Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Reading ELF header in C

Tags:

c

linker

elf

currently I'm writing little program that reads elf file header and prints some information

I have an unsigned char pointer called buf which points to the location where elf file is located in memory(I used mmap to map it to memory), then I typecast it to a proper elf header pointer

Elf32_Ehdr *ehdr = (Elf32_Ehdr *)buf;

After this I want to get an address of the program header table, I do it like this

Elf32_Phdr *ptbl = (Elf32_Phdr *) (buf + ehdr->e_phoff)

As I noticed the value of ptbl pointer doesn't change and when I try to print the value of the e_phoff member like this

fprintf( stdout , "Offset of program headers : %d\n", ehdr->e_phoff);

I get zero Same stuff happens when I try to print number of program headers and number of section headers - always get zero If I use linux readelf, it prints proper values Does anyone experienced the same problem?

like image 637
Rustam Issabekov Avatar asked Apr 27 '12 14:04

Rustam Issabekov

People also ask

How do I view ELF headers?

To find them the ELF header is used, which is located at the very start of the file. The first bytes contain the elf magic "\x7fELF" , followed by the class ID (32 or 64 bit ELF file), the data format ID (little endian/big endian), the machine type, etc. Finally, the entry point of this file is at address 0x0.

How do I read the contents of an ELF file?

you can use readelf and objdump to read parts of an elf file. You can also use 'hexdump filename' to get a hexdump of the contents of a binary file (this is likely only useful if you like reading machine code or you are writing an assembler).

What is ELF file in C?

In computing, the Executable and Linkable Format (ELF, formerly named Extensible Linking Format), is a common standard file format for executable files, object code, shared libraries, and core dumps.

What are section headers for ELF?

Section header (Shdr) A file's section header table lets one locate all the file's sections. The section header table is an array of Elf32_Shdr or Elf64_Shdr structures. The ELF header's e_shoff member gives the byte offset from the beginning of the file to the section header table.

1 Answers

When parsing an ELF object, you would need to keep in mind that:

  1. The size, file alignment and internal layout for in-file structures (such as the ELF Executable Header) depends on the ELF object's word size.
  2. The endianness of the ELF object could differ from the 'native' endianness of the program reading the object.
  3. ELF objects containing a large number of sections or program segments may use an alternate "extended numbering" scheme.

Rather than handle these cases by hand, it may be easier to use an implementation of the ELF(3) access API to parse the ELF object (see: BSD libelf, or GNU libelf).

The tutorial ``libelf by Example'' contains a readable introduction to the ELF(3) API.

like image 140
jkoshy Avatar answered Sep 21 '22 21:09

jkoshy
Sign in to Comment

Related questions

C overcoming aliasing restrictions (unions?)
C locale questions
Distributing state across many machines
Any opensource C/C++ Libraries/Frameworks for RPC over pipes/internal linux sockets? [closed]
Refactor recursive algorithm into an iterative one?
How do I get MSVC to put uninitialized data in .bss?
Assembly Converting MOV / MOVZX and MOVSX to C code (no inline asm)
mmap() and locking files
If destination and source are the same, what does memmove do?
Return list of points (x,y,z) from C to C# using PInvoke
Recursive algorithm to select ascending noncontiguous numbers from a list
What type should I use for filename strings in C for iOS project?
Code refactoring tools for C, usable on GNU/Linux? FOSS preferable
JNA Memory Leak
Static vs Non Static functions - Debugging embedded systems context
How to map 1GB (or more) of physical memory under a 32-bit Linux kernel
High-level system language that compiles to c?
OpenCL struct argument invalid address space
How do I call a function in a C++ Dll from C# that has void* callback and object parameter
Making https get with libcurl

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!