|< Linux gnu, nm and objdump 4 |Linux gnu size, strings, objcopy, strace 6 >|Main |Site Index |Download |
MODULE 111-5
OTHER USEFUL GDB/GCC FRIENDS 5
|
| My Training Period: xx hours
The ability:
Note: The information start with the command and a list of options (including the sub-processes). Then examples given how to use the commands and some of the options followed by the sample outputs. Some of the outputs have been trimmed. It is compiled from man page. Run on Linux / Fedora Core 3.
The ldd - Printing Shared Libraries
Examples: testbuff is an executable file.
[bodo@bakawali testbed5]$ ldd -r -v testbuff libc.so.6 => /lib/tls/libc.so.6 (0x00675000) /lib/ld-linux.so.2 (0x00658000)
Version information: ./testbuff: libc.so.6 (GLIBC_2.0) => /lib/tls/libc.so.6 /lib/tls/libc.so.6: ld-linux.so.2 (GLIBC_2.1) => /lib/ld-linux.so.2 ld-linux.so.2 (GLIBC_2.3) => /lib/ld-linux.so.2 ld-linux.so.2 (GLIBC_PRIVATE) => /lib/ld-linux.so.2 ld-linux.so.2 (GLIBC_2.0) => /lib/ld-linux.so.2
[bodo@bakawali testbed5]$ ldd -d -v testbuff libc.so.6 => /lib/tls/libc.so.6 (0x00675000) /lib/ld-linux.so.2 (0x00658000)
Version information: ./testbuff: libc.so.6 (GLIBC_2.0) => /lib/tls/libc.so.6 /lib/tls/libc.so.6: ld-linux.so.2 (GLIBC_2.1) => /lib/ld-linux.so.2 ld-linux.so.2 (GLIBC_2.3) => /lib/ld-linux.so.2 ld-linux.so.2 (GLIBC_PRIVATE) => /lib/ld-linux.so.2 ld-linux.so.2 (GLIBC_2.0) => /lib/ld-linux.so.2
| ||||||||||||||||||
The readelf - Displaying The ELF Information
readelf | |
readelf displays information about the contents of one or moreELF format object files. The options control what particular information to display. elf files are the object files to be examined. 32-bit and 64-bit ELF files are supported, also archives containing ELF files. This program performs a similar function to objdump but it goes into more detail and it exists independently of the BFD library, so if there is a bug in BFD then readelf will not be affected. | |
BFD – Binary File Descriptor. Is a package which allows applications to use the same routines to operate on object files whatever the object file format (https://www.gnu.org/). | |
Usage: readelf <option(s)> elf-file(s) | |
Options are: | |
-a --all | Equivalent to: -h -l -S -s -r -d -V -A -I |
-h --file-header | Display the ELF file header |
-l --program-headers | Display the program headers |
--segments | An alias for --program-headers |
-S --section-headers | Display the sections' header |
--sections | An alias for --section-headers |
-g --section-groups | Display the section groups |
-e --headers | Equivalent to: -h -l -S |
-s --syms | Display the symbol table |
--symbols | An alias for --syms |
-n --notes | Display the core notes (if present) |
-r --relocs | Display the relocations (if present) |
-u --unwind | Display the unwind info (if present) |
-d --dynamic | Display the dynamic section (if present) |
-V --version-info | Display the version sections (if present) |
-A --arch-specific | Display architecture specific information (if any). |
-D --use-dynamic | Use the dynamic section info when displaying symbols |
-x --hex-dump=<number> | Dump the contents of section <number> |
-w[liaprmfFso] or --debug-dump[=line, =info,=abbrev,=pubnames,=ranges, =macro,=frames,=str,=loc] | Display the contents of DWARF2 debug sections |
-I --histogram | Display histogram of bucket list lengths |
-W --wide | Allow output width to exceed 80 characters |
-H --help | Display this information |
-v --version | Display the version number of readelf |
Examples:
[bodo@bakawali testbed5]$ readelf -r testbuff.o
Relocation section '.rel.text' at offset 0x3d4 contains 5 entries:
Offset Info Type Sym.Value Sym. Name
0000000a 00000501 R_386_32 00000000 .rodata
0000000f 00000902 R_386_PC32 00000000 printf
0000001e 00000a02 R_386_PC32 00000000 gets
0000002d 00000b02 R_386_PC32 00000000 puts
00000053 00000802 R_386_PC32 00000000 Test
[bodo@bakawali testbed5]$ readelf -r testbuff
Relocation section '.rel.dyn' at offset 0x298 contains 1 entries:
Offset Info Type Sym.Value Sym. Name
08049600 00000706 R_386_GLOB_DAT 00000000 __gmon_start__
Relocation section '.rel.plt' at offset 0x2a0 contains 4 entries:
Offset Info Type Sym.Value Sym. Name
08049610 00000107 R_386_JUMP_SLOT 00000000 gets
08049614 00000207 R_386_JUMP_SLOT 00000000 puts
08049618 00000307 R_386_JUMP_SLOT 00000000 __libc_start_main
0804961c 00000407 R_386_JUMP_SLOT 00000000 printf
[bodo@bakawali testbed5]$ readelf -h testbuff.o
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: REL (Relocatable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x0
Start of program headers: 0 (bytes into file)
Start of section headers: 292 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 0 (bytes)
Number of program headers: 0
Size of section headers: 40 (bytes)
Number of section headers: 11
Section header string table index: 8
[bodo@bakawali testbed5]$ readelf -h testbuff
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x8048328
Start of program headers: 52 (bytes into file)
Start of section headers: 3116 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 7
Size of section headers: 40 (bytes)
Number of section headers: 35
Section header string table index: 32
[bodo@bakawali testbed5]$ readelf -s testbuff
Symbol table '.dynsym' contains 8 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 357 FUNC GLOBAL DEFAULT UND gets@GLIBC_2.0 (2)
2: 00000000 427 FUNC GLOBAL DEFAULT UND puts@GLIBC_2.0 (2)
3: 00000000 239 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (2)
4: 00000000 54 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.0 (2)
5: 0804850c 4 OBJECT GLOBAL DEFAULT 14 _IO_stdin_used
6: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
7: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
Symbol table '.symtab' contains 80 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 08048114 0 SECTION LOCAL DEFAULT 1
2: 08048128 0 SECTION LOCAL DEFAULT 2
3: 08048148 0 SECTION LOCAL DEFAULT 3
4: 0804817c 0 SECTION LOCAL DEFAULT 4
5: 080481fc 0 SECTION LOCAL DEFAULT 5
6: 08048266 0 SECTION LOCAL DEFAULT 6
7: 08048278 0 SECTION LOCAL DEFAULT 7
8: 08048298 0 SECTION LOCAL DEFAULT 8
9: 080482a0 0 SECTION LOCAL DEFAULT 9
[omitted]
17: 0804952c 0 SECTION LOCAL DEFAULT 17
18: 08049534 0 SECTION LOCAL DEFAULT 18
19: 08049538 0 SECTION LOCAL DEFAULT 19
20: 08049600 0 SECTION LOCAL DEFAULT 20
21: 08049604 0 SECTION LOCAL DEFAULT 21
22: 08049620 0 SECTION LOCAL DEFAULT 22
23: 0804962c 0 SECTION LOCAL DEFAULT 23
24: 00000000 0 SECTION LOCAL DEFAULT 24
[omitted]
32: 00000000 0 SECTION LOCAL DEFAULT 32
33: 00000000 0 SECTION LOCAL DEFAULT 33
34: 00000000 0 SECTION LOCAL DEFAULT 34
35: 0804834c 0 FUNC LOCAL DEFAULT 12 call_gmon_start
36: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
37: 08049524 0 OBJECT LOCAL DEFAULT 16 __CTOR_LIST__
38: 0804952c 0 OBJECT LOCAL DEFAULT 17 __DTOR_LIST__
39: 08049534 0 OBJECT LOCAL DEFAULT 18 __JCR_LIST__
…
[omitted]
…
73: 08049630 0 NOTYPE GLOBAL DEFAULT ABS _end
74: 08049524 0 NOTYPE GLOBAL HIDDEN ABS __init_array_start
75: 0804850c 4 OBJECT GLOBAL DEFAULT 14 _IO_stdin_used
76: 08049620 0 NOTYPE GLOBAL DEFAULT 22 __data_start
77: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
78: 08049524 0 NOTYPE GLOBAL HIDDEN ABS __preinit_array_start
79: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
[bodo@bakawali testbed5]$ readelf -s testbuff.o
Symbol table '.symtab' contains 13 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 0 FILE LOCAL DEFAULT ABS testbuff.c
2: 00000000 0 SECTION LOCAL DEFAULT 1
3: 00000000 0 SECTION LOCAL DEFAULT 3
4: 00000000 0 SECTION LOCAL DEFAULT 4
5: 00000000 0 SECTION LOCAL DEFAULT 5
6: 00000000 0 SECTION LOCAL DEFAULT 6
7: 00000000 0 SECTION LOCAL DEFAULT 7
8: 00000000 54 FUNC GLOBAL DEFAULT 1 Test
9: 00000000 0 NOTYPE GLOBAL DEFAULT UND printf
10: 00000000 0 NOTYPE GLOBAL DEFAULT UND gets
11: 00000000 0 NOTYPE GLOBAL DEFAULT UND puts
12: 00000036 40 FUNC GLOBAL DEFAULT 1 main
[bodo@bakawali testbed5]$ readelf -l testbuff
Elf file type is EXEC (Executable file)
Entry point 0x8048328
There are 7 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x08048034 0x08048034 0x000e0 0x000e0 R E 0x4
INTERP 0x000114 0x08048114 0x08048114 0x00013 0x00013 R 0x1
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD 0x000000 0x08048000 0x08048000 0x00524 0x00524 R E 0x1000
LOAD 0x000524 0x08049524 0x08049524 0x00108 0x0010c RW 0x1000
DYNAMIC 0x000538 0x08049538 0x08049538 0x000c8 0x000c8 RW 0x4
NOTE 0x000128 0x08048128 0x08048128 0x00020 0x00020 R 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame
03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
04 .dynamic
05 .note.ABI-tag
06
[bodo@bakawali testbed5]$ readelf -l testbuff | fgrep STACK
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
[bodo@bakawali testbed5]$ readelf -l testbuff | fgrep DYNAMIC
DYNAMIC 0x000538 0x08049538 0x08049538 0x000c8 0x000c8 RW 0x4
[bodo@bakawali testbed5]$ readelf -l testbuff | fgrep .rodata
02 .interp .note.ABI-tag .hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame
[bodo@bakawali testbed5]$ readelf -l testbuff | fgrep .got.plt
03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
The od - Dumping File In Various Formats
od | |
od will dump files in octal and other formats. Write an unambiguous representation, octal bytes by default, of a FILE to standard output. With more than one FILE argument, concatenate them in the listed order to form the input. With no FILE, or when FILE is -, read standard input. | |
Usage: od [OPTION]... [FILE]... or: od --traditional [FILE] [[+]OFFSET [[+]LABEL]] | |
All arguments to long options are mandatory for short options. | |
-A, --address-radix=RADIX | decide how file offsets are printed |
-j, --skip-bytes=BYTES | skip BYTES input bytes first |
-N, --read-bytes=BYTES | limit dump to BYTES input bytes |
-s, --strings[=BYTES] | output strings of at least BYTES graphic chars |
-t, --format=TYPE | select output format or formats |
-v, --output-duplicates | do not use * to mark line suppression |
-w, --width[=BYTES] | output BYTES bytes per output line |
--traditional | accept arguments in traditional form |
--help | display this help and exit |
--version | output version information and exit |
Traditional format specifications may be intermixed; they accumulate: | |
-a same as -t a | select named characters |
-b same as -t oC | select octal bytes |
-c same as -t c | select ASCII characters or backslash escapes |
-d same as -t u2 | select unsigned decimal shorts |
-f same as -t fF | select floats |
-h same as -t x2 | select hexadecimal shorts |
-i same as -t d2 | select decimal shorts |
-l same as -t d4 | select decimal longs |
-o same as -t o2 | select octal shorts |
-x same as -t x2 | select hexadecimal shorts |
For older syntax (second call format),OFFSET means -j OFFSET. LABEL is the pseudo-address at first byte printed, incremented when dump is progressing. For OFFSET and LABEL, a 0x or 0X prefix indicates hexadecimal, suffixes may be for octal and b for multiply by 512. TYPE is made up of one or more of these specifications: | |
a | named character |
c | ASCII character or backslash escape |
d[SIZE] | signed decimal, SIZE bytes per integer |
f[SIZE] | floating point, SIZE bytes per integer |
o[SIZE] | octal, SIZE bytes per integer |
u[SIZE] | unsigned decimal, SIZE bytes per integer |
x[SIZE] | hexadecimal, SIZE bytes per integer |
SIZE is a number. For TYPE in doux, SIZE may also be C for sizeof(char), S for sizeof(short), I for sizeof(int) or L for sizeof(long). If TYPE is f, SIZE may also be F for sizeof(float), D for sizeof(double) or L for sizeof(long double). | |
RADIX is d for decimal, o for octal, x for hexadecimal or n for none. BYTES is hexadecimal with 0x or 0X prefix, it is multiplied by 512 with b suffix, by 1024 with k and by 1048576 with m. Adding a z suffix to any type adds a display of printable characters to the end of each line of output. --string without a number implies 3. --width without a number implies 32. By default, od uses -A o -t d2 -w 16. | |
Examples:
[bodo@bakawali testbed5]$ od -s testbuff.o
0000224 Some input:
0000242 GCC: (GNU) 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)
0000323 .symtab
0000333 .strtab
0000343 .shstrtab
0000355 .rel.text
0000367 .data
0000375 .bss
0000402 .rodata
0000412 .note.GNU-stack
0000432 .comment
0001655 testbuff.c
0001670 Test
0001675 printf
0001704 gets
0001711 puts
0001716 main
[bodo@bakawali testbed5]$ od -a testbuff.o
0000000 del E L F soh soh soh nul nul nul nul nul nul nul nul nul
0000020 soh nul etx nul soh nul nul nul nul nul nul nul nul nul nul nul
0000040 $ soh nul nul nul nul nul nul 4 nul nul nul nul nul ( nul
0000060 vt nul bs nul U ht e etx l bs etx l ff h nul nul
0000100 nul nul h | del del del etx D dle etx l ff cr E |
0000120 P h | del del del etx D dle etx l ff cr E | P
0000140 h | del del del etx D dle I C U ht e etx l bs
0000160 etx d p 8 nul nul nul nul etx @ si etx @ si A h
0000200 eot A ` eot ) D h | del del del 8 nul nul nul nul
0000220 I C nul nul S o m e sp i n p u t : sp
0000240 nul nul G C C : sp ( G N U ) sp 3 . 4
[omitted]
0000600 nul nul nul nul T etx nul nul ( nul nul nul ht nul nul nul
0000620 soh nul nul nul eot nul nul nul bs nul nul nul % nul nul nul
0000640 soh nul nul nul etx nul nul nul nul nul nul nul dc4 nul nul nul
0000660 nul nul nul nul nul nul nul nul nul nul nul nul eot nul nul nul
[omitted]
....
....
Further related reading:
Check the best selling C / C++, Networking, Linux and Open Source books at Amazon.com.
Linux Socket programming tutorial.
C, Buffer overflow and stack frame (construction and destruction).