Geek Answers Handbook

Access ELF Character Table in C

I am writing a program to follow elfdump -ecps

It currently prints the elf title, program titles, and section titles correctly, but I'm stuck in the last few parts of the character table.

the desired output is in the format:

 Symbol Table Section: .dynsym index value size type bind oth ver shndx name [0] 0x00000000 0x00000000 NOTY LOCL D 0 UNDEF [1] 0x00025c0c 0x00000000 FUNC GLOB D 2 UNDEF .udiv [2] 0x00025e00 0x00000140 OBJT WEAK D 1 .bss _iob [3] 0x00025b24 0x00000000 OBJT GLOB P 1 .got _GLOBAL_OFFSET_TABLE_ [4] 0x00013a44 0x0000001c FUNC GLOB D 1 .init _init ...

Can you tell me where oth, ver, shndx and name are found?

I print it with the following:

 //for each entry in the symbol table for(i=0; i<num_sym; i++) { //read the current symbol fread(&mysym,sizeof(Elf32_Sym),1,fp); idx=mysym.st_name; //multiple lines to get formatting correct //prints index in brackets right aligned char buf[12]; sprintf(buf, "[%d]", i); printf("%10s", buf); //value printf(" 0x%.8x", mysym.st_value); //size printf(" 0x%.8x", mysym.st_size); //type switch (ELF32_ST_TYPE(mysym.st_info)) { case 0: printf(" NOTY"); break; case 1: printf(" OBJT"); break; case 2: printf(" FUNC"); break; case 3: printf(" SECT"); break; case 4: printf(" FILE"); break; default: break; } //bind switch(ELF32_ST_BIND(mysym.st_info)) { case 0: printf(" LOCL"); break; case 1: printf(" GLOB"); break; case 2: printf(" WEAK"); break; case 3: printf(" NUM"); break; default: break; } //TODO: oth //TODO: ver //TODO: shndx //TODO: name }

I read http://docs.oracle.com/cd/E19457-01/801-6737/801-6737.pdf (chapter 5), but could not find anything useful

+7
source share
2 answers

This mainly refers to the Symbol Table , starting on page 119 of this document to which you are linking.

In fact, you have the structure you need:

 typedef struct { Elf32_Word st_name; Elf32_Addr st_value; Elf32_Word st_size; unsigned char st_info; unsigned char st_other; Elf32_Half st_shndx; } Elf32_Sym;

as well as detailed information on how to find information for related records (in particular, a tool for finding a name from the st_name structure st_name ).

Unfortunately, this document does not seem to cover where certain things come from (e.g. version), so when I try to imitate another program that has the source code, I go to the source - in fact there is nothing more specific :-)

Starting at line 1665 of this file, you will find the elf_print_symtab() function, which is responsible for displaying the information you are interested in. She calls get_versym() to get this information, and from this code on line 1632, you can see that another section is used for this ( version symbol section ).

And, as you can see here , this type of partition is considered one of the OS-specific, so you will not find it in the basic standard, which applies only to ordinary things.

+11
source

There is another section for the name that contains all the lines. You must use the first field in the "Section Header Table" as the index in the section header to get the real row from that row. You can find many articles about this with google.

0
source

More articles:


All Articles