Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is <.got> section in ELF?

Tags:

x86

binary

elf

bin

got

As far as I know, PLT and GOT are the section for handling dynamic linked function.

If code calls printf which is libc's function,
1. Firstly it calls PLT to get printf's address.
2. And write this address into GOT section.
3. From second call, code uses the function written in GOT.

As I look into ELF binary closely,
- I found section PLT's name in ELF is <.plt>.
- And section GOT's name in ELF is <.got.plt>.

But ... There was also <.got> section in ELF.
And I could not understand how this section is used.



Q. What is usage of <.got> section?
And what's difference between <.got> and <.got.plt> section?



PS 1. This <.got> section was very tiny, (It only holds 4byte in my sample binary.)
And here I attach IDA view of <.got> section: 

.got:08049FFC ; ===========================================================================
.got:08049FFC
.got:08049FFC ; Segment type: Pure data
.got:08049FFC ; Segment permissions: Read/Write
.got:08049FFC _got            segment dword public 'DATA' use32
.got:08049FFC                 assume cs:_got
.got:08049FFC                 ;org 8049FFCh
.got:08049FFC __gmon_start___ptr dd offset __imp___gmon_start__
.got:08049FFC                                         ; DATA XREF: _init_proc+F↑r
.got:08049FFC                                         ; __gmon_start__↑r
.got:08049FFC _got            ends
.got:08049FFC


PS2. I also checked here, but the answer was not enough for me to understand the usage of <.got> section.

like image 896
Jiwon Avatar asked Aug 28 '18 15:08

Jiwon

People also ask

What are sections in Elf?

2.1 Sections of an ELF File. A section is the smallest unit of an object that can be relocated. Use the elfdump command to inspect the components of an object or executable file generated by the assembler.

What is the PLT and got?

plt contain stubs to jump to the target, those starting with . got are tables of the target addresses. Let's walk through the way a relocation is used in a typical binary. We'll include two libc functions: puts and exit and show the state of the various sections as we go along.

How does the PLT work?

PLT is a structured training program designed to help you develop the practical, day-to-day skills you will need as an entry-level lawyer. Completion of a PLT program is the second essential step to being admitted as a lawyer – the first being your law degree.

What is PLT in assembly?

The PLT is the procedure linkage table, one of the structures which makes dynamic loading and linking easier to use.

1 Answers

Got.plt is actually smaller subset of the .got section. Think of pointing to the tail end of an array of slots. Conceptually it sort of looks like this

Int[10] got; Int* gotplt=&got[5]

Got section basically can contain addresses of Global variables and functions. All the global variables are in the first couple of slots and suffix is all pointers to functions. gotplt is the first slot .got that contains only the addresses of function..

Eventually after function addresses are resolved via means of plt. The resolved address goes into .gotplt which btw is inside .got as I mentioned earlier.

like image 78
Augustine Mathew Avatar answered Sep 20 '22 08:09

Augustine Mathew
Sign in to Comment

Related questions

Understanding how EIP (RIP) register works?
Choosing the right and learning assembler for compiler-writing
debugging segment register FS using GDB [duplicate]
Compile Assembly Output generated by VC++?
How can the first of these two code snippets run 3x faster than the second when its doing more work?
Why "movl $1, %edx" instead of "movl $0, %edx" in a do while
Multicore clock counter consistency
VEX prefixes encoding and SSE/AVX MOVUP(D/S) instructions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!