编译出来的可执行文件elf或者axf的理解一致被忽视,正确理解整体结构和内部细节可以自主的修改部分信息增加调试自由度。
elf文件全称是 Executable and Linking Format 是由编译器编译再由链接器链接而成
看头部信息可以利用linux下的readelf工具进行分析显示
readelf 的使用参数为
一般使用可以用 readelf -h 文件
看到内容为
里面可以看到有magic class data version 。。。。
Figure 1-3. ELF Header
#define EI_NIDENT 16
typedef struct {
unsigned char e_ident[EI_NIDENT];
Elf32_Half e_type;
Elf32_Half e_machine;
Elf32_Word e_version;
Elf32_Addr e_entry;
Elf32_Off e_phoff;
Elf32_Off e_shoff;
Elf32_Word e_flags;
Elf32_Half e_ehsize;
Elf32_Half e_phentsize;
Elf32_Half e_phnum;
Elf32_Half e_shentsize;
Elf32_Half e_shnum;
Elf32_Half e_shstrndx;
} Elf32_Ehdr;
Name Value Meaning
ET_NONE 0 No file type
ET_REL 1 Relocatable file
ET_EXEC 2 Executable file
ET_DYN 3 Shared object file
ET_CORE 4 Core file
ET_LOPROC 0xff00 Processor-specific
ET_HIPROC 0xffff Processor-specific
ELF Header
Although the core file contents are unspecified, type ET_CORE is reserved to mark
the file type. Values from ET_LOPROC through ET_HIPROC (inclusive) are
reserved for processor-specific semantics. Other values are reserved and will be
assigned to new object file types as necessary.
e_machine
This member‘s value specifies the required architecture for an individual file.
Name Value Meaning
ET_NONE 0 No machine
EM_M32 1 AT&T WE 32100
EM_SPARC 2 SPARC
EM_386 3 Intel Architecture
EM_68K 4 Motorola 68000
EM_88K 5 Motorola 88000
EM_860 7 Intel 80860
EM_MIPS 8 MIPS RS3000 Big-Endian
EM_MIPS_RS4_BE 10 MIPS RS4000 Big-Endian
RESERVED 11-16 Reserved for future use
Other values are reserved and will be assigned to new machines as necessary.
Processor-specific ELF names use the machine name to distinguish them. For
example, the flags mentioned below use the prefix EF_; a flag named WIDGET for
the EM_XYZ machine would be called EF_XYZ_WIDGET.
e_version
This member identifies the object file version.
Name Value Meaning
EV_NONE 0 Invalid versionn
EV_CURRENT 1 Current version
The value 1 signifies the original file format; extensions will create new versions
with higher numbers. The value of EV_CURRENT, though given as 1 above, will
change as necessary to reflect the current version number.
e_entry
This member gives the virtual address to which the system first transfers control,
thus starting the process. If the file has no associated entry point, this member holds
zero.
e_phoff
This member holds the program header table‘s file offset in bytes. If the file has no
program header table, this member holds zero.
e_shoff
This member holds the section header table‘s file offset in bytes. If the file has no
section header table, this member holds zero.
e_flags
This member holds processor-specific flags associated with the file. Flag names
take the form EF_machine_flag.
e_ehsize
This member holds the ELF header‘s size in bytes.
以上这些是在Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification Version 1.2中摘抄 有兴趣想深入理解的可以在我的上传资源中找到原官方文档看一看
原文:http://blog.csdn.net/weiwei_xiaoyu/article/details/20647721
