Menu
I found ".dynsym" in String Table, got index. Then I found section with sh_name = index && sh_type = SHT_DYNSYM. So I got sh_offset = 464 and sh_size = 64. But you can see in the attached picture, that on the offset 464 there are only zeros.
I suppose that Import Table starts on offset 528. Question is: how calculate it %)
465
But you can see in the attached picture, that on the offset 464 there are only zeros.
Wrong: 01, 20, 29, 12 etc. are not "only zeros" last time I checked.
I suppose that Import Table starts on offset 528
No, it does not. For some reason you are expecting to find a Microsoft PE-style import table in an ELF file. It's not there.
An equivalent of an import table in ELF is contained in two tables. One contains Elf{32,64}_Sym fixed-size records:
typedef struct
{
Elf32_Word st_name; /* Symbol name (string tbl index) */
Elf32_Addr st_value; /* Symbol value */
Elf32_Word st_size; /* Symbol size */
unsigned char st_info; /* Symbol type and binding */
unsigned char st_other; /* Symbol visibility */
Elf32_Section st_shndx; /* Section index */
} Elf32_Sym;
and is contained in the .dynsym section.
The other table is contained in .dynstr section (which, in your file starts at offset 528), and has just the (variable-size) strings separated by NUL character.
The .st_name in the first table refers to offset in .dynstr.
54
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
