .comment PROGBITS 00000000 001008 000029 01 MS 0 0 1
[26] .symtab SYMTAB 00000000 001034 000520 10 27 43 4
[27] .strtab STRTAB 00000000 001554 000357 00 0 0 1
[28] .shstrtab STRTAB 00000000 0018ab 0000fc 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
p (processor specific)
相關文章
- ELF檔案中的各個節區
- 拆書之《戰略節奏》
- 固定表頭和首列,防抖節流
- 分散式資料庫拆表拆庫的常用策略分散式資料庫
- elf
- 讓拆庫拆表見鬼去吧!MySQL擴充套件新玩法MySql套件
- 快來看!樂高80101春節家宴,拆箱細節釋出了!
- elf格式標準官方文件:https://refspecs.linuxbase.org/elf/elf.pdfHTTPLinux
- 第36期:MySQL 原生水平拆表MySql
- ELF檔案格式與got表hook簡單實現GoHook
- OnePoll:聖誕節拆禮物平均每人用半小時
- 第三章 裝箱與拆箱
- elf檔案格式
- webpack4之splitchunksPlugin拆拆拆--專案實踐WebPlugin
- ELF檔案逆向分析
- Netty(三) 什麼是 TCP 拆、粘包?如何解決?NettyTCP
- Hyperledger Fabric 手動搭建【區塊鏈學習三】區塊鏈
- elf檔案處理工具
- 扒一扒ELF檔案
- 如何鎖定excel表頭兩行 excel每頁固定表頭列印Excel
- 一種區域性固定表頭的實現方案(橫向可跟隨內容一同滾動,縱向鎖定表頭)
- 三維模擬智慧園區能耗管控:全景態勢,自主節能
- excel表格分頁怎麼重複表頭 excel表怎樣讓每頁都有表頭Excel
- 從例項分析ELF格式的.gnu.hash區與glibc的符號查詢符號
- elementUI 2.0.11自定義表頭UI
- table表頭固定問題
- elementUI table 自定義表頭UI
- 表頭問號提示語
- 《茶杯頭 》BOSS 戰設計節奏分析
- ELF file data encoding not little-endianEncoding
- 用php讀取elf結構PHP
- PE節表詳細分析
- 拆輪子:requests
- 第三節,分支結構
- 第三節 使用Docker映象Docker
- BAT網際網路三巨頭入局區塊鏈,角逐萬億“鏈”紅利BAT區塊鏈
- element table 表頭顯示 tooltip
- vue 表頭指定字元換行Vue字元