📅 最后修改于: 2023-12-03 15:17:22.143000 🧑 作者: Mango
readelf 命令是 Linux 系统中的一个二进制文件分析工具,用于查看 ELF 格式可执行文件、目标文件和共享库的详细结构信息,包括头部信息、节区信息、符号表等。
readelf 工具默认已经安装在绝大多数的 Linux 发行版中。如果没有安装,可以使用以下命令进行安装:
sudo apt-get install binutils
sudo yum install binutils
readelf 命令的基本语法为:
readelf [option(s)] <file(s)>
其中,[option(s)] 是可选参数,可以用来指定 readelf 在分析文件时的输出方式。
<file(s)> 是必须参数,指定需要分析的文件路径和文件名。
以下是一些常见的 readelf 命令选项:
-h:显示 ELF 文件的文件头信息。-S:显示文件的节区信息。-s:显示文件的符号表信息。以下是一个示例命令,使用 readelf 查看一个可执行文件的文件头信息和节区信息:
readelf -hS /usr/bin/ls
输出如下:
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Shared object file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x184d0
Start of program headers: 64 (bytes into file)
Start of section headers: 128056 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 11
Size of section headers: 64 (bytes)
Number of section headers: 29
Section header string table index: 26
There are 29 section headers, starting at offset 0x1f898:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .interp PROGBITS 0000000000000318 00000318
000000000000001c 0000000000000000 A 0 0 1
[ 2] .note.ABI-tag NOTE 0000000000000334 00000334
0000000000000020 0000000000000000 A 0 0 4
[ 3] .note.gnu.build-id NOTE 0000000000000354 00000354
0000000000000024 0000000000000000 A 0 0 4
[ 4] .gnu.hash GNU_HASH 0000000000000378 00000378
00000000000000e0 0000000000000000 A 5 0 8
[ 5] .dynsym DYNSYM 0000000000000458 00000458
0000000000001db0 0000000000000018 A 6 1 8
[ 6] .dynstr STRTAB 0000000000002220 00002220
0000000000000d8a 0000000000000000 A 0 0 1
[ 7] .gnu.version VERSYM 0000000000002faa 0002faa
0000000000000356 0000000000000002 A 5 0 2
[ 8] .gnu.version_r VERNEED 0000000000003310 0003310
0000000000000308 0000000000000000 A 6 2 8
[ 9] .rela.dyn RELA 0000000000003618 0003618
0000000000002460 0000000000000018 A 5 0 8
[10] .rela.plt RELA 0000000000005a78 0005a78
000000000000c2a8 0000000000000018 AI 5 22 8
[11] .init PROGBITS 0000000000001840 00001840
000000000000001a 0000000000000000 AX 0 0 4
[12] .plt PROGBITS 0000000000001860 00001860
00000000000044e0 0000000000000010 AX 0 0 16
[13] .text PROGBITS 0000000000005d40 00005d40
0000000000092fd6 0000000000000000 AX 0 0 16
[14] .fini PROGBITS 0000000000098d18 00098d18
0000000000000009 0000000000000000 AX 0 0 4
[15] .rodata PROGBITS 000000000009a000 0009a000
000000000000256b 0000000000000000 A 0 0 32
[16] .eh_frame_hdr PROGBITS 000000000009c56c 0009c56c
0000000000003b58 0000000000000000 A 0 0 4
[17] .eh_frame PROGBITS 00000000000a7ac8 000a7ac8
000000000000d5dc 0000000000000000 A 0 0 8
[18] .init_array INIT_ARRAY 00000000000bcee0 000bcee0
0000000000000008 0000000000000008 WA 0 0 8
[19] .fini_array FINI_ARRAY 00000000000bcee8 000bcee8
0000000000000008 0000000000000008 WA 0 0 8
[20] .data.rel.ro PROGBITS 00000000000bcef0 000bcef0
0000000000000200 0000000000000000 WA 0 0 32
[21] .dynamic DYNAMIC 00000000000bd0f0 000bd0f0
00000000000001f0 0000000000000010 WA 6 0 8
[22] .got PROGBITS 00000000000bd2e0 000bd2e0
0000000000000420 0000000000000008 WA 0 0 8
[23] .data PROGBITS 00000000000bd700 000bd700
0000000000003980 0000000000000000 WA 0 0 32
[24] .bss NOBITS 00000000000c0e80 000c1280
0000000000003d48 0000000000000000 WA 0 0 32
[25] .comment PROGBITS 0000000000000000 000c1280
000000000000005d 0000000000000001 MS 0 0 1
[26] .shstrtab STRTAB 0000000000000000 000c12e8
00000000000001c9 0000000000000000 0 0 1
[27] .symtab SYMTAB 0000000000000000 000c3540
00000000000260c0 0000000000000018 28 17690 8
[28] .strtab STRTAB 0000000000000000 000e9580
00000000000241ce 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), l (large)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)