ELF 部分未按预期映射到段
ELF sections not being mapped to segments as expected
我正在编写一个编译器,并且刚开始从头开始生成 ELF executable。我正在创建一个 .text 部分(虽然它没有名称,因为我还没有创建字符串 table),并试图将它放在 PT_LOAD 段中。但是,readelf 并未报告该部分已映射到段中,并且 objdump 拒绝反汇编 .text 部分中的代码。这是 readelf 的读数,为简洁起见省略了一些位:
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x0
Start of program headers: 64 (bytes into file)
Start of section headers: 122 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 1
Size of section headers: 64 (bytes)
Number of section headers: 2
Section header string table index: 0
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] <no-name> NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] <no-name> PROGBITS 0000000008048000 00000078
0000000000000002 0000000000000000 AX 0 0 16
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), l (large)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no section groups in this file.
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000078 0x0000000008048000 0x0000000008048000
0x0000000000000002 0x0000000000000002 R E 1000
在偏移 0x78 处,我只是发出两个 push ebxs(操作码 0x53)用于测试。这是十六进制转储:
00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 |..>.............|
00000020 40 00 00 00 00 00 00 00 7a 00 00 00 00 00 00 00 |@.......z.......|
00000030 00 00 00 00 40 00 38 00 01 00 40 00 02 00 00 00 |....@.8...@.....|
00000040 01 00 00 00 05 00 00 00 78 00 00 00 00 00 00 00 |........x.......|
00000050 00 80 04 08 00 00 00 00 00 80 04 08 00 00 00 00 |................|
00000060 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 |................|
00000070 00 10 00 00 00 00 00 00 53 53 00 00 00 00 00 00 |........SS......|
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 |................|
000000c0 00 00 06 00 00 00 00 00 00 00 00 80 04 08 00 00 |................|
000000d0 00 00 78 00 00 00 00 00 00 00 02 00 00 00 00 00 |..x.............|
000000e0 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 |................|
*
000000fa
编辑:问题 - 为什么两者之间没有显示段到段的映射,为什么 objdump 没有显示反汇编?
Why isn't a section to segment mapping shown between the two
因为没有有效部分(据readelf所知)。
and why is no disassembly shown by objdump?
objdump 也使用 节 .
尽管 可执行文件 部分 ELF 生命周期不需要节,但许多工具都依赖于存在的节。例如,您在可执行文件中的单独段包含代码和 ELF header,以及程序 header。通常您不想 反汇编header。没有节,objdump 不知道从哪里开始反汇编。
我正在编写一个编译器,并且刚开始从头开始生成 ELF executable。我正在创建一个 .text 部分(虽然它没有名称,因为我还没有创建字符串 table),并试图将它放在 PT_LOAD 段中。但是,readelf 并未报告该部分已映射到段中,并且 objdump 拒绝反汇编 .text 部分中的代码。这是 readelf 的读数,为简洁起见省略了一些位:
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x0
Start of program headers: 64 (bytes into file)
Start of section headers: 122 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 1
Size of section headers: 64 (bytes)
Number of section headers: 2
Section header string table index: 0
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] <no-name> NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] <no-name> PROGBITS 0000000008048000 00000078
0000000000000002 0000000000000000 AX 0 0 16
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), l (large)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no section groups in this file.
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000078 0x0000000008048000 0x0000000008048000
0x0000000000000002 0x0000000000000002 R E 1000
在偏移 0x78 处,我只是发出两个 push ebxs(操作码 0x53)用于测试。这是十六进制转储:
00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 3e 00 01 00 00 00 00 00 00 00 00 00 00 00 |..>.............|
00000020 40 00 00 00 00 00 00 00 7a 00 00 00 00 00 00 00 |@.......z.......|
00000030 00 00 00 00 40 00 38 00 01 00 40 00 02 00 00 00 |....@.8...@.....|
00000040 01 00 00 00 05 00 00 00 78 00 00 00 00 00 00 00 |........x.......|
00000050 00 80 04 08 00 00 00 00 00 80 04 08 00 00 00 00 |................|
00000060 02 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 |................|
00000070 00 10 00 00 00 00 00 00 53 53 00 00 00 00 00 00 |........SS......|
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 |................|
000000c0 00 00 06 00 00 00 00 00 00 00 00 80 04 08 00 00 |................|
000000d0 00 00 78 00 00 00 00 00 00 00 02 00 00 00 00 00 |..x.............|
000000e0 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 |................|
*
000000fa
编辑:问题 - 为什么两者之间没有显示段到段的映射,为什么 objdump 没有显示反汇编?
Why isn't a section to segment mapping shown between the two
因为没有有效部分(据readelf所知)。
and why is no disassembly shown by objdump?
objdump 也使用 节 .
尽管 可执行文件 部分 ELF 生命周期不需要节,但许多工具都依赖于存在的节。例如,您在可执行文件中的单独段包含代码和 ELF header,以及程序 header。通常您不想 反汇编header。没有节,objdump 不知道从哪里开始反汇编。