Menu
What is the difference between .got and .got.plt section in ELF format?
205
The PLT and GOT are sections within an ELF file that deal with a large portion of the dynamic linking. Dynamically linked binaries are more common than statically linked binary in CTFs.
The PLT is the procedure linkage table, one of the structures which makes dynamic loading and linking easier to use. printf@plt is actually a small stub which (eventually) calls the real printf function, modifying things on the way to make subsequent calls faster.
In partial RELRO, the non-PLT part of the GOT section (. got from readelf output) is read only but . got. plt is still writeable.
My previous comment turns to be right:
I think
.gotis for relocations regarding global 'variables' while.got.pltis a auxiliary section to act together with.pltwhen resolving procedures absolute addresses.
The example below makes things a bit clear.
These are the relocations for my 32 bits i686-linux /lib/libm.so
Relocation section '.rel.dyn' at offset 0x32b8 contains 8 entries: Offset Info Type Sym.Value Sym. Name 00025030 00000008 R_386_RELATIVE 00024fd8 00005706 R_386_GLOB_DAT 00025034 _LIB_VERSION 00024fdc 00000406 R_386_GLOB_DAT 00000000 __gmon_start__ 00024fe0 00000506 R_386_GLOB_DAT 00000000 _Jv_RegisterClasses 00024fe4 00000806 R_386_GLOB_DAT 00000000 _rtld_global_ro 00024fe8 00000906 R_386_GLOB_DAT 00000000 stderr 00024fec 00013006 R_386_GLOB_DAT 0002507c signgam 00024ff0 00000e06 R_386_GLOB_DAT 00000000 __cxa_finalize Relocation section '.rel.plt' at offset 0x32f8 contains 12 entries: Offset Info Type Sym.Value Sym. Name 00025000 00000107 R_386_JUMP_SLOT 00000000 fputs 00025004 00000207 R_386_JUMP_SLOT 00000000 __errno_location 00025008 00000307 R_386_JUMP_SLOT 00000000 sprintf 0002500c 00000407 R_386_JUMP_SLOT 00000000 __gmon_start__ 00025010 00000607 R_386_JUMP_SLOT 00000000 strtod 00025014 00000707 R_386_JUMP_SLOT 00000000 __assert_fail 00025018 00000a07 R_386_JUMP_SLOT 00000000 strlen 0002501c 00000b07 R_386_JUMP_SLOT 00000000 strtof 00025020 00000c07 R_386_JUMP_SLOT 00000000 fwrite 00025024 00000d07 R_386_JUMP_SLOT 00000000 strtold 00025028 00005e07 R_386_JUMP_SLOT 00005970 matherr 0002502c 00000e07 R_386_JUMP_SLOT 00000000 __cxa_finalize Look that as you noted there are two relocation sections, namely .rel.dyn and .rel.plt. You can see that all relocations for .rel.plt are of type R_386_JUMP_SLOT which means that they are branch relocations on the other hand almost all relocations in .rel.dyn are R_386_GLOB_DAT which means relocation for global variables.
Another subtle difference exist between .symtab and .dynsym. While the first contain references for all symbols used during static link editing the later contain only those symbols needed for dynamic linking. Thus, the relocations mentioned above refer only to .dynsym section.
67
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
