Can't find .dtors and .ctors in binary

Question

I am reading the book Hacking, the art of exploitation. In the book there is a section that explain the use of .dtors and .ctors.

I'm trying to reproduce one of the exercises of the book but in my executable I do not have this sections. At first I thought the problem was that I was compiling for 64-bit, but now I'm compiling for 32-bit and .dtors and .ctors are still not appearing in the section table. Here is the code:

#include <stdio.h>
#include <stdlib.h>

static void
miConstructor(void) __attribute__ ((constructor));
static void
miDestructor(void) __attribute__ ((destructor));

int
main(void) {
printf("En main() \n");
return 0;
}

void
miConstructor(void) {
printf("En el constructor\n");
}

void
miDestructor(void) {
    printf("En el destructor\n");
}

I am compiling with:

 gcc -m32 -o a.out dtors_example.c

This is the output of nm:

080495f0 d _DYNAMIC
080496e4 d _GLOBAL_OFFSET_TABLE_
080484dc R _IO_stdin_used
     w _ITM_deregisterTMCloneTable
     w _ITM_registerTMCloneTable
     w _Jv_RegisterClasses
080485d8 r __FRAME_END__
080495ec d __JCR_END__
080495ec d __JCR_LIST__
08049704 D __TMC_END__
08049704 A __bss_start
080496fc D __data_start
080483c0 t __do_global_dtors_aux
080495e4 t __do_global_dtors_aux_fini_array_entry
08049700 D __dso_handle
080495dc t __frame_dummy_init_array_entry
     w __gmon_start__
080484ba T __i686.get_pc_thunk.bx
080495e4 t __init_array_end
080495dc t __init_array_start
08048450 T __libc_csu_fini
08048460 T __libc_csu_init
     U __libc_start_main@@GLIBC_2.0
08049704 A _edata
08049708 A _end
080484c0 T _fini
080484d8 R _fp_hw
080482b8 T _init
08048320 T _start
08049704 b completed.5730
080496fc W data_start
08048350 t deregister_tm_clones
080483e0 t frame_dummy
0804840c T main
08048428 t miConstructor
0804843c t miDestructor
     U puts@@GLIBC_2.0
08048380 t register_tm_clones

The output of objdump neither show .dtors or .ctors

Maybe the sections __init_array_end, __init_array_start or __do_global_dtors_aux are related with the behavior of .ctors and .dtors?

Answer 1

The issue is likely gcc. under gcc 4.7 version can generate .ctors sections, but gcc 4.7 use .init_array instead of .ctors. you can confirm this by doing command which list below. objdump -dr -j .ctors a.out.if no sections found, try objdump -dr -j .init_array a.out or you can do this readelf -S a.out to list all sections. then you'll find .ctors or(and) .init_array.

Answer 2

Use objdump command with -x option to see the full available header info, symbol table and relocation entries.

objdump -x ./yourcommand