What is ELF
ELF, Executable and Linkable Format
> file /bin/bash
/bin/bash: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, stripped> readelf -h /bin/bash
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Position-Independent Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x10ab0
Start of program headers: 64 (bytes into file)
Start of section headers: 863256 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 13
Size of section headers: 64 (bytes)
Number of section headers: 28
Section header string table index: 27> od -Ax -t x1 -N 64 /bin/bash
000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
000010 03 00 3e 00 01 00 00 00 b0 0a 01 00 00 00 00 00
000020 40 00 00 00 00 00 00 00 18 2c 0d 00 00 00 00 00
000030 00 00 00 00 40 00 38 00 0d 00 40 00 1c 00 1b 00
000040Explain:
-Ax show address using hexadecimal
-t x1 show content using hexadecimal, 1 byte each time
-N 64 show 64 bytes only (Size of this header)
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 000000 | 7f | 45 | 4c | 46 | 02 | 01 | 01 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 00 |
| 000010 | 03 | 00 | 3e | 00 | 01 | 00 | 00 | 00 | b0 | 0a | 01 | 00 | 00 | 00 | 00 | 00 |
| 000020 | 40 | 00 | 00 | 00 | 00 | 00 | 00 | 00 | 18 | 2c | 0d | 00 | 00 | 00 | 00 | 00 |
| 000030 | 00 | 00 | 00 | 00 | 40 | 00 | 38 | 00 | 0d | 00 | 40 | 00 | 1c | 00 | 1b | 00 |
| 000040 |
> readelf -h /bin/bash
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Position-Independent Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x10ab0
Start of program headers: 64 (bytes into file)
Start of section headers: 863256 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 13
Size of section headers: 64 (bytes)
Number of section headers: 28
Section header string table index: 27> ldd /bin/bash
linux-vdso.so.1 (0x00007ffd9d55b000)
libreadline.so.8 => /lib64/libreadline.so.8 (0x00007fc83225b000)
libtinfo.so.6 => /lib64/libtinfo.so.6 (0x00007fc83221f000)
libc.so.6 => /lib64/libc.so.6 (0x00007fc83202b000)
libtinfow.so.6 => /lib64/libtinfow.so.6 (0x00007fc831fef000)
/lib64/ld-linux-x86-64.so.2 (0x00007fc8323b1000)> objdump -p /bin/bash
/bin/bash: file format elf64-x86-64
Program Header:
PHDR off 0x0000000000000040 vaddr 0x0000000000000040 paddr 0x0000000000000040 align 2**3
filesz 0x00000000000002d8 memsz 0x00000000000002d8 flags r--
INTERP off 0x0000000000000318 vaddr 0x0000000000000318 paddr 0x0000000000000318 align 2**0
filesz 0x000000000000001c memsz 0x000000000000001c flags r--
LOAD off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**12
filesz 0x000000000000d070 memsz 0x000000000000d070 flags r--
LOAD off 0x000000000000e000 vaddr 0x000000000000e000 paddr 0x000000000000e000 align 2**12
filesz 0x0000000000090275 memsz 0x0000000000090275 flags r-x
LOAD off 0x000000000009f000 vaddr 0x000000000009f000 paddr 0x000000000009f000 align 2**12
filesz 0x000000000002e0f0 memsz 0x000000000002e0f0 flags r--
LOAD off 0x00000000000cd4b0 vaddr 0x00000000000ce4b0 paddr 0x00000000000ce4b0 align 2**12
filesz 0x000000000000566c memsz 0x00000000000143f0 flags rw-
DYNAMIC off 0x00000000000ced10 vaddr 0x00000000000cfd10 paddr 0x00000000000cfd10 align 2**3
filesz 0x0000000000000200 memsz 0x0000000000000200 flags rw-
NOTE off 0x0000000000000338 vaddr 0x0000000000000338 paddr 0x0000000000000338 align 2**3
filesz 0x0000000000000030 memsz 0x0000000000000030 flags r--
NOTE off 0x0000000000000368 vaddr 0x0000000000000368 paddr 0x0000000000000368 align 2**2
filesz 0x0000000000000020 memsz 0x0000000000000020 flags r--
0x6474e553 off 0x0000000000000338 vaddr 0x0000000000000338 paddr 0x0000000000000338 align 2**3
filesz 0x0000000000000030 memsz 0x0000000000000030 flags r--
EH_FRAME off 0x00000000000b6f00 vaddr 0x00000000000b6f00 paddr 0x00000000000b6f00 align 2**2
filesz 0x00000000000032cc memsz 0x00000000000032cc flags r--
STACK off 0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**4
filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw-
RELRO off 0x00000000000cd4b0 vaddr 0x00000000000ce4b0 paddr 0x00000000000ce4b0 align 2**0
filesz 0x0000000000001b50 memsz 0x0000000000001b50 flags r--
Dynamic Section:
NEEDED libreadline.so.8
NEEDED libtinfo.so.6
NEEDED libc.so.6
INIT 0x000000000000e000
FINI 0x000000000009e26c
INIT_ARRAY 0x00000000000ce4b0
INIT_ARRAYSZ 0x0000000000000008
FINI_ARRAY 0x00000000000ce4b8
FINI_ARRAYSZ 0x0000000000000008
GNU_HASH 0x0000000000000388
STRTAB 0x0000000000002ce8
SYMTAB 0x0000000000000840
STRSZ 0x000000000000153f
SYMENT 0x0000000000000018
DEBUG 0x0000000000000000
PLTGOT 0x00000000000d0000
PLTRELSZ 0x0000000000001ad0
PLTREL 0x0000000000000007
JMPREL 0x000000000000b5a0
RELA 0x00000000000045f8
RELASZ 0x0000000000006fa8
RELAENT 0x0000000000000018
FLAGS_1 0x0000000008000000
VERNEED 0x0000000000004538
VERNEEDNUM 0x0000000000000001
VERSYM 0x0000000000004228
RELACOUNT 0x000000000000044b
Version References:
required from libc.so.6:
0x06969185 0x00 12 GLIBC_2.25
0x06969191 0x00 11 GLIBC_2.11
0x06969194 0x00 10 GLIBC_2.14
0x0d696918 0x00 09 GLIBC_2.8
0x069691b3 0x00 08 GLIBC_2.33
0x06969195 0x00 07 GLIBC_2.15
0x0d696914 0x00 06 GLIBC_2.4
0x069691b4 0x00 05 GLIBC_2.34
0x09691974 0x00 04 GLIBC_2.3.4
0x0d696913 0x00 03 GLIBC_2.3
0x09691a75 0x00 02 GLIBC_2.2.5