ELF File Format Analysis
What is ELF ?
ELF: Executable and Linkable Format, 可执行与可链接格式
ELF格式文件分类
| 文件类型 | 说明 | 实例 |
|---|---|---|
| 可重定位文件(Relocatable File) | Linux的.o (对应Windows的.obj) | |
| 共享目标文件(Shared Object File) | Linux的.so (对应Windows的.dll) | |
| 可执行文件(Executable File) | Linux的/bin目录下的程序 (对应Windows的.exe) | |
| 核心转储文件(Core Dump File) | 当进程意外终止时,系统将进程的地址空间的内容及终止时的信息转储到该文件中 | Linux的core dump |
Note: The ELF (Executable and Linkable Format) file format corresponds to Linux, the PE (Portable Executable) file format corresponds to Windows and the Mach-O (Mach Object) corresponds to macOS.
ELF Structure:
Before learning about the detail of the multiple kinds of fields in ELF structure, we should know that ELF is not a human friendly state machine data structure description. Because it breaks the human readability princlple or we can say it doesn’t follow the information locality princlple, which means we can’t get the needed information around the content we are reading and having some questions.
There is an easter egg behind the ELF file format. UNIX using a simple file format to express executable file called a.out, which means assembler output. This is why when we compiling file, we will get a file called a.out defaultly.
补充字段:
.text: 源语⾔编译后形成的成机器代码.data: ⼰初始化的全局变量和局部静态变量.bss: 末初始化的全局变量和局部静态变量.note.GNU-stack: 堆栈提示段
How can we understand ELF ?
- A file which stores the program data in a special structure.
- A data structure which describes the initial state of state machine
这种说法来源于,可执行文件的执行就是操作系统状态机的一种状态切换,在可执行文件被 execve 加载后状态就切换到该程序,而该程序的字节序列中所包含的一些数据规定了程序的初始状态,从状态机的角度来说就相当于给定了状态机的初始状态描述。
What are the more important things in ELF ?
When we use the static library, there are three important things in ELF we care: 1
- code(代码)
- symbol(符号)
- relocate(重定位)
When we use the dynamic library, in addition to the above content, there are two other important things in ELF.
- GOT(Global Offset Table)
- PLT(Procedure Linkage Table)