📜  Linux 中的 readelf 命令和示例(1)

📅  最后修改于: 2023-12-03 15:17:22.143000             🧑  作者: Mango

Linux 中的 readelf 命令和示例

readelf 命令是 Linux 系统中的一个二进制文件分析工具,用于查看 ELF 格式可执行文件、目标文件和共享库的详细结构信息,包括头部信息、节区信息、符号表等。

安装 readelf

readelf 工具默认已经安装在绝大多数的 Linux 发行版中。如果没有安装,可以使用以下命令进行安装:

  • Debian / Ubuntu
sudo apt-get install binutils
  • RHEL / CentOS / Fedora
sudo yum install binutils
使用 readelf

readelf 命令的基本语法为:

readelf [option(s)] <file(s)>

其中,[option(s)] 是可选参数,可以用来指定 readelf 在分析文件时的输出方式。

<file(s)> 是必须参数,指定需要分析的文件路径和文件名。

以下是一些常见的 readelf 命令选项:

  • -h:显示 ELF 文件的文件头信息。
  • -S:显示文件的节区信息。
  • -s:显示文件的符号表信息。
示例

以下是一个示例命令,使用 readelf 查看一个可执行文件的文件头信息和节区信息:

readelf -hS /usr/bin/ls

输出如下:

ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              DYN (Shared object file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x184d0
  Start of program headers:          64 (bytes into file)
  Start of section headers:          128056 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         11
  Size of section headers:           64 (bytes)
  Number of section headers:         29
  Section header string table index: 26

There are 29 section headers, starting at offset 0x1f898:
 Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 1] .interp           PROGBITS         0000000000000318  00000318
       000000000000001c  0000000000000000   A       0     0     1
  [ 2] .note.ABI-tag     NOTE             0000000000000334  00000334
       0000000000000020  0000000000000000   A       0     0     4
  [ 3] .note.gnu.build-id NOTE             0000000000000354  00000354
       0000000000000024  0000000000000000   A       0     0     4
  [ 4] .gnu.hash         GNU_HASH         0000000000000378  00000378
       00000000000000e0  0000000000000000   A       5     0     8
  [ 5] .dynsym           DYNSYM           0000000000000458  00000458
       0000000000001db0  0000000000000018   A       6     1     8
  [ 6] .dynstr           STRTAB           0000000000002220  00002220
       0000000000000d8a  0000000000000000   A       0     0     1
  [ 7] .gnu.version      VERSYM           0000000000002faa  0002faa
       0000000000000356  0000000000000002   A       5     0     2
  [ 8] .gnu.version_r    VERNEED          0000000000003310  0003310
       0000000000000308  0000000000000000   A       6     2     8
  [ 9] .rela.dyn         RELA             0000000000003618  0003618
       0000000000002460  0000000000000018   A       5     0     8
  [10] .rela.plt         RELA             0000000000005a78  0005a78
       000000000000c2a8  0000000000000018  AI       5    22     8
  [11] .init             PROGBITS         0000000000001840  00001840
       000000000000001a  0000000000000000  AX       0     0     4
  [12] .plt              PROGBITS         0000000000001860  00001860
       00000000000044e0  0000000000000010  AX       0     0     16
  [13] .text             PROGBITS         0000000000005d40  00005d40
       0000000000092fd6  0000000000000000  AX       0     0     16
  [14] .fini             PROGBITS         0000000000098d18  00098d18
       0000000000000009  0000000000000000  AX       0     0     4
  [15] .rodata           PROGBITS         000000000009a000  0009a000
       000000000000256b  0000000000000000   A       0     0     32
  [16] .eh_frame_hdr     PROGBITS         000000000009c56c  0009c56c
       0000000000003b58  0000000000000000   A       0     0     4
  [17] .eh_frame         PROGBITS         00000000000a7ac8  000a7ac8
       000000000000d5dc  0000000000000000   A       0     0     8
  [18] .init_array       INIT_ARRAY       00000000000bcee0  000bcee0
       0000000000000008  0000000000000008  WA       0     0     8
  [19] .fini_array       FINI_ARRAY       00000000000bcee8  000bcee8
       0000000000000008  0000000000000008  WA       0     0     8
  [20] .data.rel.ro      PROGBITS         00000000000bcef0  000bcef0
       0000000000000200  0000000000000000  WA       0     0     32
  [21] .dynamic          DYNAMIC          00000000000bd0f0  000bd0f0
       00000000000001f0  0000000000000010  WA       6     0     8
  [22] .got              PROGBITS         00000000000bd2e0  000bd2e0
       0000000000000420  0000000000000008  WA       0     0     8
  [23] .data             PROGBITS         00000000000bd700  000bd700
       0000000000003980  0000000000000000  WA       0     0     32
  [24] .bss              NOBITS           00000000000c0e80  000c1280
       0000000000003d48  0000000000000000  WA       0     0     32
  [25] .comment          PROGBITS         0000000000000000  000c1280
       000000000000005d  0000000000000001  MS       0     0     1
  [26] .shstrtab         STRTAB           0000000000000000  000c12e8
       00000000000001c9  0000000000000000           0     0     1
  [27] .symtab           SYMTAB           0000000000000000  000c3540
       00000000000260c0  0000000000000018          28  17690     8
  [28] .strtab           STRTAB           0000000000000000  000e9580
       00000000000241ce  0000000000000000           0     0     1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings), l (large)
  I (info), L (link order), G (group), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)