What is ELF

From The Power of Many
Revision as of 03:27, 27 December 2021 by Snowshi (talk | contribs)

ELF, Executable and Linkable Format 


❯ file /bin/bash
/bin/bash: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, stripped

readelf -h /bin/bash                                                                                              
ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              DYN (Position-Independent Executable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x10ab0
  Start of program headers:          64 (bytes into file)
  Start of section headers:          863256 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         13
  Size of section headers:           64 (bytes)
  Number of section headers:         28
  Section header string table index: 27

❯ ldd /bin/bash
	linux-vdso.so.1 (0x00007ffd9d55b000)
	libreadline.so.8 => /lib64/libreadline.so.8 (0x00007fc83225b000)
	libtinfo.so.6 => /lib64/libtinfo.so.6 (0x00007fc83221f000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fc83202b000)
	libtinfow.so.6 => /lib64/libtinfow.so.6 (0x00007fc831fef000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fc8323b1000)



❯ objdump -p /bin/bash

/bin/bash:     file format elf64-x86-64

Program Header:
    PHDR off    0x0000000000000040 vaddr 0x0000000000000040 paddr 0x0000000000000040 align 2**3
         filesz 0x00000000000002d8 memsz 0x00000000000002d8 flags r--
  INTERP off    0x0000000000000318 vaddr 0x0000000000000318 paddr 0x0000000000000318 align 2**0
         filesz 0x000000000000001c memsz 0x000000000000001c flags r--
    LOAD off    0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**12
         filesz 0x000000000000d070 memsz 0x000000000000d070 flags r--
    LOAD off    0x000000000000e000 vaddr 0x000000000000e000 paddr 0x000000000000e000 align 2**12
         filesz 0x0000000000090275 memsz 0x0000000000090275 flags r-x
    LOAD off    0x000000000009f000 vaddr 0x000000000009f000 paddr 0x000000000009f000 align 2**12
         filesz 0x000000000002e0f0 memsz 0x000000000002e0f0 flags r--
    LOAD off    0x00000000000cd4b0 vaddr 0x00000000000ce4b0 paddr 0x00000000000ce4b0 align 2**12
         filesz 0x000000000000566c memsz 0x00000000000143f0 flags rw-
 DYNAMIC off    0x00000000000ced10 vaddr 0x00000000000cfd10 paddr 0x00000000000cfd10 align 2**3
         filesz 0x0000000000000200 memsz 0x0000000000000200 flags rw-
    NOTE off    0x0000000000000338 vaddr 0x0000000000000338 paddr 0x0000000000000338 align 2**3
         filesz 0x0000000000000030 memsz 0x0000000000000030 flags r--
    NOTE off    0x0000000000000368 vaddr 0x0000000000000368 paddr 0x0000000000000368 align 2**2
         filesz 0x0000000000000020 memsz 0x0000000000000020 flags r--
0x6474e553 off    0x0000000000000338 vaddr 0x0000000000000338 paddr 0x0000000000000338 align 2**3
         filesz 0x0000000000000030 memsz 0x0000000000000030 flags r--
EH_FRAME off    0x00000000000b6f00 vaddr 0x00000000000b6f00 paddr 0x00000000000b6f00 align 2**2
         filesz 0x00000000000032cc memsz 0x00000000000032cc flags r--
   STACK off    0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**4
         filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw-
   RELRO off    0x00000000000cd4b0 vaddr 0x00000000000ce4b0 paddr 0x00000000000ce4b0 align 2**0
         filesz 0x0000000000001b50 memsz 0x0000000000001b50 flags r--

Dynamic Section:
  NEEDED               libreadline.so.8
  NEEDED               libtinfo.so.6
  NEEDED               libc.so.6
  INIT                 0x000000000000e000
  FINI                 0x000000000009e26c
  INIT_ARRAY           0x00000000000ce4b0
  INIT_ARRAYSZ         0x0000000000000008
  FINI_ARRAY           0x00000000000ce4b8
  FINI_ARRAYSZ         0x0000000000000008
  GNU_HASH             0x0000000000000388
  STRTAB               0x0000000000002ce8
  SYMTAB               0x0000000000000840
  STRSZ                0x000000000000153f
  SYMENT               0x0000000000000018
  DEBUG                0x0000000000000000
  PLTGOT               0x00000000000d0000
  PLTRELSZ             0x0000000000001ad0
  PLTREL               0x0000000000000007
  JMPREL               0x000000000000b5a0
  RELA                 0x00000000000045f8
  RELASZ               0x0000000000006fa8
  RELAENT              0x0000000000000018
  FLAGS_1              0x0000000008000000
  VERNEED              0x0000000000004538
  VERNEEDNUM           0x0000000000000001
  VERSYM               0x0000000000004228
  RELACOUNT            0x000000000000044b

Version References:
  required from libc.so.6:
    0x06969185 0x00 12 GLIBC_2.25
    0x06969191 0x00 11 GLIBC_2.11
    0x06969194 0x00 10 GLIBC_2.14
    0x0d696918 0x00 09 GLIBC_2.8
    0x069691b3 0x00 08 GLIBC_2.33
    0x06969195 0x00 07 GLIBC_2.15
    0x0d696914 0x00 06 GLIBC_2.4
    0x069691b4 0x00 05 GLIBC_2.34
    0x09691974 0x00 04 GLIBC_2.3.4
    0x0d696913 0x00 03 GLIBC_2.3
    0x09691a75 0x00 02 GLIBC_2.2.5
Retrieved from "https://wiki.snowfrs.com/index.php?title=What_is_ELF&oldid=268"