Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What are the meanings of the columns of the symbol table displayed by readelf?

Tags:

symbols

elf

People also ask

What does the readelf command do?

readelf command is used to analyze binaries based on Linux. This is most common tool used by security professionals to dig into binary files. Further, run the command by using the GCC compiler. You can check the format using Linux utility file.

What does und mean in Objdump?

These characters are described below. Next is the section with which the symbol is associated or ABS if the section is absolute (ie not connected with any section), or UND if the section is referenced in the file being dumped, but not defined there.

What are symbols in ELF?

Symbols are a symbolic reference to some type of data or code such as a global variable or function. For instance, the printf() function is going to have a symbol entry that points to it in the dynamic symbol table . dynsym .

What is NDX in readelf?

Ndx = The section number the symbol is in. ABS means absolute: not adjusted to any section address's relocation.

Consider the following:

Symbol table .symtab contains 1203 entries:

 Num:    Value  Size Type    Bind   Vis      Ndx Name
 310: a0008120     0 NOTYPE  GLOBAL DEFAULT  ABS _gp  
 734: a0000010    32 OBJECT  GLOBAL DEFAULT   77 v 
 818: 9d000018   496 FUNC    GLOBAL DEFAULT   71 main 
 849: a0000124     4 OBJECT  GLOBAL DEFAULT   78 phrase 
 955: a0000000     9 OBJECT  GLOBAL DEFAULT   77 peppers  
1020: a000023c   192 OBJECT  GLOBAL DEFAULT   80 bins
  • Num: = The symbol number
  • Value = The address of the Symbol
  • Size = The size of the symbol
  • Type = symbol type: Func = Function, Object, File (source file name), Section = memory section, Notype = untyped absolute symbol or undefined
  • Bind = GLOBAL binding means the symbol is visible outside the file. LOCAL binding is visible only in the file. WEAK is like global, the symbol can be overridden.
  • Vis = Symbols can be default, protected, hidden or internal.
  • Ndx = The section number the symbol is in. ABS means absolute: not adjusted to any section address's relocation
  • Name = symbol name

You can either:

man readelf

or look at these tutorials:

  • The ELF Object File Format by Dissection
  • Understanding ELF using readelf and objdump.

I think Ndx field shows the section number where that symbol is defined.

Do a readelf -a <file>, and find out which section the address corresponds to for a given symbol.

I bet the section number of that section will appear in Ndx field.

Related questions

What is bang dollar (!$) in Bash?
What is the difference between equality and equivalence?
Why does Clojure distinguish between symbols and vars?
What does the => symbol mean in Haskell?
Ruby symbol to class
Microsoft equivalent of the nm command
Inserting a degree symbol into python plot
How to get ndk-gdb working on Android?
duplicate symbols for architectures in Xcode
Why is this string key in a hash converted to a symbol?
What does the compile-time error "Undefined symbols for architecture x86_64" mean?
How to merge two columns in R with a specific symbol?
What is the meaning of + in a regex?
Symbol to string issue
Cannot find symbol assertEquals
In Ruby what does "=>" mean and how does it work? [duplicate]
Symbol hiding in static libraries built with Xcode
Android set degree symbol to Textview [duplicate]
Undefined Symbols for architecture x86_64: Compiling problems
What does to_proc method mean?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!