轉載連結 http://blog.chinaunix.net/uid-7390305-id-2057231.html (格式更漂亮)
Executable and Linkable Format (ELF)
Contents
Preface
1 OBJECT FILES
Introduction 1-1
ELF Header 1-3
Sections 1-8
String Table 1-16
Symbol Table 1-17
Relocation 1-21
2 PROGRAM LOADING AND DYNAMIC LINKING
Introduction 2-1
Program Header 2-2
Program Loading 2-7
Dynamic Linking 2-10
3 C LIBRARY
C Library 3-1
I Index
Index I-1
Figures and Tables
Figure 1-1: Object File Format 1-1
Figure 1-2: 32-Bit Data Types 1-2
Figure 1-3: ELF Header 1-3
Figure 1-4: e_ident[ ] Identification Indexes 1-5
Figure 1-5: Data Encoding ELFDATA2LSB 1-6
Figure 1-6: Data Encoding ELFDATA2MSB 1-6
Figure 1-7: 32-bit Intel Architecture Identification, e_ident 1-7
Figure 1-8: Special Section Indexes 1-8
Figure 1-9: Section Header 1-9
Figure 1-10: Section Types, sh_type 1-10
Figure 1-11: Section Header Table Entry: Index 0 1-11
Figure 1-12: Section Attribute Flags, sh_flags 1-12
Figure 1-13: sh_link and sh_info Interpretation 1-13
Figure 1-14: Special Sections 1-13
Figure 1-15: String Table Indexes 1-16
Figure 1-16: Symbol Table Entry 1-17
Figure 1-17: Symbol Binding, ELF32_ST_BIND 1-18
Figure 1-18: Symbol Types, ELF32_ST_TYPE 1-19
Figure 1-19: Symbol Table Entry: Index 0 1-20
Figure 1-20: Relocation Entries 1-21
Figure 1-21: Relocatable Fields 1-22
Figure 1-22: Relocation Types 1-23
Figure 2-1: Program Header 2-2
Figure 2-2: Segment Types, p_type 2-3
Figure 2-3: Note Information 2-4
Figure 2-4: Example Note Segment 2-5
Figure 2-5: Executable File 2-7
Figure 2-6: Program Header Segments 2-7
Figure 2-7: Process Image Segments 2-8
Figure 2-8: Example Shared Object Segment Addresses 2-9
Figure 2-9: Dynamic Structure 2-12
Figure 2-10: Dynamic Array Tags, d_tag 2-12
Figure 2-11: Global Offset Table 2-17
Figure 2-12: Absolute Procedure Linkage Table 2-17
Figure 2-13: Position-Independent Procedure Linkage Table 2-18
Figure 2-14: Symbol Hash Table 2-19
Figure 2-15: Hashing Function 2-20
Figure 3-1: libc Contents, Names without Synonyms 3-1
Figure 3-2: libc Contents, Names with Synonyms 3-1
Figure 3-3: libc Contents, Global External Data Symbols 3-2
Preface
ELF: Executable and Linking Format
The Executable and Linking Format was originally developed and published by UNIX System Laboratories (USL) as part of the Application Binary Interface (ABI). The Tool Interface Standards committee (TIS) has selected the evolving(使進化發展) ELF standard as a portable object file format that works on 32-bit Intel Architecture environments for a variety of operating systems.
(可執行連接配接格式起初是作為UNIX系統實驗室(USL)作為應用程式二進制接口(ABI)的一部分而開發和釋出的。工具接口标準委員會(TIS)選擇了正在發展中的ELF标準作為 可運作在32位INTEL體系的各種作業系統上的可移植的二進制檔案格式。)
The ELF standard is intended to streamline software development by providing developers with a set of binary interface definitions that extend across multiple operating environments. This should reduce the number of different interface implementations, thereby reducing the need for recoding and recompiling code.
(ELF标準的目的是通過為開發者提供一個可擴充到多種作業系統環境的二進制接口規範,來簡化軟體的開發工作。減少了不同種類的接口實作的數量,代碼的重新編碼重新編譯的需求也随之而減化。)
About This Document
This document is intended for developers who are creating object or executable files on various 32-bit environment operating systems. It is divided into the following three parts:
Part 1, ‘‘Object Files’’ describes the ELF object file format for the three main types of object files.
Part 2, ‘‘Program Loading and Dynamic Linking’’ describes the object file information and system actions that create running programs.
Part 3, ‘‘C Library’’ lists the symbols contained in libsys, the standard ANSI C and libc routines, and the global data symbols required by the libc routines.
(這篇文檔是為那些想在各種32位作業系統環境上建立目标檔案、可執行檔案的開發者們準備的。文檔分為以下三個部分:
* 第一部分, “目标檔案Object Files”描述了三種主要類型目标檔案的ELF目标檔案格式。
* 第二部分, “程式加載和動态連接配接”描述了目标檔案的相關資訊和在建立運作程式時的系統行為。
* 第三部分, “C 語言庫”列出了 libsys中包含的符号, 标準ANSI C 和libc的例程函數,還有libc例程函數所必需的全局資料符号。)
NOTE:References to X86 architecture have been changed to Intel Architecture.
(注意: 參考的X86體系已經被改成了Intel體系。)
1 OBJECT FILES
Introduction 1-1
File Format 1-1
Data Representation 1-2
ELF Header 1-3
ELF Identification 1-5
Machine Information 1-7
Sections 1-8
Special Sections 1-13
String Table 1-16
Symbol Table 1-17
Symbol Values 1-20
Relocation 1-21
Relocation Types 1-22
1.1 Introduction
Part 1 describes the iABI object file format, called ELF (Executable and Linking Format).There are three main types of object files.
(第一部分描述iABI目标檔案格式,稱為ELF(Executable and Linking Format). 目标檔案主要有3種類型。)
A relocatable file holds code and data suitable for linking with other object files to create an executable or a shared object file.
(* 可重定位檔案:儲存着代碼和資料,适合于和其他的目标檔案連接配接到一起,用來建立一個可執行目标檔案或者是一個可共享目标檔案。)
An executable file holds a program suitable for execution; the file specifies how exec(BA_OS) creates a program’s process image.
(* 可執行檔案:儲存着一個用來執行的程式(program);該檔案指定exec(BA_OS)如何建立程式的程序映象。)
A shared object file holds code and data suitable for linking in two contexts(上下文環境). First, the link editor [see ld(SD_CMD)] may process it with other relocatable and shared object files to create another object file. Second, the dynamic linker combines it with an executable file and other shared objects to create a process image.
(* 可共享目标檔案:儲存着的代碼和資料,适合于在兩種上下文環境裡進行連接配接。第一種情況:是連接配接編輯器[請參看ld(SD_CMD)],可以把它和其它的可重定位目标檔案們和共享目标檔案們一起進行處理,來建立另一目标檔案(是靜态的東西)。第二種情況:是動态連結器,可以把它和一個可執行檔案檔案和其他共享目标檔案們結合(combine)起來,建立一個程序映象(是動态的東西)。)
Created by the assembler and link editor, object files are binary representations of programs intended to execute directly on a processor. Programs that require other abstract machines, such as shell scripts, are excluded.
(用彙編器和聯接編輯器建立出來的目标檔案,都是以程式的二進制格式來存放的,以便能在在處理器上直接運作。那些需要其他抽象機器的程式,比如象shell腳本,除外。)
After the introductory material, Part 1 focures on the file format and how it pertains(适合于) to building programs.
Part 2 also describes parts of the object file, concentrating on the information necessary to execute a program.
(在介紹性的材料過後,第一部分重點描述着檔案的格式和檔案格式怎樣适于建立(building)程式(program)。第二部分也描述了object檔案的幾個組成部分,重點介紹執行一個程式所必須的資訊。)
1.1.1 File Format
Object files participate in program linking (building a program) and program execution (running a program). For convenience and efficiency, the object file format provides parallel views(視圖) of a file’s contents, reflecting the differing needs of these activities(即:program linking 和 program execution). Figure 1-1 shows an object file’s organization.
(目标檔案參與程式聯接 (building a program)和程式執行 (running a program)。為了友善和有效率,目标檔案格式為一個檔案的内容 提供2種并行的視圖,2種組織方法反映出linking和execution 兩種活動(activity)的不同需要。例 1-1圖顯示了一個object檔案的組織結構圖。)
An ELF header resides at the beginning and holds a ‘‘road map’’(地圖) describing the file’s organization.Sections hold the bulk of object file information for the program linking view: instructions(指令), data, symbol table, relocation information, and so on. Descriptions of special(特殊的) sections appear later in Part 1. Part 2 discusses segments and the program execution view of the file.(也即:sections是和程式連接配接相關;segments是和程式執行相關)
(ELF頭位于檔案的最開頭部分,儲存着一張描述檔案組織結構的“地圖”。sections 儲存目标檔案的有關連接配接視圖的資訊:包括指令,資料,符号表,重定位資訊等等。在第一部分當中有特殊sections的描述。第二部分讨論segments和object檔案的程式執行視圖。)
A program header table, if present, tells the system how to create a process image. Files used to build a process image (execute a program) must have a program header table; relocatable files do not need one.
(一個程式頭表(program header table)(如果存在的話),告訴系統如何來建立一個程序映象。參與建立程序映象(即執行一個程式)的檔案們必須要有一個程式頭表(program header table);重定位檔案們不需要程式頭表。)
A section header table contains information describing the file’s sections. Every section has an entry in the table; each entry gives information such as the section name, the section size, etc. Files used during linking must have a section header table; other object files may or may not have one.
(一個section頭表(section header table)包含了檔案sections的相關資訊。每個section在這個表中有一個表項;每個表項内容包括:section名字,section大小,等資訊。參與聯接過程的檔案們都必須有一個section頭表;其他目标檔案們的section頭表可有可無。)
NOTE:Although the figure shows the program header table immediately after the ELF header, and the section header table following the sections, actual files may differ. Moreover, sections and segments have no specified order. Only the ELF header has a fixed position(固定位置) in the file.
(注意: 雖然上面圖示的情形是程式頭表的位置緊跟在ELF頭的後面,section頭表跟在sections的後面,但在實際的檔案中位置是可變的。此外,sections和segments也沒有特别的順序。隻有ELF header在檔案中的位置必須是固定的。)
1.1.2 Data Representation (資料表示)
As described here, the object file format supports various processors with 8-bit bytes and 32-bit architectures.Nevertheless, it is intended to be extensible to larger (or smaller) architectures.Object files therefore represent some control data with a machine-independent format, making it possible to identify object files and interpret their(object files) contents in a common way.Remaining data in an object file use the encoding of the target processor, regardless of the machine on which the file was created.
(object檔案格式支援8位、32位架構不同的處理器。不過,它試圖努力擴充到更大或更小的體系上運作。是以,object檔案采用與機器無關的格式表示一些控制資料,使得可用一種通用的方法識别object檔案和描述他們的内容。在object檔案中其餘的資料使用目标處理器的編碼,不管檔案是在哪台機器上建立的。) (即:隻需要把目标檔案中的控制資料表示成機器無關格式就可以廣泛移植了,而檔案其餘的資料按照目标處理器編碼即可)
All data structures that the object file format defines (目标檔案格式定義的所有資料結構)follow the ‘‘natural’’ size and alignment guidelines for the relevant class(相關類型的對齊準則). If necessary, data structures contain explicit padding(明确的填充位元組) to ensure 4-byte alignment for 4-byte objects(4位元組對象,例如:4位元組大小的資料結構), to force data structure sizes to a multiple of 4(4的倍數), etc. Data also have suitable alignment from the beginning of the file. Thus, for example, a data structure containing an Elf32_Addr member will be aligned on a 4-byte boundary within the file.
For portability reasons, ELF uses no bit-fields.
(目标檔案格式定義的所有資料結構都是依照“自然”大小和相關類型的對齊準則。如果需要的話,資料結構中包含了明确的填充位元組,強制使資料結構的大小是4的倍數, 以保證4-byte object是4位元組對齊的。在檔案開頭的資料也有适當的對齊。例如,一個包含了一個Elf32_Addr成員的資料結構将會在檔案中對齊到4位元組的邊界上。
因為移植性的原因,ELF不使用位字段(bit-fields)。)
1.2 ELF Header
Some object file control structures can grow, because the ELF header contains their actual sizes. If the object file format changes, a program may encounter control structures that are larger or smaller than expected. Programs might therefore ignore ‘‘extra’’ information. The treatment of ‘‘missing’’ information depends on context and will be specified when and if extensions are defined??.
(一些object檔案的控制資料結構能夠增長,因為ELF頭包含了他們實際的尺寸。假如object檔案格式改變,程式可能會遇到或大或小他們不能預期的控制資料結構尺寸。程式可能是以忽略額外多餘的資訊。對于缺少的資訊的處理要依賴于上下文,如果擴充名(extensions)被定義,缺少的資訊将會被指定。)
e_ident: The initial bytes mark the file as an object file and provide machine-independent data with which to decode and interpret the file’s contents. Complete descriptions appear below, in ‘‘ELF Identification.’’
(e_ident标明檔案為一個object檔案,e_ident[]數組裡面也提供了機器無關的資料用來解碼和解釋目标檔案的内容。這些在下面的ELF Identification部分有詳盡的描述。)
e_type: This member identifies the object file type.
Name Value Meaning
==== ===== =======
ET_NONE 0 No file type
ET_REL 1 Relocatable file
ET_EXEC 2 Executable file
ET_DYN 3 Shared object file
ET_CORE 4 Core file
ET_LOPROC 0xff00 Processor-specific
ET_HIPROC 0xffff Processor-specific
Although the core file contents are unspecified, type ET_CORE is reserved to mark the core file. Values from ET_LOPROC through ET_HIPROC (inclusive) are reserved for processor-specific semantics. Other values are reserved and will be assigned to new object file types as necessary.
(雖然CORE的檔案内容未被指定詳細說明,ET_CORE類型是保留用于core 檔案的。從 ET_LOPROC 到 ET_HIPROC(包括ET_HIPROC)是為處理器特定相關的語義保留的。其他的保留值需要的話将來可用于新的object檔案類型。)
e_machine: This member’s value specifies the required architecture for an individual file.
(e_machine成員的值指定一個單獨檔案必需的體系結構。)
Name Value Meaning
==== ===== =======
EM_NONE 0 No machine
EM_M32 1 AT&T WE 32100
EM_SPARC 2 SPARC
EM_386 3 Intel 80386
EM_68K 4 Motorola 68000
EM_88K 5 Motorola 88000
EM_860 7 Intel 80860
EM_MIPS 8 MIPS RS3000
Other values are reserved and will be assigned to new machines as necessary. Processor-specific ELF names use the machine name to distinguish them. For example, the flags(即:e_flags) mentioned below use the prefix EF_; a flag named WIDGET for the EM_XYZ machine would be called EF_XYZ_WIDGET.
(如有需要,其他保留的值将可用于新的機器類型上。機器名字可區分處理器特定相關的ELF名字。例如,下面将要被提到的成員flags使用字首EF_;名字為WIDGET的flag用于一台EM_XYZ機器上,就叫做EF_XYZ_WIDGET。)
e_version: This member identifies the object file version.
(e_version 成員識别object檔案的版本)
Name Value Meaning
==== ===== =======
EV_NONE 0 Invalid version
EV_CURRENT 1 Current version
The value 1 signifies the original file format; extensions(未來的擴充) will create new versions with higher numbers. The value of EV_CURRENT, though given as 1 above, will change as necessary to reflect the current version number.
(值1表示最初的檔案格式(版本);extensions(未來擴充?)将會建立更高的(>1)版本數字。EV_CURRENT值(雖然上面給出為1)也将會根據需要而改變以反映目前的(最新)版本号。)
e_entry: This member gives the virtual address to which the system first transfers control, thus starting the process. If the file has no associated entry point??, this member holds zero.
(e_entry成員是系統第一次将控制傳遞到的虛拟位址,進而啟動程序。假如檔案沒有任何相關聯的入口點,該成員的值為0。)
e_phoff:This member holds the program header table’s file offset in bytes. If the file has no program header table, this member holds zero.
(e_phoff成員保持着程式頭表(program header table)在檔案中的偏移量(以位元組為機關計數)。假如該檔案沒有程式頭表的的話,該成員就保持為0。)
e_shoff: This member holds the section header table’s file offset in bytes. If the file has no section header table, this member holds zero.
(e_shoff成員保持着section頭表(section header table)在檔案中的偏移量(以位元組為機關計數)。假如該檔案沒有section頭表的的話,該成員就保持為0。)
e_flags: This member holds processor-specific flags associated with the file. Flag names take form the EF_machine_flag. See ‘‘Machine Information’’ for flag definitions(定義).
(e_flags成員儲存着相關檔案的處理器特定相關标志。flag的名字取自于EF_machine_flag。參看“Machine Information”部分的flag的定義。)
e_ehsize: This member holds the ELF header’s size in bytes.
(e_ehsize成員儲存着ELF頭大小(以位元組為機關計數)。)
e_phentsize: This member holds the size in bytes of one entry in the file’s program header table; all entries are the same size.
(e_phentsize成員儲存着檔案的程式頭表中每一個表項的大小(以位元組計數)。所有的表項大小相同。)
e_phnum: This member holds the number of entries in the program header table. Thus the product of e_phentsize and e_phnum gives the table’s size in bytes. If a file has no program header table, e_phnum holds the value zero.
(e_phnum成員儲存程式頭表中全部表項的個數。是以,e_phentsize和e_phnum的乘積就是表的大小(以位元組計數)。如果程式頭表不存在,e_phnum的值為0。)
e_shentsize: This member holds a section header’s size in bytes. A section header is one entry in the section header table; all entries are the same size.
(e_shentsize成員儲存着section頭的大小(以位元組計數)。一個section頭就是section頭表的一個表項;所有的表項大小相同。)
e_shnum: This member holds the number of entries in the section header table. Thus the product of e_shentsize and e_shnum gives the section header table’s size in bytes. If a file has no section header table, e_shnum holds the value zero.
(e_shnum成員儲存着section header table中的全部表項的個數。是以,e_shentsize和e_shnum的乘積就是section頭表的大小(以位元組計數)。如果檔案沒有section頭表,e_shnum值為0。)
e_shstrndx: This member holds the section header table index of the entry associated with the section name string table.?? If the file has no section name string table, this member holds the value SHN_UNDEF. See ‘‘Sections’’ and ‘‘String Table’’ below for more information.
(該成員儲存着section name string table相關表項(對應)的section頭表索引。假如檔案中沒有section name string table,該變量值為SHN_UNDEF。)
1.2.1 ELF Identification
As mentioned above, ELF provides an object file framework(構架) to support multiple processors, multiple data encodings, and multiple classes of machines. To support this object file family,the initial bytes of the file(e_ident[] =16 bytes) specify how to interpret the file, (initial bytes in e_ident[] is)independent of the processor on which the inquiry is made and (is also) independent of the file’s remaining contents.
The initial bytes of an ELF header (and an object file) correspond to the e_ident member.
(在上面提到的,ELF提供了一個目标檔案架構來支援多種處理機,多種資料編碼方式,及多種機器類型。為了支援這個目标檔案家族(family),檔案最初的幾個位元組是不依賴于處理器構架的,而且和檔案剩下的内容無關,它們用來說明如何解釋該檔案。
ELF頭(以及object檔案頭)最初的幾個位元組就是e_ident成員。)
Figure 1-4: e_ident[ ] Identification Indexes
Name Value Purpose
==== ===== =======
EI_MAG0 0 File identification
EI_MAG1 1 File identification
EI_MAG2 2 File identification
EI_MAG3 3 File identification
EI_CLASS 4 File class
EI_DATA 5 Data encoding
EI_VERSION 6 File version
EI_PAD 7 Start of padding bytes
EI_NIDENT 16 Size of e_ident[]
These indexes access bytes that hold the following values.
EI_MAG0 to EI_MAG3:A file’s first 4 bytes hold a ‘‘magic number,’’ identifying the file as an ELF object file.
(檔案的前4個字元儲存着一個魔術數(magic number),用來辨別該檔案是否為一個ELF目标檔案。)
Name Value Position
==== ===== ========
ELFMAG0 0x7f e_ident[EI_MAG0]
ELFMAG1 'E' e_ident[EI_MAG1]
ELFMAG2 'L' e_ident[EI_MAG2]
ELFMAG3 'F' e_ident[EI_MAG3]
EI_CLASS: The next byte, e_ident[EI_CLASS], identifies the file’s class, or capacity(相容性).
(e_ident[EI_CLASS],用來辨別檔案的類型或者相容性(capacity)。)
Name Value Meaning
==== ===== =======
ELFCLASSNONE 0 Invalid class
ELFCLASS32 1 32-bit objects
ELFCLASS64 2 64-bit objects
The file format is designed to be portable among machines of various sizes, without imposing(強加于 impossible) the sizes of the largest machine on the smallest. EI_CLASS value ELFCLASS32 supports machines with files and virtual address spaces up to 4 gigabytes; it uses the basic types defined above. Class value ELFCLASS64 is reserved for 64-bit architectures. Its appearance here shows how the object file may change, but the 64-bit format is otherwise unspecified. Other classes will be defined as necessary, with different basic types and sizes for object file data.
(檔案格式被設計成在不同size的機器中可伸縮移植的,而不至于在小型機上勉強用大型機上的尺寸 (size)。類型ELFCLASS32支援虛拟位址空間最大可達4GB的機器;它使用上面定義過的基本類型。類型ELFCLASS64為64位體系的機器保留。它表明了object檔案可能演變的趨勢,但是64位的格式目前還沒有被定義。需要的話,也将會為目标檔案資料定義其他classes(具有不同的basic types和不同的大小尺寸。))
EI_DATA: Byte e_ident[EI_DATA] specifies the data encoding of the processor-specific data in the object file. The following encodings are currently defined.
(位元組e_ident[EI_DATA]指定了object檔案中與特定處理器相關的資料的編碼方式。目前定義了以下編碼方式。)
Name Value Meaning
==== ===== =======
ELFDATANONE 0 Invalid data encoding
ELFDATA2LSB 1 See below
ELFDATA2MSB 2 See below
More information on these encodings appears below. Other values are reserved and will be assigned to new encodings as necessary.
(更多的關于這些編碼的含義在下面詳細叙述。其他值保留,用于将來配置設定給新的編碼方式。)
EI_VERSION: Byte e_ident[EI_VERSION] specifies the ELF header version number. Currently, this value must be EV_CURRENT, as explained above for e_version.
(位元組e_ident[EI_VERSION]指定了ELF頭的版本号。現在這個值一定要設為EV_CURRENT,EV_CURRENT的解釋在前面的e_version部分。)
EI_PAD: This value marks the beginning of the unused bytes in e_ident[]. These bytes are reserved and set to zero; programs that read object files should ignore them. The value of EI_PAD will change in the future if currently unused bytes are given meanings.
(EI_PAD标明了在e_ident[]中未使用位元組的開始(位置)。這些未使用位元組被保留并被設定為0;從object 檔案程式時讀取應該忽略他們。假如目前未被使用的位元組将來被賦予了新的涵義,EI_PAD的值也将會改變。)
A file’s data encoding (EI_DATA)specifies how to interpret the basic objects in a file. As described above, class ELFCLASS32 files use objects that occupy 1, 2, and 4 bytes. Under the defined encodings, objects are represented as shown below. Byte numbers appear in the upper left corners.
(一個檔案的資料編碼(EI_DATA)指出了如何來解釋一個檔案中基本的資料對象。在上述的描述中,class ELFCLAS32的檔案使用的資料結構對象占用1,2或4位元組。在這種編碼方式的定義下,資料對象表示如下。Byte numbers出現在左上角。)
Encoding ELFDATA2LSB specifies 2's complement values, with the least significant byte occupying the lowest address.
(ELFDATA2LSB編碼指定了2的補數值,最小有意義的位元組占有最低的位址。)
Encoding ELFDATA2MSB specifies 2’s complement values, with the most significant byte occupying the lowest address.
(ELFDATA2MSB編碼指定了2的補數值,最大有意義的位元組占有最低的位址。)
1.2.2 32-bit Intel Machine Information
For file identification in e_ident[], the 32-bit Intel Architecture requires the following values.
(為了在e_ident中辨別檔案,32位Intel體系結構的需要以下的值。)
Processor identification resides in the ELF header’s e_machine member and must have the value EM_386.The ELF header’s e_flags member holds bit flags associated with the file. The 32-bit Intel Architecture defines no flags; so this member contains zero.
(ELF頭裡的e_machine成員用來辨別處理器,其值必須為EM_386。ELF頭裡的e_flags成員儲存了與檔案相關的位标記。32位Intel體系上未定義位标記;是以這個成員的值為0。)
1.3 Sections
An object file’s section header table lets one locate all the file’s sections. The section header table is an array of Elf32_Shdr structures as described below. A section header table index is a subscript(下标) into this array.
The ELF header’s(Elf32_Ehdr) e_shoff member gives the byte offset from the beginning of the file to the section header table; e_shnum tells how many entries the section header table contains; e_shentsize gives the size in bytes of each entry.
Some section header table indexes are reserved; an object file will not have sections for these special indexes.
(一個object檔案的section頭表可以讓我們定位檔案中所有的sections。section頭表是個Elf32_Shdr結構的數組(在後面描述)。一個section 頭表索引是這個數組的一個下标。
ELF header (Elf32_Ehdr)中:e_shoff成員給出了section頭表的偏移量(從檔案開始計算的位元組數);e_shnum成員給出section頭表中包含了多少個表項;e_shentsize 成員給出了每個表項的大小。
某些section頭表索引是保留的;這些特殊的索引在一個object檔案中沒有與之對應sections。)
Figure 1-8: Special Section Index
Name Value
==== =====
SHN_UNDEF 0
SHN_LORESERVE 0xff00
SHN_LOPROC 0xff00
SHN_HIPROC 0xff1f
SHN_ABS 0xfff1
SHN_COMMON 0xfff2
SHN_HIRESERVE 0xffff
SHN_UNDEF: This value marks an undefined, missing, irrelevant(無關的), or otherwise meaningless section reference. For example, a symbol ‘‘defined’’ relative to section number SHN_UNDEF(定義的與sention頭表索引号SHN_UNDEF相關的标号們) is an undefined symbol.
(該值标明一個 未定義,缺失,無關的或者無意義的section引用。例如,一個 被定義的 與sention頭表索引号SHN_UNDEF有關的 符号是一個未定義符号。)
NOTE:Although index 0(即:SHN_UNDEF) is reserved as the undefined value, the section header table (still) contains an entry for index 0. That is, if the e_shnum member of the ELF header says a file has 6 entries in the section header table, they have the indexes 0 through 5. The contents of the initial entry are specified later in this section.
(注意: 雖然索引0保留作為未定義的值,section報頭表仍會為索引0保留一個表項。是以,假如ELF報頭中的e_shnum成員說一個檔案的section 報頭表中有6個section表項的話,6個section表項的索引值應該是從0到5。初始表項的内容以後在這個section中被指定。)
SHN_LORESERVE: This value specifies the lower bound of the range of reserved indexes.
(該值指定被保留索引範圍的最小邊界值。)
SHN_LOPROC: through SHN_HIPROC Values in this inclusive range are reserved for processor-specific semantics.
(該範圍值為特定處理器相關的語意保留。)
SHN_ABS: This value specifies absolute values for the corresponding reference. For example, symbols defined relative to section number SHN_ABS have absolute values and are not affected by relocation.
(該值指定對應引用的絕對值。例如,被定義的與sention頭表索引号SHN_ABS相關的符号們擁有絕對數值,不被重定位影響。)
SHN_COMMON: Symbols defined relative to this section number SHN_COMMON are common symbols, such as FORTRAN COMMON or unallocated C external variables(外部變量).
(被定義的與sention頭表索引号SHN_COMMON相關的符号們是一般符号,例如:FORTRAN COMMON或者未配置設定的C外部變量。)
SHN_HIRESERVE: This value specifies the upper bound of the range of reserved indexes. The system reserves indexes between SHN_LORESERVE and SHN_HIRESERVE, inclusive(包括再内的); and these values do not reference the section header table.That is, the section header table does not contain entries for the reserved indexes.
(該值指定被保留索引範圍的上限值。系統保留從SHN_LORESERVE到SHN_HIRESERVE之間的索引值;這些索引值不引用到section頭表(的表項)。也就是說,section頭表不含被保留索引值們的表項。)
Sections contain all information in an object file, except the ELF header, the program header table, and the section header table. Moreover,object files’ sections satisfy several conditions:
(1) Every section in an object file has exactly one section header describing it. Section headers may exist that do not have a section.
(2) Each section occupies one contiguous (possibly empty) sequence of bytes within a file.
(3) Sections in a file may not overlap. No byte in a file resides in more than one section.
(4) An object file may have inactive space. The various headers and the sections might not ‘‘cover’’(籠罩普及) every byte in an object file. The contents of the inactive data are unspecified.
除了ELF header,program header table和section header table,sections包含了一個object檔案中其它所有資訊(注意是指資訊而非資料,即控制管理object檔案的相關資訊,而不是指 object檔案中的所有位元組資料)。此外,object檔案的sections滿足幾個條件:
* 每個在object檔案中的section都有一個确切的section的頭來描述它。
可能會有section頭存在但section不存在的情況。
* 每個section在檔案中都占有一段相臨連續的位元組(但可能是空的)。
* 檔案中的Sections不能重疊。檔案中任何一個位元組不能同時在多個section中。
* object檔案可以有"非活動的"空間。所有的報頭和sections未必能覆寫遍及
object檔案中的每個位元組。"非活動"資料的内容是未指定的。
1.3.1 section header structure
Figure 1-9: Section Header
typedef struct {
Elf32_Word sh_name;
Elf32_Word sh_type;
Elf32_Word sh_flags;
Elf32_Addr sh_addr;
Elf32_Off sh_offset;
Elf32_Word sh_size;
Elf32_Word sh_link;
Elf32_Word sh_info;
Elf32_Word sh_addralign;
Elf32_Word sh_entsize;
} Elf32_Shdr;
sh_name: This member specifies the name of the section. Its value is an index into the section header string table section [see ‘‘String Table’’ below], giving the location of a null-terminated string.
(sh_name指定 section的名字。 Sh_name的值(例如:.dynsym) 是section頭字元表中的一個索引值。[參看後面的“String Table”,section header string table 存放在 .shstrtab section裡面], 通過section頭字元表可以查找出以NULL空字元結尾的字元串的位置。)
sh_type: This member categorizes the section’s contents and semantics(按内容和意義分類). Section types and their descriptions appear below.
sh_flags: Sections support 1-bit flags that describe miscellaneous(各種各樣的) attributes. Flag definitions appear below.
sh_addr: If the section will appear in the memory image of a process, this member gives the address(記憶體位址) at which the section’s first byte should reside. Otherwise, the member contains 0.
(如果一個section将參與出現在程序的記憶體映象裡,sh_addr成員給出了該section的第一位元組在記憶體中的駐留的位址。否則,sh_addr值為0。) (section是和程式連接配接相關的,是以sh_addr很重要)
sh_offset: This member’s value gives the byte offset from the beginning of the file to the first byte in the section. One section type, SHT_NOBITS described below, occupies no space in the file, and its sh_offset member locates the conceptual placement?? in the file.
(sh_offset給出了section的在檔案中的位元組偏移量(從檔案開頭到 section的第1個位元組)。SHT_NOBITS類型的section(在後面讨論)在檔案中不占空間,它的sh_offset成員定位在檔案中的概念上的位置。)
sh_size: This member gives the section’s size in bytes. Unless the section type is SHT_NOBITS, the section occupies sh_size bytes in the file. A section of SHT_NOBITS type may have a non-zero size, but it occupies no space in the file.
(sh_size成員給出了section的大小(位元組為機關)。除非這個section的類型為SHT_NOBITS,否則該section将在檔案中将占有sh_size個位元組。SHT_NOBITS類型的section的大小可能是非0的,但是在檔案中不占空間。)
sh_link: This member holds a section header table index link??, whose interpretation depends on the section type. A table below describes the values.
sh_info: This member holds extra information(額外的資訊), whose interpretation depends on the section type. A table below describes the values.
sh_addralign: Some sections have address alignment constraints. For example, if a section holds a double word, the system must ensure doubleword alignment for the entire section. That is, the value of sh_addr must be congruent to 0, modulo the value of sh_addralign. Currently, only 0 and positive integral powers of two are allowed. Values 0 and 1 mean the section has no alignment constraints.
(一些sections有位址對齊的限制。例如,假如一個section儲存着一個雙字,系統就必須確定整個section是雙字對齊的。也就是說 sh_addr的值以sh_addralign的值取模結果為0。目前,sh_addralign允許取值0和2的正整數次幂,值為0和1表示該 section沒有對齊限制。)
sh_entsize: Some sections hold a table of fixed-size entries, such as a symbol table. For such a section, this member gives the size in bytes of each entry. The member contains 0 if the section does not hold a table of fixed-size entries.
(一些sections中(例如:.hash .dynsym .symtab .plt .got等secion)儲存着一張表,該表的表項是大小固定的,比如符号表。對于這樣的section來說,該成員給出了這張表每個表項的大小(位元組為機關)。如果該section沒有儲存着一張固定大小entry的表,sh_entsize成員就為0。(注意:字元串表的每個表項大小是不固定的,是以 .dynstr .shstrtab .strtab等section 的sh_entsize的值也為0))
A section header’s sh_type member specifies the section’s semantics(語意).
Figure 1-10: Section Types, sh_type
Name Value
==== =====
SHT_NULL 0
SHT_PROGBITS 1
SHT_SYMTAB 2
SHT_STRTAB 3
SHT_RELA 4
SHT_HASH 5
SHT_DYNAMIC 6
SHT_NOTE 7
SHT_NOBITS 8
SHT_REL 9
SHT_SHLIB 10
SHT_DYNSYM 11
SHT_LOPROC 0x70000000
SHT_HIPROC 0x7fffffff
SHT_LOUSER 0x80000000
SHT_HIUSER 0xffffffff
SHT_NULL: This value marks the section header as inactive; it does not have an associated section. Other members of the section header have undefined values.
(sh_type=SHT_NULL 表明該section頭是非活動的;它沒有相關聯的section。該section頭的其他成員的值都是未定義的。)
SHT_PROGBITS: The section holds information defined by the program, whose format and meaning are determined(決定) solely(唯一地) by the program.
(sh_type=SHT_PROGBITS 表明該section儲存着 被程式所定義資訊,這些資訊的格式和意義唯一取決于這個程式。)
SHT_SYMTAB and SHT_DYNSYM: These sections hold a symbol table. Currently, an object file may have only one section of each type(每種類型的section), but this restriction may be relaxed in the future.
Typically, SHT_SYMTAB section provides symbols for link editing, though it may also be used for dynamic linking. As a complete symbol table, it may contain many symbols unnecessary for dynamic linking. Consequently, an object file may also contain a SHT_DYNSYM section, which holds a minimal set of dynamic linking symbols, to save space. See ‘‘Symbol Table’’ below for details.
(這些類型的sections中儲存着一個符号表(symbol table)。目前,一個object檔案中SHT_SYMTAB和SHT_DYNSYM類型的section各隻有一個,但是,在将來這個限制可能被放寬。
典型的,SHT_SYMTAB為連接配接器提供标号,當然它也可被動态連接配接時使用。SHT_SYMTAB包含了一個完整的符号表,可能包含的一些符号,在動态連接配接時根本用不着。是以,一個object檔案也包含了一個SHT_DYNSYM類型的section,它儲存着動态連接配接時所需最小的符号集合,以便節省空間。參看下面符号表“Symbol Table”的詳細說明。)
SHT_STRTAB: The section holds a string table. An object file may have multiple string table sections. See ‘‘String Table’’ below for details.
(sh_type=SHT_STRTAB 表明該section儲存着一個字元串表。一個object檔案可以有多個SHT_STRTAB類型的section以包含多個字元串表。詳情看下面字元串表“String Table”的詳細說明。)
SHT_RELA: The section holds relocation entries with explicit addends, such as type Elf32_Rela for the 32-bit class of object files. An object file may have multiple relocation sections. See ‘‘Relocation’’ below for details.
(sh_type=SHT_RELA 表明該section儲存着帶有明确加數的重定位表項,比如object檔案的32位類型重定位表項:Elf32_Rela。一個object檔案可能有多個重定位的sections。具體細節參看重定位“Relocation”部分。)
SHT_HASH: The section holds a symbol hash table. All objects file participating in dynamic linking must contain a symbol hash table. Currently, an object file may have only one hash table, but this restriction may be relaxed in the future. See ‘‘Hash Table’’ in Part 2 for details.
(sh_type=SHT_HASH 表明該section儲存着一個符号哈希表。所有參與動态連接配接的object必須包含一個符号哈希表。目前,一個object檔案隻有一個哈希表。但是,在将來這個限制可能被放寬。詳細細節看第二部分的哈希表"Hash Table"。)
SHT_DYNAMIC: The section holds information for dynamic linking. Currently, an object file may have only one dynamic section, but this restriction may be relaxed in the future. See ‘‘Dynamic Section’’ in Part 2 for details.
(sh_type=SHT_DYNAMIC 表明該section儲存着用于動态連接配接的資訊。目前,一個object可能隻有一個動态的section,但是,将來這個限制可能被取消。詳細細節看第二部分的“Dynamic Section”。)
SHT_NOTE: The section holds information that marks the file in some way. See ‘‘Note Section’’ in Part 2 for details.
(sh_type=SHT_NOTE 表明該section儲存着其他的一些标志檔案的資訊。)
SHT_NOBITS: A section of this type occupies no space in the file but otherwise resembles SHT_PROGBITS. Although this section contains no bytes, this type section’s sh_offset member contains the conceptual file offset.
(sh_type=SHT_NOBITS 表明該section在檔案中不占空間,但是類似于SHT_PROGBITS類型section。 盡管該類型section不包含位元組,但是section頭的sh_offset成員包含了概念上的檔案偏移量。)
SHT_REL: The section holds relocation entries without explicit addends, such as type Elf32_Rel for the 32-bit class of object files. An object file may have multiple relocation sections. See ‘‘Relocation’’ below for details.( SHT_RELA The section holds relocation entries with explicit addends)
(sh_type=SHT_REL 表明該section儲存着不帶有明确加數的重定位表項,比如object檔案的32位類型重定位表項:Elf32_Rel。一個object檔案可能有多個重定位的sections。具體細節參看重定位“Relocation”部分。)
SHT_SHLIB: This section type is reserved but has unspecified semantics. Programs that contain a section of this type do not conform to the ABI.
(sh_type=SHT_SHLIB 表明該section為保留但語意沒有指明。包含這個類型的section的程式是不符合ABI的。)
SHT_LOPROC through SHT_HIPROC: Values in this inclusive range are reserved for processor-specific semantics.
(sh_type在SHT_LOPROC-SH_HIPROC範圍之間的值為特定處理器語意保留的。)
SHT_LOUSER: This value specifies the lower bound of the range of indexes reserved for application programs(使用者應用程式).
(SHT_LOUSER是為應用程式保留的索引範圍的最小邊界。)
SHT_HIUSER: This value specifies the upper bound of the range of indexes reserved for application programs. Section types between SHT_LOUSER and SHT_HIUSER may be used by the application, without conflicting with current or future system-defined section types.
(SHT_HIUSER是為應用程式保留的索引範圍的最大邊界。在SHT_LOUSER和HIUSER之間的section類型可能被應用程式使用,這和目前或者将來系統定義的section類型是不沖突的。)
Other section type values are reserved. As mentioned before, the section header for index 0 (SHN_UNDEF) exists, even though the index marks undefined section references. This entry holds the following.
(其他 section類型值是保留的。前面提到過,section頭表的index 0(SHN_UNDEF)對應的section頭是存在的,盡管index 0标記的是未定義的section引用。)
Index 0對應的section header table 表項儲存着以下的資訊。
Figure 1-11: Section Header Table Entry: Index 0
Name Value Note
==== ===== ====
sh_name 0 No name
sh_type SHT_NULL Inactive
sh_flags 0 No flags
sh_addr 0 No address
sh_offset 0 No file offset
sh_size 0 No size
sh_link SHN_UNDEF No link information
sh_info 0 No auxiliary information
sh_addralign 0 No alignment
sh_entsize 0 No entries
A section header’s sh_flags member holds 1-bit flags that describe the section’s attributes. Defined values appear below; other values are reserved.
(section頭的sh_flags成員儲存着1位标記,用來描述section的屬性。以下是定義的值;其他的值保留。)
Figure 1-12: Section Attribute Flags, sh_flags
Name Value
==== =====
SHF_WRITE 0x1
SHF_ALLOC 0x2
SHF_EXECINSTR 0x4
SHF_MASKPROC 0xf0000000
If a flag bit is set in sh_flags, the attribute is ‘‘on’’ for the section. Otherwise, the attribute is ‘‘off’’ or does not apply. Undefined attributes are set to zero.
(假如設定了在sh_flags中的某個标志位,該section相應的屬性就被打開了。否則,該屬性就是關閉的。未定義的屬性設為0。)
SHF_WRITE: The section contains data that should be writable during process execution.
(sh_flags=SHF_WRITE 表明該section包含的資料在程序執行過程中應該可寫。)
SHF_ALLOC: The section occupies memory during process execution. Some control sections do not reside in the memory image of an object file; this attribute is off for those sections.
(sh_flags=SHF_ALLOC 表明該section在程序執行過程中占據着記憶體。但有一些控制section沒有駐留在目标檔案的記憶體映象中;這些sections的SHF_ALLOC屬性是關閉的。)
SHF_EXECINSTR: The section contains executable machine instructions(可執行的機器指令).
(sh_flags=SHF_EXECINSTR 表明該section包含了可執行的機器指令。)
SHF_MASKPROC: All bits included in this mask are reserved for processor-specific semantics.
(sh_flags=SHF_MASKPROC這個掩碼中包括的所有的位是為特定處理器語意保留的。)
Two members in the section header, sh_link and sh_info, hold special information, depending on section type.
(對section頭中的成員sh_link和sh_info的解釋要依賴于該section的類型:sh_type。)
Figure 1-13: sh_link and sh_info Interpretation
(The section header index of the symbol table to which the hash table applies. 大意是:hash table應用到的symble table section所對應的section頭表中的索引值) ( section header table是section header結構的數組,section 頭表索引是section頭數組的下标值,section header數組是從0開始計數,例如:.dynsym section所對應的section header在section header table中是第6項,那麼.dynsym 的section header index =5;可以用readelf -a test 實際檢視一下.dynsym section 所對應的sh_link sh_info的值)
Special Sections
Various sections hold program and control information. Sections in the list below are used by the system and have the indicated(表明的) types and attributes.
Figure 1-14: Special Sections
Name Type Attributes
==== ==== ==========
.bss SHT_NOBITS SHF_ALLOC+SHF_WRITE
.comment SHT_PROGBITS none
.data SHT_PROGBITS SHF_ALLOC+SHF_WRITE
.data1 SHT_PROGBITS SHF_ALLOC+SHF_WRITE
.debug SHT_PROGBITS none
.dynamic SHT_DYNAMIC see below
.dynstr SHT_STRTAB SHF_ALLOC
.dynsym SHT_DYNSYM SHF_ALLOC
.fini SHT_PROGBITS SHF_ALLOC+SHF_EXECINSTR
.got SHT_PROGBITS see below
.hash SHT_HASH SHF_ALLOC
.init SHT_PROGBITS SHF_ALLOC+SHF_EXECINSTR
.interp SHT_PROGBITS see below
.line SHT_PROGBITS none
.note SHT_NOTE none
.plt SHT_PROGBITS see below
.relname SHT_REL see below
.relaname SHT_RELA see below
.rodata SHT_PROGBITS SHF_ALLOC
.rodata1 SHT_PROGBITS SHF_ALLOC
.shstrtab SHT_STRTAB none
.strtab SHT_STRTAB see below
.symtab SHT_SYMTAB see below
.text SHT_PROGBITS SHF_ALLOC+SHF_EXECINSTR
.bss: This section holds uninitialized data(未初始化資料) that contribute to the program’s memory image. By definition(根據定義), the system initializes the data with zeros when the program begins to run. The section occupies no (object) file space, as(因為) indicated by the section type, SHT_NOBITS.
(該section儲存着建立程式記憶體映象時未初始化的資料。定義bss後,當程式開始運作時,系統初始化bss資料為0。該section不占檔案空間,正如它的section類型sh_type=SHT_NOBITS訓示的一樣。)
.comment: This section holds version control information.
(該section儲存着版本控制資訊。)
.data and .data1:These sections hold initialized data(初始化資料) that contribute to the program’s memory image.
(該section儲存着建立程式記憶體映象時已經初始化的資料。)
.debug: This section holds information for symbolic debugging. The contents are unspecified.
(該section儲存着用于符号調試的資訊。其内容是未指明的。)
.dynamic: This section holds dynamic linking information. The section’s attributes will include the SHF_ALLOC bit. Whether the SHF_WRITE bit is set is processor specific. See Part 2 for more information.
(該section儲存着動态連接配接的資訊。該section的屬性(sh_flags)将包括SHF_ALLOC位。是否需要設定SHF_WRITE屬性位跟特定處理器有關。第二部分有更詳細的說明。)
.dynstr: This section holds strings needed for dynamic linking, most commonly the strings that represent the names associated with symbol table entries. See Part 2 for more information.
(該section儲存着動态連接配接時需要的字元串,一般情況下,表示名字的“字元串”關聯着符号表表項。第二部分有更詳細的說明。)
.dynsym This section holds the dynamic linking symbol table, as ‘‘Symbol Table’’ describes. See Part 2 for more information.
(該section儲存着動态符号表,如“Symbol Table”的描述。第二部分有更詳細的說明。)
.fini (fini -> finish): This section holds executable instructions that contribute to the process termination code. That is, when a program exits normally, the system arranges to execute the code in this section.
(該section儲存着可執行指令,它構成了程序中的終止代碼部分。從程式連接配接角度講,程序位址空間是由相關object files的若幹sections拼裝起來的.該section儲存着可執行指令,它構成了程序的終止代碼。也就是說,當一個程式正常退出時,系統安排執行這個section的中的代碼。)
.got(got -> global offset table): This section holds the global offset table. See ‘‘Special Sections’’ in Part 1 and ‘‘Global Offset Table’’ in Part 2 for more information.
(該section儲存着1張全局偏移量表。看第一部分的“Special Sections”(圖1-8)和第二部分的“Global Offset Table”獲得更多的資訊。)
.hash: This section holds a symbol hash table. See ‘‘Hash Table’’ in Part 2 for more information.
(該section儲存着1張符号哈希表。看第二部分的“Hash Table”獲得更多的資訊。)
.init: This section holds executable instructions that contribute to the process initialization code. That is, when a program starts to run, the system arranges to execute the code in this section before calling the main program entry point (called main for C programs).
(該section儲存着可執行指令,它構成了程序中的初始化代碼部分。從程式連接配接角度講,程序位址空間是由相關object files的若幹sections拼裝起來的.是以,當一個程式開始運作時,在主程式entry point被調用之前(c語言稱為main),系統安排執行這個section的中的代碼。)
.interp: (interp -> interpreter): This section holds the path name of a program interpreter(程式解釋器). If the object file has a loadable segment that includes the section, the section’s attributes will include the SHF_ALLOC bit; otherwise, that bit will be off. See Part 2 for more information.
(該section儲存了程式的解釋程式的路徑。假如檔案中有一個可裝載段包含了.interp section,那麼該section的sh_flags的SHF_ALLOC位将被設定;否則,SHF_ALLOC位被關閉。看第二部分獲得更多的資訊。)
.line: This section holds line number(行号) information for symbolic debugging, which describes the correspondence between the source program and the machine code. The contents are unspecified.
(該section包含用于符号調試的行号資訊, 行号資訊描述源程式與機器代碼之間的對應關系。該section内容未指明。)
.note: This section holds information in the format that ‘‘Note Section’’ in Part 2 describes.
(該section儲存一些資訊,使用“Note Section”(在第二部分說明)中提到的格式。)
.plt: (plt -> procedure linkage table): This section holds the procedure linkage table. See ‘‘Special Sections’’ in Part 1 and ‘‘Procedure Linkage Table’’ in Part 2 for more information.
(該section儲存着過程連接配接表(Procedure Linkage Table)。看第一部分的“Special Sections”和第二部分的“Procedure Linkage Table”。)
.relname and .relaname: (rel -> relocation): These sections hold relocation information, as ‘‘Relocation’’ below describes. If the file has a loadable segment that includes relocation section, the sections’ attributes will include the SHF_ALLOC bit; otherwise, that bit will be off. Conventionally, (.relname’s) name is supplied by the section to which the relocations apply. Thus a relocation section for .text normally would have the name .rel.text or .rela.text.
(這些section儲存着重定位的資訊,看下面的“Relocation”描述。假如檔案有一個可加載段包括了重定位 section(例如:.rel.plt),那麼該section的sh_flags的SHF_ALLOC屬性位将被設定;否則,SHF_ALLOC位被關閉。按照慣例,.relname 中的name部分由應用重定位的section來提供。是以,假設應用重定位的section是:.plt,如果一個relocation section是為.plt section保留重定位資訊,那麼這個relocation section的名字就是.rel.plt或者是.rela.plt。(可以用 readelf -a test 實際檢視))
.rodata and .rodata1: (ro -> read only): These sections hold read-only data that typically contribute to a non-writable segment in the process image. See ‘‘Program Header’’ in Part 2 for more information.
(這些section儲存着隻讀資料,在程序映象中構造不可寫的段。看第二部分的“Program Header”獲得更多的資料。)
.shstrtab: This section holds section names.
(該section儲存着section名字。)
.strtab: This section holds strings, most commonly the strings that represent the names associated with symbol table entries. If the file has a loadable segment that includes the string table, the section’s attributes will include the SHF_ALLOC bit; otherwise, that bit will be off.
(該section儲存着字元串表,一般地,表示名字的字元串和符号表表項相關聯。假如檔案有一個可裝載的段包括.strtab section,那麼該section的sh_flags成員的SHF_ALLOC屬性位将被設定;否則SHF_ALLOC屬性位是關閉的。
)
.symtab: This section holds a symbol table, as ‘‘Symbol Table’’ in this section describes. If the file has a loadable segment that includes the symbol table, the section’s attributes will include the SHF_ALLOC bit; otherwise, that bit will be off.
(該section儲存着一張符号表。假如檔案有一個可裝載的段包括.symtab section,那麼section的sh_flags成員的SHF_ALLOC屬性位将被設定;否則SHF_ALLOC屬性位是關閉的。)
.text: This section holds the ‘‘text,’’ or executable instructions, of a program.
(該section儲存着程式的正文或者說是可執行指令。)
Section names with a dot (.) prefix are reserved for the system, although applications may use these sections if their existing meanings are satisfactory. Applications may use names without the prefix to avoid conflicts with system sections. The object file format lets one define sections not in the list above. An object file may have more than one section with the same name.
(字首是.的section名字是為系統保留的,雖然應用程式在目前語意滿足(即不産生語意沖突)的情況下可以用這些保留的section名。應用程式盡量使用不帶dot字首的section名字以避免和系統的sections名字沖突。 object檔案格式允許自定義上述清單以外的section。一個object檔案可以有多個相同名字的section。)
Section names reserved for a processor architecture are formed by placing an abbreviation of the architecture name ahead of the section name. The name should be taken from the architecture names used for e_machine. For instance .FOO.psect is the psect section defined by the FOO architecture. Existing extensions are called by their historical names.
(通過把體系結構名字的縮寫放在section名字的前面形成了為處理器體系結構保留的“section名”。該縮寫名字應該取自于ELF頭的e_machine成員所使用的體系名。例如,.Foo.psect就是在spect section 在FOO體系結構上定義的名字。現存的(處理器體系)擴充名是曆史遺留下來的。)
Pre-existing Extensions
========= =====
.sdata .tdesc
.sbss .lit4
.lit8 .reginfo
.gptab .liblist
.conflict
1.4 String Table (字元串表)
string:字元串,一組字元------一組連續的字元在計算機中被作為單一物體
symbol:符号, 記号, 标号, 象征, 符号用來代表某一操作、要素、數量、品質或某種聯系,如在數學或音樂中
String table sections hold null-terminated character sequences(以NULL終止的字元序列), commonly called strings. The object file uses these strings to represent symbol and section names. One references a string as an index into the string table section??. The first byte, which is index zero, is defined to hold a null character. Likewise(同樣的), a string table’s last byte is defined to hold a null character, ensuring null-termination for all strings. A string whose index is zero specifies either no name or a null name, depending on the context. An empty string table section is permitted; its section header’s sh_size member would contain zero. Non-zero indexes are invalid for an empty string table.
(String table sections 儲存着NULL結尾的字元序列,一般我們稱為字元串。object檔案使用這些字元串來表示“符号”和“section名字” (所有sh_type=SHT_STRTAB的sections 都包含了一個string table,都是string table section)。一個string table section的索引值可以用來引用字元串??。第一個位元組,即索引0,被定義儲存着一個NULL字元。同樣的,string table的最後一個位元組也儲存着一個NULL字元,以確定string table中間所有的字元串都是以NULL結尾的。index 為0 的字元串 可以訓示 no name或者 null name,如何解釋取決于上下文。string table section允許是空的,這樣它的section頭結構的sh_size成員值為0。對空的string table來說,非0的索引值是無效的。)
A section header’s sh_name member holds an index into the section header string table section(即:.shstrtab section), as designated by the e_shstrndx member of the ELF header. The following figures show a string table with 25 bytes and the strings associated with various indexes.
(section 頭的 sh_name 成員的值是setion 頭字元串表的索引,就象ELF頭的 e_shstrndx 成員所指出的那樣(e_shstrndx=27 對應着section header table中的.shstrtab 的索引号;可以用readelf -a test 實際看一下)。下表列出了一個有 25 位元組的字元串表,這些字元串和不同的索引值相關聯)
As the example shows, a string table index may refer to any byte in the section. A string may appear more than once; references to substrings may exist; and a single string may be referenced multiple times.Unreferenced strings also are allowed.
(如上例所示,一個字元串表索引值可能指向.strtab section 中的任意位元組。一個字元串可能被引用不止一次(例如:11 "able" ;16 "able");引用(字元串的)子串(例如:11 "able")的情況是可能存在的;一個字元串可以被引用多次;而不被引用的字元串也是允許存在的(例如: "xx")。)
1.5 Symbol Table (符号表)
An object file’s symbol table holds information needed to locate and relocate a program’s symbolic definitions and references. A symbol table index is a subscript into this array. Index 0 both designates the first entry in the table and serves as the undefined symbol index. The contents of the initial entry(index 0) are specified later in this section.??
(一個object檔案的符号表儲存了在定位和重定位一個程式的符号定義和引用時需要的資訊。符号表索引值是數組的下标。0表項特指該表的第一個表項,是一個未定義的符号索引。初始表項的内容(index 0)在這個section中會在以後指定。??)
Name Value
==== =====
STN_UNDEF 0
Figure 1-16: Symbol Table Entry
typedef struct {
Elf32_Word st_name;
Elf32_Addr st_value;
Elf32_Word st_size;
unsigned char st_info;
unsigned char st_other;
Elf32_Half st_shndx;
} Elf32_Sym;
st_name: This member holds an index into the object file’s symbol string table??, which holds the character representations of the symbol names. If the value is non-zero, it represents a string table index that gives the symbol name. Otherwise, the symbol table entry has no name.
(st_name成員的值是字元串表的索引,該字元串表儲存着object檔案中各符号的名字的字元表示串。 如果st_name值不為 0 ,則它表示了字元串表索引,該索引給出符号名字。否則,表示該符号表項沒有名字。
NOTE: External C symbols have the same names in C and object files’ symbol tables.
(外部C符号在C中和在目标檔案的symbol table中擁有相同的名字)
st_value: This member gives the value of the associated symbol. Depending on the context, this may be an absolute value, an address, etc.; details appear below.
(該成員給出了相應的符号值,它可能是絕對值或位址等等,取決于上下文;細節如下所述。)
st_size: Many symbols have associated sizes. For example, a data object’s size is the number of bytes contained in the object. This member holds 0 if the symbol has no size or an unknown size.
(許多符号都有相關的尺寸。比如,一個資料對象的大小是該對象所包含的位元組數目。如果該符号沒有大小或大小未知則st_size成員值為 0 。)
st_info: This member specifies the symbol’s type and binding attributes. A list of the values and meanings appears below. The following code shows how to manipulate(操作) the values.
(st_info成員指出了符号的類型和限制屬性。相應的清單如下所示。下面的代碼說明了如何操作該值。)
#define ELF32_ST_BIND(i) ((i)>>4)
#define ELF32_ST_TYPE(i) ((i)&0xf)
#define ELF32_ST_INFO(b, t) (((b)<<4)+((t)&0xf)) (b ---bind, t --- type)
st_other: This member currently holds 0 and has no defined meaning.
st_shndx Every symbol table entry is ‘‘defined’’ in relation to some section; this member holds the relevant section header table index. As Figure 1-7 and the related text describe, some section indexes indicate special meanings.
(每一個符号表的表項都(被定義為)和某些 section 相關;符号表表項的st_shndx成員儲存了相關聯的“section頭索引”。(section頭索引 在Figure 1-7有相關的描述,某些 section頭索引表示了特殊的含義。)
A symbol’s binding determines the linkage visibility and behavior.(st_info This member specifies the symbol’s type and binding attributes.)
(一個符号的限制屬性決定了:linkage可見性和行為。)
Figure 1-17: Symbol Binding, ELF32_ST_BIND
Name Value
==== =====
STB_LOCAL 0
STB_GLOBAL 1
STB_WEAK 2
STB_LOPROC 13
STB_HIPROC 15
STB_LOCAL: Local symbols are not visible outside the object file containing their definition. Local symbols of the same name may exist in multiple files without interfering with each other.
(局部符号在包含它們的定義的object檔案之外是不可見的;不同object檔案中的具有相同名字的局部符号互相并不會妨礙。)
STB_GLOBAL: Global symbols are visible to all object files being combined. One file’s definition of a global symbol will satisfy another file’s undefined reference to the same global symbol.
(全局符号對所有參與聯合的object檔案都是可見的。一個object檔案中的全局符号的定義可以在另一個object檔案中對該全局符号不用定義而直接引用。)
STB_WEAK: Weak symbols resemble global symbols, but their definitions have lower precedence.
(弱符号類似于全局符号,但是弱符号的定義的優先級比較低一些。)
STB_LOPROC through STB_HIPROC: Values in this inclusive range are reserved for processor-specific semantics.
(這個範圍中其所包含的值為特定處理器相關的語義保留)
Global and weak symbols differ in two major ways:
(全局符号和弱符号的差別主要在兩個方面。)
(1) When the link editor combines several relocatable object files, it does not allow multiple definitions of STB_GLOBAL symbols with the same name. On the other hand, if a defined global symbol exists, the appearance of a weak symbol with the same name will not cause an error. The link editor honors the global definition and ignores the weak ones. Similarly, if a common symbol exists (i.e., a symbol whose st_shndx field holds SHN_COMMON), the appearance of a weak symbol with the same name will not cause an error. The link editor honors the common definition and ignores the weak ones.
(* 當連結器連結幾個可重定位的目标檔案時,它不允許具有STB_GLOBAL屬性的符号以相同名字進行重複定義。另一方面,如果一個已定義的全局符号存在,則即便另一個具有相同名字的弱符号存在也不會引起錯誤。連結器将認可全局符号的定義而忽略弱符号的定義。與此相似,如果有一個普通符号(比如,一個符号的 st_shndx 成員的值為SHN_COMMON),則一個同名的弱符号也不會引起錯誤。連結器同樣認可普通符号的定義而忽略弱符号。)
(2) When the link editor searches archive libraries, it extracts archive members that contain definitions of undefined global symbols. The member’s definition may be either a global or a weak symbol. The link editor does not extract archive members to resolve undefined weak symbols. Unresolved weak symbols have a zero value.
(* 當連結器搜尋檔案庫的時候,它提取出存檔庫成員,該成員包含未被定義全局符号的定義。該成員(所包含)的定義:或者是全局的或者是一個弱符号。但連結器不會為了解析一個未定義的弱符号去提取存檔庫成員。未定義的弱符号具有 0 值。)
In each symbol table, all symbols with STB_LOCAL binding precede the weak and global symbols. As ‘‘Sections’’ above describes, a symbol table section’s sh_info section header member holds the symbol table index for the first non-local symbol.
(在每一個符号表中,所有具有 STB_LOCAL 限制屬性的符号優先于弱符号和全局符号。前面 "sections" 中描述過(參P21頁),一個symbol table section(即:.symtab section)對應的section頭中的sh_info成員保留了第一個非局部符号的符号表索引。可以用 readelf -a test 檢視section header table 中, .symtab section 的 sh_info=3b, 3b是16進制數,對應着.symtab 符号表裡面的第59項: 59: 0804e6dc 0 OBJECT GLOBAL DEFAULT 20 _DYNAMIC 符号_DYNAMIC的限制屬性為:STB_ GLOBAL;.dynsym section 的 sh_info=1, 對應着.dynsym 符号表裡面的第1項: 1: 0804830c 129 FUNC WEAK DEFAULT UND [email protected]_2.0 (2) 符号[email protected]_2.0 (2)的限制屬性為:STB_WEAK )
A symbol’s type provides a general classification for the associated entity. (st_info This member specifies the symbol’s type and binding attributes.)
(符号的類型提供了一個為符号的普遍分類。)
Figure 1-18: Symbol Types, ELF32_ST_TYPE
Name Value
==== =====
STT_NOTYPE 0
STT_OBJECT 1
STT_FUNC 2
STT_SECTION 3
STT_FILE 4
STT_LOPROC 13
STT_HIPROC 15
STT_NOTYPE: The symbol’s type is not specified.
(STT_NOTYPE 表示該符号的類型沒有指定。)
STT_OBJECT: The symbol is associated with a data object, such as a variable, an array, etc.
(STT_OBJECT 表示該符号和一個資料對象相關,比如一個變量、一個數組等。)
STT_FUNC: The symbol is associated with a function or other executable code.
(STT_FUNC 表示該符号和一個函數或其他可執行代碼相關。)
STT_SECTION: The symbol is associated with a section. Symbol table entries of this type exist primarily for relocation and normally have STB_LOCAL binding.
(STB_LOCAL表示該符号和一個 section 相關。STT_SECTION類型的symbol table表項的存在主要是為了重定向,一般具有 STB_LOCAL 限制屬性。)
STT_FILE: Conventionally, the symbol’s name gives the name of the source file associated with the object file. A file symbol (those with type STT_FILE) has STB_LOCAL binding, its section index is SHN_ABS, and it precedes the other STB_LOCAL symbols for the file, if it is present.
(按慣例而言,該符号給出了和目标檔案相關聯的源檔案的名字。STT_FILE類型符号具有ST_LOCAL限制屬性,它的section頭索引為 SHN_ABS(即:該符号的st_shndx=SHN_ABS),并且它優先于目前用于該檔案的其他 STB_LOCAL 符号。)
STT_LOPROC through STT_HIPROC: Values in this inclusive range are reserved for processor-specific semantics.
(該範圍中的值是為特定處理器語義保留的。)
Function symbols (those with type STT_FUNC) in shared object files have special significance(意義). When another object file references a function from a shared object, the link editor automatically creates a procedure linkage table entry for the referenced (function’s) symbol. Shared object symbols with types other than(除了) STT_FUNC(symbol) will not be referenced automatically through the procedure linkage table.
(共享目标檔案中的函數符号(即:STT_FUNC 類型的符号)有着特殊的意義。當其他的目标檔案引用一個共享目标檔案中的一個函數時,連結編輯器自動的為被引用的函數符号建立一個過程連結表表項。共享 object檔案中的非STT_FUNC類型的符号之将不會通過過程連結表自動的被引用。)
If a symbol’s value(st_value) refers to a specific location within a section, its section index member, st_shndx, holds an index into the section header table. As the section moves during relocation, the symbol’s value changes as well, and references to the symbol continue to ‘‘point’’ to the same location in the program.??
Some special section index(Figure 1-8: Special Section Indexes) values give other semantics.
( 如果一個符号的值st_value指向一個 section 内的特定位置,則符号表表項的st_shndx成員的值就是該 section對應的section頭表的索引。當該 section 在重定位過程中移動時,該符号的值st_value也相應變化,使該符号繼續保持指向程式中同樣的位置??。)
(一些特殊的 section索引(Figure 1-8: Special Section Indexes)值有其他的語義,解釋如下:)
SHN_ABS: The symbol has an absolute value that will not change because of relocation.
((如果st_shndx=SHN_ABS)該符号的有一個不會随重定位變化的絕對值(st_value)。可以用 readelf -a test 檢視符号表的st_shndx和st_value的值)
SHN_COMMON: The symbol labels a common block that has not yet been allocated. The symbol’s value gives alignment constraints, similar to a section’s sh_addralign member. That is, the link editor will allocate the storage for the symbol at an address that is a multiple(倍數) of st_value. The symbol’s size tells how many bytes are required.
((如果 st_shndx=SHN_COMMON) 該符号辨別了一個沒有被配置設定的普通塊。該符号的值(st_value)給出強制對齊值,其作用類似于 section 的 sh_addralign 成員。也就是說,連結編輯器給該符号配置設定的記憶體塊時,起始位址的值必須是 st_value 的倍數。該符号的大小(st_size)指出了(記憶體塊)需要的位元組數。)
SHN_UNDEF: This section table index means the symbol is undefined. When the link editor combines this object file with another that defines the indicated symbol, this file’s references to the symbol will be linked to the actual definition.
((如果st_shndx=SHN_UNDEF) 表明該符号是未定義的。當連結器将一個包含該未定義符号的object檔案和另一個已經定義了該符号的object檔案聯合裝配在一起的時候,這個目标檔案内對該未定義符号的引用将被連結到(另一個目标檔案中的)實際的定義上。)
As mentioned above, the symbol table entry for index 0 (STN_UNDEF) is reserved; it holds the following.
(如上所述,符号表的 0 索引(STN_UNDEF)是保留的,它包含了如下内容:)
Symbol Values
Symbol table entries for different object file types have slightly different interpretations for the st_value member.
(對于不同類型的目标檔案而言,符号表表項的st_value 成員有一些不同的解釋。)
In relocatable files, st_value holds alignment constraints for a symbol whose section index is SHN_COMMON.
(* 在可重定位檔案中,如果一個符号的st_shndx=SHN_COMMON則該符号的st_value 儲存着強制對齊值。)
In relocatable files, st_value holds a section offset for a defined symbol. That is, st_value is an offset from the beginning of the section that st_shndx identifies.
(* 在可重定位檔案中, st_value 儲存了一個已定義符号的 section 偏移。也就是說,符号的st_value值就是從 st_shndx 指定的 section 的開頭算起的偏移量。)
In executable and shared object files, st_value holds a virtual address. To make these files’ symbols more useful for the dynamic linker, the section offset (file interpretation) gives way to a virtual address (memory interpretation) for which the section number is irrelevant.
(* 在可執行的和可共享的目标檔案中,st_value 儲存一個虛拟位址,目的是為了使檔案中的符号對于動态連結器更加有用,是以檔案層面上的 section 偏移讓位于記憶體層面上的虛拟位址,因為虛拟位址是section 編号無關的。(而可重定位檔案中的符号的st_value值是從 st_shndx 指定的 section 的開頭算起的偏移量,也就是說是和section編号相關的相對的位址。))
Although the symbol table values have similar meanings for different object files, the data allow efficient access by the appropriate programs.??
(盡管符号表值對于不同的目标檔案有相似的含義,相應的程式還是可以有效地通路資料。??)
Relocation
Relocation is the process of connecting symbolic references with symbolic definitions. For example, when a program calls a function, the associated call instruction must transfer control to the proper destination address at execution(即:比如調用函數printf() 符号引用就是:“printf” 符号的定義就是:printf()的具體代碼,printf代碼通常包含在輸入輸出c庫裡). In other words, relocatable files must have information that describes how to modify their section contents, thus allowing executable and shared object files to hold the right information for a process’s program image. Relocation entries are these data.
(重定位是把符号引用與符号定義連接配接的過程。比如,當一個程式調用一個函數的時候,在執行時相關聯的調用指令必須把控制傳送到正确的目标位址。換句話說,重定位檔案必須包含專門的資訊來描述如何修改他們的 section 内容,進而允許可執行和共享object檔案儲存正确的資訊為一個程序的程式映像。重定位表項就是這樣的資料。)
Figure 1-20: Relocation Entries
typedef struct {
Elf32_Addr r_offset;
Elf32_Word r_info;
} Elf32_Rel;
typedef struct {
Elf32_Addr r_offset;
Elf32_Word r_info;
Elf32_Sword r_addend;
} Elf32_Rela;
r_offset This member gives the location at which to apply the relocation action. For a relocatable file, the value is the byte offset from the beginning of the section to the storage unit affected by the relocation. For an executable file or a shared object, the value is the virtual address of the storage unit affected by the relocation.
(該成員給出了重定位動作所應用到的位置。對于一個重定位檔案而言,r_offset值是從該section開頭到受重定位影響的存儲單元之間的位元組偏移量。對一個可執行檔案或一個共享object檔案而言,r_offset值是受重定位影響的存儲單元的虛拟位址。(比如:可以用 readelf -a test 檢視一個test可執行檔案的.rel.plt section的r_offset位址值都是位于.got section中的位址。.rel.plt 參考P23 ))
r_info This member gives both the symbol table index with respect to(關于) which the relocation must be made, and the type of relocation to apply. For example, a call instruction’s relocation entry would hold the symbol table index of the function being called. If the (symbol table) index is STN_UNDEF, the undefined symbol index, the relocation uses 0 as the ‘‘symbol value.’’ Relocation types are processor-specific. When the text refers to a relocation entry’s relocation type or symbol table index, it means the result of applying ELF32_R_TYPE or ELF32_R_SYM, respectively, to the entry’s r_info member??.
(r_info成員既給出重定位關系到的符号表索引又給出重定位應用的類型。比如,一個調用指令的重定位表項應當包含被調用函數所對應的符号表索引。如果符号表項的st_shndx=SHN_UNDEF,表明該符号是未定義的。重定位将使用 0 作為該符号的值(st_value)。重定位類型是和處理器相關的。當(程式的)正文(text)提及一個重定位表項的重定位類型或符号表索引,它的意思是将 ELF32_R_TYPE或 ELF32_R_SYM 分别應用到重定位表項的 r_info 成員的結果。)
#define ELF32_R_SYM(i) ((i)>>8)
#define ELF32_R_TYPE(i) ((unsigned char)(i))
#define ELF32_R_INFO(s, t) ((s)<<8+(unsigned char)(t))
r_addend This member specifies a constant addend used to compute the value to be stored into the relocatable field.
As shown above, only Elf32_Rela (type) entries contain an explicit addend. Entries of type Elf32_Rel store an implicit addend in the location to be modified. Depending on the processor architecture, one form or the other might be necessary or more convenient. Consequently, an implementation for a particular machine may use one form exclusively or either form? depending on context.
(如上所述,隻有 Elf32_Rela 類型的重定位表項包含一個明确的加數。Elf32_Rel 類型的表項在被修改的位置處存儲一個隐含的加數。根據處理器體系結構,一種形式或另一種形式也許是必要的或更為友善的。是以,特定機器的實作可以專門使用一種形式或依賴于上下文的另一種形式。)
A relocation section references two other sections: a symbol table and a section to modify. The section header’s sh_info and sh_link members, described in ‘‘Sections’’ above, specify these relationships. Relocation entries for different object files have slightly different interpretations for the r_offset member.
(一個重定位 section(例如:.rel.plt section)會引用兩個其他的section:一個符号表section和一個被修改的section 。該重定位section頭的 sh_info 和 sh_link成員(參考P21頁)描述了這種關系 (比如:可以用 readelf -a test 檢視一個test可執行檔案的.rel.plt section的sh_info指向.plt section;sh_link指向.dynsym section。.rel.plt 參考P23 )。對于不同種類的目标檔案,重定位表項的成員 r_offset解釋有少許差異。)
In relocatable files, r_offset holds a section offset. That is, the relocation section itself describes how to modify another section in the file; relocation offsets designate a storage unit within the second section.
(* 在可重定位檔案中,r_offset成員包含一個 section 偏移。也就是說,重定位section自己描述了如何修改檔案中的另一個section; 重定位偏移量指定了一個在第二個section中的存儲單元(距離section開頭的偏移量)。)
In executable and shared object files, r_offset holds a virtual address. To make these files’ relocation entries more useful for the dynamic linker, the section offset (file interpretation) gives way to a virtual address (memory interpretation).
(* 在可執行和共享的目标檔案中,r_offset 表示一個虛拟位址,目的是為了使得這些檔案中的重定位表項對于動态連結器更為有用,是以section 偏移(檔案解釋)讓位于一個虛拟位址(記憶體中解釋)。)
Although the interpretation of r_offset changes for different object files to allow efficient access by the relevant programs, the relocation types’ meanings stay the same.??
(盡管為了允許相關的程式更為有效的通路,而令r_offset 的解釋對于不同的目标檔案有所不同,重定位類型的含義是相同的。)
Relocation Types
Relocation entries describe how to alter the following instruction and data fields (bit numbers appear in the lower box corners).
(重定位表項描述了怎樣變更下面的指令和資料域(位數在表框下面的兩邊角顯示)。)
word32 This specifies a 32-bit field occupying 4 bytes with arbitrary byte alignment. These values use the same byte order as other word values?? in the 32-bit Intel Architecture.
(word32 指定一個以任意位元組對齊方式占用 4 位元組的 32 位域。這些值使用與 32 位 Intel體系相同的位元組順序。)
Calculations below assume the actions are transforming a relocatable file into either an executable or(或。。。或。。。) a shared object file. Conceptually, the link editor merges one or more relocatable files to form the output. It first decides how to combine and locate the input files, then updates the symbol values, and finally performs the relocation. Relocations applied to executable or shared object files are similar and accomplish the same result. Descriptions below use the following notation.
(下面的計算假設正在将一個可重定位檔案轉換為一個可執行或共享的目标檔案。從概念上來說,連結編輯器合并一個或多個可重定位檔案來組成輸出。它首先決定怎樣聯合、定位輸入檔案,然後更新符号值(st_value),最後進行重定位。對于可執行檔案和共享目标檔案,重定位過程是相似的并達到相同的結果。下面的描述使用如下的約定符号。)
A This means the addend used to compute the value of the relocatable field(Figure 1-21).
( 表示加數 用于計算可重定位域的值。)
B This means the base address at which a shared object has been loaded into memory during execution. Generally, a shared object file is built with a 0 base virtual address, but the execution address will be different. (表示了在執行過程中一個共享目标被加載到記憶體時的基位址。一般情況下,一個共享object檔案建立時的基虛位址為0,但是共享object檔案在執行時基位址就有所不同了。)
G This means the offset into the global offset table at which the address of the relocation entry’s symbol will reside during execution.?? See ‘‘Global Offset Table’’ in Part 2 for more information.
(表示了在執行過程中重定位表項(相關)的符号的位址駐留在全局偏移表中的偏移?? (比如:可以用 readelf -a test 檢視一個test可執行檔案的.rel.plt section的r_offset位址值都是位于.got section中的位址。.rel.plt 參考P23 )。請參閱第二部分中的“Global Offset Table”獲得更多的資訊。)
GOT This means the address of the global offset table. See ‘‘Global Offset Table’’ in Part 2 for more information.
(表示了全局偏移表的位址。請參閱第二部分中的“Global Offset Table”獲得更多的資訊。)
L This means the place (section offset or address) of the procedure linkage table entry for a symbol (表示一個符号(比如一個調用函數的名字prinf)的過程連結表表項的位置( section 偏移或位址)。) . A procedure linkage table entry redirects a function call to the proper destination(一個過程連結表表項用于把一個函數調用重定向到正确的目的地。). The link editor builds the initial procedure linkage table, and the dynamic linker modifies the procedure linkage table entries during execution. See ‘‘Procedure Linkage Table’’ in Part 2 for more information.
(表示一個符号(比如一個被調用函數的名字prinf)的過程連結表表項的位置(section偏移或位址)。一個過程連結表表項把一個函數調用重定向到正确的目的地。連結編輯器建立初始的過程連結表,而動态連結器在執行中修改過程連結表表項。請參閱第二部分中的“Procedure Linkage Table”獲得更多的資訊)
P This means the place (section offset or address) of the storage unit being relocated (computed using r_offset).
(表示被重定位的存儲單元的位置(section 偏移或位址)。(重定位使用 r_offset 計算))
S This means the value of the symbol whose index resides in the relocation entry. A relocation entry’s r_offset value designates the offset or virtual address of the first byte of the affected storage unit. The relocation type specifies which bits to change and how to calculate their values.
(表示符号值,該符号值的索引駐留在重定位表項中。一個重定位表項的 r_offset 值指定了受影響存儲單元的首位元組的偏移或虛拟位址。重定位類型指定了哪一位(bit)将要改變,以及怎樣計算它們的值。)
The SYSTEM V architecture uses only Elf32_Rel relocation entries, the field to be relocated holds the addend. In all cases, the addend and the computed result use the same byte order.
(在 SYSTEM V 體系中僅僅使用 Elf32_Rel 重定位表項,要被重定位的域中保留了加數。在所有的情況下,加數和計算結果使用相同位元組順序。)
Some relocation types have semantics beyond simple calculation.
R_386_GOT32 This relocation type computes the distance from the base of the global offset table to the symbol’s global offset table entry. It additionally instructs the link editor to build a global offset table.
( 這種重定位類型計算全局偏移表基位址到 一個符号(比如:調用函數的名字printf)所對應的全局偏移表表項 之間的距離。另外它訓示link editor建立一個全局偏移表。)
R_386_PLT32 This relocation type computes the address of the symbol’s procedure linkage table entry and additionally instructs the link editor to build a procedure linkage table.
(這種重定位類型 計算 符号的過程連結表表項的位址,另外它訓示 link editor建立一個過程連結表。)
R_386_COPY The link editor creates this relocation type for dynamic linking. Its offset member refers to a location in a writable segment. The symbol table index specifies a symbol that should exist both in the current object file and in a shared object. During execution, the dynamic linker copies data associated with the shared object’s symbol to the location specified by the offset.
(連結器建立這種重定位類型表項是為了用于動态連結。(R_386_COPY 類型重定位表項的)成員r_offset??指向一個可寫段中的某個位置,符号表索引指定一個符号(如:printf)既存在于目前 object file 也存在于一個shared object file中。在執行過程中,動态連結器把 shared object file中與該符号(如:printf)相關的資料拷貝到該偏移所指定的位置。)
R_386_GLOB_DAT This relocation type is used to set a global offset table entry to the address of the specified symbol. The special relocation type allows one to determine the correspondence(符合,對應) between symbols and global offset table entries.
(這種重定位類型表項用于設定全局偏移表的某一個表項為某個指定符号的位址。該特定的重定位類型允許你決定符号和全局偏移表表項之間的對應。)
R_3862_JMP_SLOT The link editor creates this relocation type for dynamic linking. Its offset member gives the location of a procedure linkage table entry. The dynamic linker modifies the procedure linkage table entry to transfer control to the designated symbol’s address [see ‘‘Procedure Linkage Table’’ in Part 2].
(連結器建立這種重定位類型表項是為了用于動态連結。(R_3862_JMP_SLOT 類型重定位表項的)成員r_offset??給出了一個過程連結表表項的位置。動态連結器修改這個過程連結表表項以便把控制傳遞到指定的符号位址(比如符号printf()的位址)。[參閱第二部分中的 "Procedure Linkage Table(過程連結表)"])
R_386_RELATIVE The link editor creates this relocation type for dynamic linking. Its offset member gives a location within a shared object that contains a value representing a relative address??. The dynamic linker computes the corresponding virtual address by adding the virtual address at which the shared object was loaded to the relative address. Relocation entries for this type must specify 0 for the symbol table index??.
(連結器建立這種重定位類型表項是為了用于動态連結。(R_386_RELATIVE 類型重定位表項的)成員r_offset??給出了共享object 檔案中的位置,該位置包含了一個表示相對位址的值??。動态連結器計算相應的虛拟位址(把該shared object 裝載的虛拟位址和前述相對位址相加的結果)。為了符号表索引,這種重定位類型的重定位表項必須指定為 0??。)
R_386_GOTOFF This relocation type computes the difference between a symbol’s value and the address of the global offset table. It additionally instructs the link editor to build the global offset table.
(這種重定位類型計算符号的值和全局偏移表位址之間的差異。另外還訓示連結器建立全局偏移表。)
R_386_GOTPC This relocation type resembles R_386_PC32, except it uses the address of the global offset table in its calculation. The symbol referenced in this relocation normally is _GLOBAL_OFFSET_TABLE_, which additionally instructs the link editor to build the global offset table.
(這種重定位類型類似于 R_386_PC32 ,不同的是它在計算中使用全局偏移表。這種重定位中引用的符号通常是 _GLOBAL_OFFSET_TABLE_ ,另外該符号也訓示連結器建立全局偏移表。)
2. PROGRAM LOADING AND DYNAMIC LINKING
Introduction 2-1
Program Header 2-2
Base Address 2-4
Note Section 2-4
Program Loading 2-7
Dynamic Linking 2-10
Program Interpreter 2-10
Dynamic Linker 2-10
Dynamic Section 2-11
Shared Object Dependencies 2-15
Global Offset Table 2-16
Procedure Linkage Table 2-17
Hash Table 2-19
Initialization and Termination Functions 2-20
Introduction
Part 2 describes the object file information and system actions that create running programs. Some information
here applies to all systems; other information is processor-specific.
(第二部分描述了 object 檔案資訊和建立運作程式時的系統動作行為。一部分資訊适合所有的系統,其餘的資訊是和特定處理器相關的。)
Executable and shared object files statically represent programs. To execute such programs, the system uses the files to create dynamic program representations(動态程式描繪), or process images. A process image has segments that hold its text, data, stack, and so on. The major sections in this part discuss the following.
(可執行和共享的 object 檔案本身隻是靜态的描繪了程式。為了執行這樣的程式,系統用這些檔案建立動态的程式表現,或曰程序映像。一個程序映像包含多個段用于儲存程序的代碼、資料、堆棧等等。這部分主要讨論如下的内容:)
Program header. This section complements(補充) Part 1, describing object file structures that relate directly to program execution. A program header table(the primary data structure) locates segment images within the object file and contains other information necessary to create the memory image for the program.
(* 程式頭(Program header)。本段内容補充Part 1,描述和程式運作直接相關的object file 資料結構。一個程式頭表(即檔案中基本的資料結構)可定位object檔案中的段映像,也包含了為該程式建立記憶體映像所需要的其他資訊。)
Program loading. Given an object file, the system must load it into memory for the program to run.
(* 載入程式(Program loading)。給出一個 object file 時,系統必須将它載入記憶體以便讓它運作。)
Dynamic linking. After the system loads the program, it must complete the process image by resolving symbolic references among the object files that compose the process.
(* 動态連結(Dynamic linking)。系統載入了程式之後,系統必須在組成該程序的object 檔案之間解析符号引用,來完成程序映像(的創作)。)
NOTE:There are naming conventions for ELF constants that have specified processor ranges. Names such as DT_, PT_, for processor-specific extensions, incorporate the name of the processor:DT_M32_SPECIAL, for example. Pre–existing processor extensions not using this convention will be supported.
(注意:具有指定處理器範圍的 ELF 常量是有命名約定的。比如名字DT_ , PT_ ,用于特定處理器擴充名,組合了處理器的名稱:如 DT_M32_SPECIAL。沒有使用這種命名慣例但是預先已經存在的處理器擴充名是允許的。)
Pre-existing Extensions
=======================
DT_JMP_REL
Program Header
An executable or shared object file’s program header table is an array of structures, each describing a segment or other information the system needs to prepare the program for execution. An object file’s segment contains one or more sections, as ‘‘Segment Contents’’ describes below. Program headers are meaningful only for executable and shared object files. A file specifies its own program header size with the ELF header’s e_phentsize and e_phnum members [see ‘‘ELF Header’’ in Part 1].
(一個可執行的或共享的 object 檔案的程式頭表是一個資料結構(即:程式頭)的數組,每一個數組元素描述一個“段”或系統預備執行該程式所需要的其他資訊。一個 object 檔案的“段”包含一個或多個section(就象下面的“Segment Contents”所描述的那樣)。程式頭僅僅對于可執行或共享的 object 檔案有意義。一個檔案使用 ELF 頭的 e_phentsize和 e_phnum 成員來指定該檔案的程式頭大小。[參閱第一部分中的 "ELF 頭"])
Figure 2-1: Program Header
typedef struct {
Elf32_Word p_type;
Elf32_Off p_offset;
Elf32_Addr p_vaddr;
Elf32_Addr p_paddr;
Elf32_Word p_filesz;
Elf32_Word p_memsz;
Elf32_Word p_flags;
Elf32_Word p_align;
} Elf32_Phdr;
p_type This member tells what kind of segment (which) this array element describes or how to interpret the array element’s information. Type values and their meanings appear below.
(p_type成員指出了程式頭表項描述了什麼類型的段,或怎樣解釋該程式頭表項的資訊。類型值和含義如下所述。)
p_offset This member gives the offset from the beginning of the object file at which the first byte of the segment resides.
(p_offset 成員給出了該段的駐留位置相對于該object檔案開始處的偏移。)
p_vaddr This member gives the virtual address at which the first byte of the segment resides in memory.
(p_vaddr 成員給出了該段的首位元組駐留在記憶體中的虛拟位址。)
p_paddr On systems for which physical addressing(尋址) is relevant, this member is reserved for the segment’s physical address. Because System V ignores physical addressing for application programs, this member has unspecified contents for executable files and shared objects.
(在和實體尋址有關的作業系統上,p_paddr成員是為該段的實體位址而保留的。由于System V 忽略應用程式的實體尋址,可執行檔案和共享object檔案中該成員未指定内容。)
p_filesz This member gives the number of bytes of the segment in the file image??; it may be zero.
(p_filesz 成員給出了在檔案映像中該段的位元組數;它可能是 0 。)
p_memsz This member gives the number of bytes of the segment in the memory image; it may be zero.
(p_memsz 成員給出了在記憶體映像中該段的位元組數;它可能是 0 。)
p_flags This member gives flags relevant to(有關) the segment. Defined flag values appear below.
(p_flags 成員給出了和該段相關的标志。定義的标志值如下所述。)
p_align As ‘‘Program Loading’’ later in this part describes, loadable process segments must have congruent(全等的) values for p_vaddr and p_offset, modulo(取模) the page size.This member gives the value to which the segments are aligned(定位 對準 對齊) in memory and in the file. Values 0 and 1 mean no alignment is required. Otherwise, p_align should be a positive, integral power of 2, andp_vaddr should equal p_offset, modulo p_align.
(就象在後面“Program Loading”部分中所說的那樣,可載入的程序段的p_vaddr和p_offset分别以頁面尺寸取模計算的結果值必須相等。P_align成員給出了該段在記憶體和檔案中的對齊值。 0 和 1 表示不需要對齊。否則,p_align 必須為2的正整數次幂,并且p_vaddr和p_offset分别以p_align取模計算的結果值應該相等。)
Some entries describe process segments; others give supplementary(補充) information and do not contribute to the process image. Segment entries may appear in any order, except as explicitly noted below. Defined type values follow; other values are reserved for future use.
(一些程式頭表表項描述了程序段;其他的程式頭表表項則提供補充資訊并且無幫助于程序映像。段表項可以以任何順序出現,除非是下面明确聲明的。下面是定義的段類型值;其他的值保留以便将來用于其他用途。)
Figure 2-2: Segment Types, p_type
Name Value
==== =====
PT_NULL 0
PT_LOAD 1
PT_DYNAMIC 2
PT_INTERP 3
PT_NOTE 4
PT_SHLIB 5
PT_PHDR 6
PT_LOPROC 0x70000000
PT_HIPROC 0x7fffffff
PT_NULL The array element is unused; other members’ values are undefined. This type lets the program header table have ignored (whole) entries.
(pt_type=PT_NULL 該類型程式頭表表項未使用;該表項其他的成員值都是未定義的。這種類型讓程式頭表忽略程式頭表項。)
PT_LOAD The array element specifies a loadable segment, described by p_filesz and p_memsz. The bytes from the file are mapped to the beginning of the memory segment??. If the segment’s memory size (p_memsz) is larger than the file size (p_filesz), the ‘‘extra’’ bytes are defined to hold the value 0 and to follow the segment’s initialized area. The file size may not be larger than the memory size. Loadable segment entries in the program header table appear in ascending order, sorted on the p_vaddr member.
(pt_type=PT_LOAD該類型程式頭表表項指定一個可載入的段,由 p_filesz 和 p_memsz 描述。檔案中的位元組被映射到記憶體段的開始處。如果該段的記憶體大小( p_memsz )比檔案大小( p_filesz )要大,則多出的位元組被定義保持為 0 并且跟随段初始化區域??。檔案的大小不會比記憶體大小值大。在程式頭表中,可載入段的表項是按照 p_vaddr 的升序排列的。)
PT_DYNAMIC The array element specifies dynamic linking information. See ‘‘Dynamic Section’’ below for more information.
(pt_type=PT_DYNAMIC 該類型程式頭表表項指定動态連結資訊。參閱 後面的“Dynamic Section”以獲得更多資訊。)
PT_INTERP The array element specifies the location and size of a null-terminated path name to invoke(懇求) as an interpreter. This segment type is meaningful only for executable files(though(雖然) it may occur(出現存在) for shared objects); it may not occur more than once in a file. If it is present, it must precede(先于…) any loadable segment entry. See ‘‘Program Interpreter’’ below for further information.
(pt_type=PT_INTERP 該類型程式頭表表項指定一個以null結尾的路徑名字的位置和大小(此路徑名字作為解釋程式使用)。這種段類型僅僅對可執行檔案有意義(盡管它可能出現用在一個共享 object 上);它在一個檔案中隻能出現一次。如果PT_INTERP類型段出現,它必須先于任何一個“可載入類型段對應的程式頭表項”。參閱後面的“程式解釋器”(Program Interpreter)以獲得更多的資訊。)
PT_NOTE The array element specifies the location and size of auxiliary(輔助的附屬的) information. See ‘‘Note Section’’ below for details.
(pt_type=PT_NOTE 該類型程式頭表表項輔助資訊的位置和大小。參閱後面的“注意部分”以獲得細節。)
PT_SHLIB This segment type is reserved but has unspecified semantics. Programs that contain an array element of this type do not conform(遵守一緻) to the ABI.
(pt_type=PT_SHLIB該類型程式頭表表項保留且具有未指定的語義。具有這種類型程式頭表項的程式并不遵守ABI。)
PT_PHDR The array element, if present, specifies the location and size of the program header table itself, both in the file and in the memory image of the program. This segment type may not occur more than once in a file. Moreover(此外), it may occur only if the program header table is part of the memory image of the program. If it is present, it must precede any loadable segment entry. See ‘‘Program Interpreter’’ below for further information.
(pt_type=PT_PHDR 該類型程式頭表表項(如果出現),指定了程式頭表本身(既在檔案中又在該程式的記憶體映像中)的位置和大小。該類型程式頭表表項在一個檔案中隻能出現一次。更進一步來說,它僅僅在該程式頭表是程式記憶體映像的一部分時才出現。如果PT_PHDR類型段出現,它必須先于任何一個“可載入段對應的程式頭表項”。參閱後面的“程式解釋器”(Program Interpreter)以獲得更多的資訊。)
PT_LOPROC through PT_HIPROC Values in this inclusive range are reserved for processor-specific semantics.
(該範圍中的pt_type值保留用于特定處理器的語義。)
NOTE:Unless specifically required elsewhere, all program header segment types are optional. That is, a file’s program header table may contain only those elements relevant to its contents.
(注意:除非在别處的特殊要求,所有的程式頭的段類型是可選的。也就是說,一個檔案的程式頭表可以僅包含和其内容相關的程式頭表元素。)
Base Address
Executable and shared object files have a base address, which is the lowest virtual address associated with the memory image of the program’s object file. One use of the base address is to relocate the memory image of the program during dynamic linking.
(可執行和共享的 object 檔案有一個“基位址”,該基位址是和程式的object檔案的記憶體中映像相關聯的最低虛拟位址。基位址的用途之一是在動态連結過程中重定位該程式的記憶體映像。)
An executable or shared object file’s base address is calculated during execution from three values: the memory load address, the maximum page size, and the lowest virtual address of a program’s loadable segment. As ‘‘Program Loading’’ in this chapter describes, the virtual addresses in the program headers might not represent the actual virtual addresses of the program’s memory image. To compute the base address, one determines the memory address associated with the lowest p_vaddr value for a PT_LOAD segment; One then obtains the base address by truncating the memory address to the nearest multiple of the maximum page size. Depending on the kind of file being loaded into memory, the memory address might or might not match the p_vaddr values.
(一個可執行的 object file 或 一個共享的 object file 的“基位址”是在執行的時候從三個值計算而來的:1.記憶體載入位址 2.頁面尺寸最大值 3.一個程式的(所有)可載入段的最低虛拟位址。就象在本章“程式載入”中所描述的那樣,程式頭中記載的虛拟位址也許并不表示程式的記憶體映像的實際的虛拟位址。為了計算基位址,第1步必須查明記憶體位址,它和所有PT_LOAD類型的段中的p_vaddr最小值相關聯;第2步獲得基位址的方法是将記憶體位址截成 與最大頁面尺寸最接近的整數倍。取決于載入記憶體中的檔案類型,該記憶體位址和 p_vaddr 值可能比對也可能不比對。)
As ‘‘Sections’’ in Part 1 describes, the .bss section has the type SHT_NOBITS. Although it occupies no space in the file, it contributes to the segment’s memory image. Normally, these uninitialized data reside at the end of the segment, thereby making p_memsz larger than p_filesz in the associated program header element.
(就象在第一部分中 "Section" 中描述的那樣, .bss section 具有 SHT_NOBITS的section類型。盡管在檔案中不占用空間,它卻對段的記憶體映像有所貢獻。通常,這些沒有初始化的資料駐留在段的尾部,是以使得在相關的程式頭中的元素 p_memsz 比 p_filesz 大。)
Note Section (注解部分)
Sometimes a vendor or system builder needs to mark an object file with special information that other programs will check for conformance, compatibility, etc. Sections of type SHT_NOTE and program header elements of type PT_NOTE can be used for this purpose. The note information in SHT_NOTE type sections and program header PT_NOTE type elements holds any number of (許多)entries, each of which is an array of 4-byte words in(符合) the format of the target processor. Labels appear below to help explain note information organization, but they are not part of the specification.
(有的時候供應商或系統設計者需要用特殊的資訊标志一個object file,以便其他程式檢查其一緻性,相容性等等。 SHT_NOTE 類型的section 和PT_NOTE類型的程式頭表表項都可以被用于此目的。SHT_NOTE 類型的section 和PT_NOTE類型的程式頭表表項中的注解資訊包含了許多表項,每一個表項都是符合目标處理器格式的 4-byte“字”的數組。下面的标簽有助于解釋“注釋資訊”的組織形式,但是這些标簽不是規範說明的一部分。)
namesz and name:The first namesz bytes in name contain a null-terminated character representation of the entry’s owner or originator. There is no formal mechanism for avoiding name conflicts. By convention, vendors use their own name, such as ‘‘XYZ Computer Company,’’ as the identifier. If no name is present, namesz contains 0. Padding is present, if necessary, to ensure 4-byte alignment for the descriptor. Such padding is not included in namesz.
(名字中的第一個位元組: namesz包含了一個 null-terminated 字元描述,表達了該表項的所有者或創作者。沒有正式的機制來避免名字沖突。從慣例來說,供應商使用他們自己的名稱,比如 "XYZ Computer Company",作為辨別符。如果沒有提供名字, namesz 值為 0 。如果有必要,提供padding(填充資訊)以確定描述符4-位元組對齊。 這種填充資訊并不包括在namesz 中。)
descsz and desc:The first descsz bytes in desc hold(儲存) the note descriptor(描述符). The ABI places no constraints(限制) on a descriptor’s contents. If no descriptor is present, descsz contains 0. Padding is present, if necessary, to ensure 4-byte alignment for the next note entry. Such padding is not included in descsz.
( desc 中的首位元組: descsz儲存了注解描述符。ABI 沒有對一個描述符的内容予以限制。如果沒有描述符,descsz 将包含0 。必要的話,提供padding(填充資訊)以確定下一個注解表項4-位元組對齊。 這種填充資訊并不包括在descsz中。)
type: This word gives the interpretation of the descriptor. Each originator controls its own types; multiple interpretations of a single type value may exist. Thus, a program must recognize both the name and the type to ‘‘understand’’ a descriptor. Types currently must be nonnegative.The ABI does not define what descriptors mean.
(這個“字”給出了描述符的解釋。每一個創作者管理着自己的類型;一個單一類型值的多種解釋是可能存在的。是以,一個程式為了了解一個描述符必須既認識其名字也認識其類型。類型目前必須是非負的。ABI 沒有定義描述符的含義。)
To illustrate, the following note segment holds two entries.
NOTE:The system reserves note information with no name (namesz= =0) and with a zero-length name (name[0]= =’’) but currently defines no types. All other names must have at least one non-null character.
(注意:系統保留的注解資訊沒有名字 (namesz==0) ,有一個零長度的名字 (name[0]=='') 目前沒有為其定義類型。除此以外其它所有的名字必須至少有一個非空的字元。)
NOTE
Note information is optional. The presence of note information does not affect a program’s ABI conformance, provided(以。。。為條件) the information does not affect the program’s execution behavior. Otherwise, the program does not conform to the ABI and has undefined behavior.
(注意:注解資訊是可選的。注解資訊的存在不影響一個程式的 ABI 一緻性,前提是該資訊不影響程式的執行行為。否則,該程式将不符合 ABI 并帶有未定義的行為。)
Program Loading
As the system creates or augments(增加) a process image, it logically copies a file’s segment to a virtual memory segment. When—and if—the system physically reads the file depends on the program’s execution behavior, system load, etc. A process does not require a physical page unless it references the logical page during execution, and processes commonly leave many pages unreferenced. Therefore delaying physical reads frequently obviates(消除避免) them, improving system performance(性能). To obtain this efficiency in practice, executable and shared object files must have segment images whose file offsets and virtual addresses are congruent, modulo the page size.
(當系統建立或增加一個“程序映像”的時候,它(隻是先)邏輯地拷貝一個檔案的段到一個虛拟的記憶體段。系統什麼時候實體地讀取檔案依賴于程式的執行行為,系統載入等等。一個程序執行時僅當需要引用邏輯頁面的時候才需要一個實體頁面,而程序一般會留下許多未引用的頁面。是以推遲實體上的讀操作常常可以避免(引用)這些邏輯頁面,進而改善系統的性能。為了實際中達到這種效果,可執行的和共享object 檔案具有的段映像們必須滿足條件:段映像的檔案偏移和段映像的虛拟位址以頁面尺寸為模是相等的。)
Virtual addresses and file offsets for the SYSTEM V architecture segments are congruent modulo 4 KB (0x1000) or larger powers of 2. Because 4 KB is the maximum page size, the files will be suitable for paging(頁面排程記憶體分頁) regardless of physical page size.
(SYSTEM V 體系結構的 段虛拟位址和段檔案偏移 以4KB(0x1000)或較大的2的n次幂 取模是同餘的。
由于 4KB 是最大的頁面尺寸,不管實體頁面尺寸如何,檔案将是适記憶體分頁的。)
Figure 2-5: Executable File
File Offset File Virtual Address
=========== ==== ===============
0 ELF header
Program header table
Other information
0x100 Text segment 0x8048100
...
0x2be00 bytes 0x8073eff
0x2bf00 Data segment 0x8074f00
...
0x4e00 bytes 0x8079cff
0x30d00 Other information
...
(圖不好 參看45頁)
Figure 2-6: Program Header Segments
Member Text Segment Data Segment
====== ========== ==========
p_type PT_LOAD PT_LOAD
p_offset 0x100 0x2bf00 (對應Figure 2-5中的兩個段的檔案偏移)
p_vaddr 0x8048100 0x8074f00 (對應Figure 2-5中的兩個段的虛拟位址)
p_paddr unspecified unspecified
p_filesz 0x2be00 0x4e00
p_memsz 0x2be00 0x5e24
p_flags PF_R+PF_X PF_R+PF_W+PF_X
p_align 0x1000 0x1000
Although the example’s file offsets and virtual addresses are congruent modulo 4 KB for both text and data, up up to(一直到,等于??) four file pages hold impure text or data (depending on page size and file system block size).
(盡管示例中的文本段和資料段的檔案偏移和虛拟位址以4KB為模是同餘的,但是有4 個檔案頁面存放着非純粹的混合的正文和資料(依賴于頁面尺寸和檔案系統塊尺寸))(正文段通常存放純代碼,但在正文段與資料段的交界處的正文頁面和資料頁面可能會存放着混合的資料)
The first text page contains the ELF header, the program header table, and other information.
(* 正文段第一個頁面包含了 ELF 頭、程式頭表和其它資訊。參看Figure 2-5)
The last text page holds a copy of the beginning of data.
(* 正文段最後一個頁面包含了一個資料段開頭的拷貝。)
The first data page has a copy of the end of text.
(* 資料段第一個頁面包含了一個正文段末端的拷貝。)
The last data page may contain file information not relevant to the running process.
(* 資料段最後一個頁面也許會包含與正在運作的程序無關的檔案資訊。)
Logically, the system enforces(實施,強制) the memory permissions as if(像。。。一樣) each segment were complete and separate; segments’ addresses are adjusted to ensure each logical page in the address space has a single set of permissions.
(邏輯上,系統執行記憶體權限時認為每個段是完整的、互相隔離的;段的位址被調整以確定位址空間裡的每個邏輯頁面有單一的一套權限)
In the example above, the region of the file holding the end of text and the beginning of data will be mapped twice: at one virtual address for text and at a different virtual address for data.
(在上面的示例中,包含文本段結束和資料段開頭的檔案的(頁面)區域将被映射兩次:為文本(段的一部分映射)在一個虛拟位址上,為資料(段的一部分映射)在另一個虛拟位址上。)
The end of the data segment requires special handling for uninitialized data, which the system defines to begin with zero values. Thus if a file’s last data page includes information not in the logical memory page, the extraneous data must be set to zero, not the unknown contents of the executable file. ‘‘Impurities’’ in the other three pages are not logically part of the process image; whether the system expunges them is unspecified(未指明的,未詳細說明的). The memory image for this program follows, assuming 4 KB (0x1000) pages.
(資料段的結束處需要對未初始化的資料進行特殊處理(系統定義未初始化的資料以0值開始)。是以如果一個檔案的最後一個資料段頁面包括的資訊不在邏輯記憶體頁面中,則無關的資料應當被置為 0 ,而非可執行檔案的未知的内容)。在其他三個頁面中的不純潔内容理論上并不是程序映像的一部分;系統是否擦除它們并未指明。下面程式的記憶體映像假定是4KB 的頁面。)
Figure 2-7: Process Image Segments
Virtual Address Contents Segment
=============== ======== =======
0x8048000 Header padding Text
0x100 bytes
0x8048100 Text segment
...
0x2be00 bytes
0x8073f00 Data padding (這裡估計是text段和data段交彙的地方)
0x100 bytes
0x8074000 Text padding Data
0xf00 bytes
0x8074f00 Data segment
...
0x4e00 bytes
0x8079d00 Uninitialized data
0x1024 zero bytes
0x807ad24 Page padding
0x2dc zero bytes
One aspect(方面) of segment loading differs between executable files and shared objects. Executable file segments typically contain absolute code(機器(代)碼絕對(代)碼). To let the process execute correctly, the executable file segments must reside at the virtual addresses used to(慣常,慣于) build the executable file??. Thus the system uses the p_vaddr values unchanged as virtual addresses.
(可執行檔案和共享檔案在段裝載方面有所不同。典型地,可執行檔案的段包含絕對代碼。為了讓程序正确執行,這些可執行檔案段必須駐留在可執行檔案建立時(所确定)的虛拟位址處??。是以系統使用未改變的 p_vaddr 作為虛拟位址。)
On the other hand, shared object segments typically contain position-independent code. This lets a segment’s virtual address change from one process to another, without invalidating execution behavior.
Though the system chooses virtual addresses for individual processes, it maintains the segments’ relative positions. Because position-independent code uses relative addressing(相對尋址) between segments, the difference between virtual addresses in memory must match the difference between virtual addresses in the file.
The following table shows possible shared object virtual address assignments for several processes, illustrating constant relative positioning(相對位置). The table also illustrates the base address computations.
(另一方面,共享檔案段典型地包含着位置無關代碼。這就使得一個段的虛拟位址在不同程序也各不相同,且執行行為不會無效。雖然系統為單獨程序選擇虛拟位址,它維護各個段的相對位置。因為位置無關的代碼在段間使用相對尋址,記憶體中的虛拟位址的差異必須比對檔案中虛拟位址的差異。下表給出了幾個程序中共享對象可能配置設定的虛拟位址,舉例說明了不變的相對位置。該表同時闡明了基位址計算。)
Figure 2-8: Example Shared Object Segment Addresses
Sourc Text Data Base Address
===== ==== ==== ============
File 0x200 0x2a400 0x0 (相差0x2a200)
Process 1 0x80000200 0x8002a400 0x80000000 (相差0x2a200)
Process 2 0x80081200 0x800ab400 0x80081000 (相差0x2a200)
Process 3 0x900c0200 0x900ea400 0x900c0000 (相差0x2a200)
Process 4 0x900c6200 0x900f0400 0x900c6000 (相差0x2a200)
Dynamic Linking
Program Interpreter (程式解釋程式)
An executable file may have one PT_INTERP(segment type) program header element. During exec(BA_OS), the system retrieves(重新得到) a path name(路徑名) from the PT_INTERP type segment and creates the initial process image from the interpreter file’s segments. That is, instead of(代替,而不是) using the original(原始的最初的) executable file’s segment images, the system composes a memory image for the interpreter. It then is the interpreter’s responsibility to receive control from the system and provide an environment for the application program.
(一個可執行檔案可能有一個 PT_INTERP類型的程式頭表表項(如果PT_INTERP類型段出現,它必須優先于任何一個“可載入類型的段表項”。)。在 exec(BA_OS) 的時候,系統從 PT_INTERP類型段中取回一個路徑名(例如:/lib/ld-linux.so.2.so),并用解釋程式檔案(/lib/ld-linux.so.2.so)中的段建立初始的程序映像。也就是說,系統為解釋程式組成了一個記憶體映像,而不是使用最初的可執行檔案中的段映像。此時該解釋器程式就負責接收系統傳來的控制并且為應用程式提供一個環境。)
The interpreter receives control in one of two ways. First, it may receive a file descriptor to read the executable file, positioned(安置,決定...的位置) at the beginning??. It can use this file descriptor to read and/or map the executable file’s segments into memory. Second, depending on the executable file format, the system may load the executable file into memory instead of giving the interpreter an open file descriptor. With(由于) the possible exception of the file descriptor??, the interpreter’s initial process state matches what the executable file would have received. The interpreter itself may not require a second interpreter. An interpreter may be either a shared object file or an executable file.
(解釋程式使用兩種方法中的一種來接收系統來的控制。第一種,解釋程式會接收一個檔案描述符來讀取可執行檔案,安置在開頭??。解釋程式可以使用這個檔案描述符來讀取并且(或者)映射該可執行檔案中的段到記憶體中。第二種,依賴于該可執行檔案格式,系統(自己)可以裝載這個可執行檔案到記憶體中而不是傳送給解釋程式一個打開的檔案描述符。由于檔案描述符可能的例外(即:系統可能不傳送檔案描述符給解釋程式),解釋程式的初始的程序狀态比對将接收的可執行檔案類型。解釋程式本身并不需要第二個解釋程式。解釋器程式可以是一個共享目标檔案(/lib/ld-linux.so.2.so)也可以是一個可執行檔案(/bin /sh??)。)
A shared object (the normal case) is loaded as position-independent, with addresses that may vary from one process to another; the system creates its segments in the dynamic segment area used by mmap(KE_OS) and related services??. Consequently, a shared object interpreter typically will not conflict with the original executable file’s original segment addresses.
(* 一個共享目标檔案(正常的情形)在被載入的時候是位置無關的,在各個程序中的(載入)位址可能各不相同;系統把共享目标檔案中的段建立在動态的段區域中 (動态段區域為mmap(KE_OS) 和相關服務例程所用)。因而,即使解釋程式是一個共享目标檔案,(解釋程式的加載位址)也将不會和最初的可執行檔案的原始段位址相沖突。)
An executable file is loaded at fixed addresses; the system creates its segments using the virtual addresses from the program header table. Consequently, an executable file interpreter’s virtual addresses may collide with the first executable file; the interpreter is responsible for resolving conflicts.
(* 一個可執行檔案被載入到固定位址;系統使用程式頭表中記錄的虛拟位址為一個可執行檔案建立(記憶體)段(映像)。因而,解釋器程式如果是一個可執行檔案(/bin/sh),(解釋程式的)載入虛拟位址可能和第一個可執行檔案(的載入位址)相沖突;解釋器程式會負責解決這種沖突。)
Dynamic Linker
When building an executable file that uses dynamic linking, the link editor adds a program header element of type PT_INTERP to an executable file, telling the system to invoke the dynamic linker(目标代碼連接配接器) as the program interpreter.
(當使用動态連結方式建立一個可執行檔案時,連結編輯器把一個 PT_INTERP 類型的程式段 添加到可執行檔案中,告知系統調用動态連結器當作程式解釋器。
當使用動态連結方式建立一個可執行檔案時,連結器把一個 PT_INTERP 類型
的程式段 加到可執行檔案中,告訴系統把動态連結器做為該程式的解釋器。
(如果PT_INTERP類型段出現,它必須先于任何一個“可載入段入口表項”。)
注意:由系統提供的動态連結器是和特定處理器相關的。)
NOTE
The locations of the system provided dynamic linkers are processor–specific.
(注意:系統提供的動态連結器的位置是與特定處理器相關的。)
Exec(BA_OS) and the dynamic linker cooperate to create the process image for the program, which entails(使必須,使承擔) the following actions:
Adding the executable file’s memory segments to the process image;
Adding shared object memory segments to the process image;
Performing(執行) relocations for the executable file and its shared objects;
Closing the file descriptor that was used to read the executable file, if one was given to the dynamic linker;
Transferring control to the program, making it look as if the program had received control directlyfrom exec(BA_OS).
(Exec(BA_OS) 和動态連結器協作一起為程式建立程序映像,必須有如下的動作:
* 将可執行檔案的記憶體段加入程序映像中;
* 将共享對象的記憶體段加入程序映像中;
* 為可執行檔案和它的共享object執行重定位;
* 如果曾傳遞給了動态連結器一個檔案描述符(用于讀取可執行檔案),(使用完畢後要)關閉這個檔案描述符。
* 将控制傳遞給程式,使它看起來就象該程式直接從 exec(BA_OS) 接收到了控制一樣。)
The link editor also constructs various data that assist the dynamic linker for executable and shared object files. As shown above in ‘‘Program Header,’’ these data reside in loadable segments, making them available during execution. (Once again, recall the exact segment contents are processor-specific??. See the processor supplement for complete information.)
(連結編輯器也為可執行檔案和共享對象檔案構造各種資料以幫助動态連結器。就象在上面“程式頭”中說的那樣,這些資料駐留在可載入類型段中,使得在執行期間這些資料是可用的。(再一次的,recall正确的段内容是和特定處理器相關的??。可以參閱處理器的補充說明來獲得詳盡的資訊。))
A .dynamic section with type SHT_DYNAMIC holds various data. The structure residing at the beginning of the section holds the addresses of other dynamic linking information.
The .hash section with type SHT_HASH holds a symbol hash table.
The .got and .plt sections with type SHT_PROGBITS hold two separate tables: the global offset table and the procedure linkage table. Sections below explain how the dynamic linker uses and changes the (two) tables to create memory images for object files.
(* 一個 SHT_DYNAMIC 類型的section:.dynamic 包含各種資料,在該section 開頭的結構裡面包含了其他動态連結資訊的位址。
* SHT_HASH 類型的section:.hash 包含了一個 symbol hash table.
* SHT_PROGBITS 類型的section:.got .plt 包含了兩個獨立的表:全局偏移表和過程連結表。下面的 section 示範了動态連結器使用和改變這些表來為 object file 建立記憶體映像。)
Because every ABI-conforming program imports the basic system services (functions) from a shared object library, the dynamic linker participates in every ABI-conforming program execution.
(由于每一個遵循 ABI 的程式都需要從一個共享object檔案庫中輸入基本的系統服務函數,是以動态連結器參與每一個遵循 ABI 的程式的執行過程。)
As ‘‘Program Loading’’ explains in the processor supplement, shared objects may occupy virtual memory addresses that are different from the addresses recorded in the file’s program header table. The dynamic linker relocates the (share object) memory image, updating absolute addresses before the application gains control. Although the absolute address values would be correct if the library were loaded at the addresses specified in the program header table, this normally is not the case.
(在處理器補充說明的“程式載入”部分曾經說過,共享objects占用的虛拟記憶體位址可能會和記錄在共享目标檔案的“程式頭表項”中的位址不同。“動态連結器”重定位(共享objects的)記憶體映像,在應用程式獲得控制權之前更新絕對位址。盡管如果庫檔案被載入到程式頭表所指定的位址處,絕對位址(也)将會是正确的,情況通常卻不是這樣。)
If the process environment [see exec(BA_OS)] contains a variable named LD_BIND_NOW with a non-null value, the dynamic linker processes all relocation before transferring control to the program. For example, all the following environment entries would specify this behavior.
(如果程序環境 [see exec(BA_OS)] 包含了一個名為LD_BIND_NOW的環境變量的值非零,動态連結器在把控制權傳遞給程式之前處理所有的重定位。舉例而言,所有下面的環境表項将指定這種行為。)
LD_BIND_NOW=1
LD_BIND_NOW=on
LD_BIND_NOW=off
Otherwise, LD_BIND_NOW either does not occur in the environment or has a null value. The dynamic linker is permitted to evaluate procedure linkage table entries lazily, thus avoiding symbol resolution and relocation overhead for functions that are not called. See ‘‘Procedure Linkage Table’’ in this part for more information.
(否則,如果LD_BIND_NOW為空值或者沒有出現在環境中。則允許動态連結器延緩估算過程連結表表項,進而可以避免對沒有調用的函數進行符号解析和重定位工作。參閱"Procedure Linkage Table"擷取更多的資訊。)
Dynamic Section
If an object file participates in dynamic linking, its program header table will have an element of type PT_DYNAMIC. This ‘‘segment’’ contains the .dynamic section. A special symbol, _DYNAMIC, labels the section, which contains an array of the following structures.
(假如一個 object檔案參與動态連接配接,它的程式頭表将有一個PT_DYNAMIC類型的程式頭表表項。這個PT_DYNAMIC類型的“段”包含了一個 SHT_DYNAMIC類型的section:.dynamic 。.dynamic section用一個特殊的符号:_DYNAMIC來标記,.dynamic section包含了一個Elf32_Dyn結構的數組:_DYNAMIC[] 以下稱為:動态連接配接數組)
Figure 2-9: Dynamic Structure
typedef struct {
Elf32_Sword d_tag;
union {
Elf32_Sword d_val;
Elf32_Addr d_ptr;
} d_un;
} Elf32_Dyn;
extern Elf32_Dyn _DYNAMIC[];
For each object with this type(Elf32_Dyn), d_tag controls the interpretation of d_un.
(對于每一個Elf32_Dyn類型的資料結構對象(動态連接配接數組項),d_tag成員控制着 對d_un的解釋。)
d_val These Elf32_Word objects represent integer values with various interpretations.
(*d_val 這些Elf32_Word 類型“資料對象”描述了具有多種不同解釋的整數值們。)
d_ptr These Elf32_Addr objects represent program virtual addresses. As mentioned previously, a file’s virtual addresses might not match the memory virtual addresses during execution. When interpreting addresses contained in the dynamic structure, the dynamic linker computes actual addresses(有效位址,實位址), based on the original file value and the memory base address. For consistency, files do not contain relocation entries to ‘‘correct’’ addresses in the dynamic structure.
(*d_ptr這些 Elf32_Addr類型“資料對象”描述了程式虛拟位址。就象前面提到的,在執行時,檔案的(程式頭表中記載的)虛拟位址可能和記憶體虛拟位址不比對。當解釋包含在動态資料結構(Elf32_Dyn)中的位址時,動态連接配接器根據原始檔案的相關值和記憶體的基位址來計算實際的位址。為了一緻性,檔案不包含重定位表項去糾正動态資料結構中的位址。)
The following table summarizes the tag requirements for executable and shared object files. If a tag is marked ‘‘mandatory,’’ then the dynamic linking array(_DYNAMIC[]) for an ABI-conforming file must have an entry of that type. Likewise, ‘‘optional’’ means an entry for the tag may appear but is not required.
(下表總結了用于可執行檔案和共享object檔案的d_tag要求。d_tag表示動态連接配接數組項的類型,在符合ABI的檔案的_DYNAMIC數組裡,标為”mandatory”的d_tag表示這種數組項是不可缺少的。标為”optional”的 d_tag 表示這種數組項是可有可無的。)
Figure 2-10: Dynamic Array Tags, d_tag
Name Value d_un Executable Shared Object
==== ===== ==== ========== =============
DT_NULL 0 ignored mandatory mandatory
DT_NEEDED 1 d_val optional optional
DT_PLTRELSZ 2 d_val optional optional
DT_PLTGOT 3 d_ptr optional optional
DT_HASH 4 d_ptr mandatory mandatory
DT_STRTAB 5 d_ptr mandatory mandatory
DT_SYMTAB 6 d_ptr mandatory mandatory
DT_RELA 7 d_ptr mandatory optional
DT_RELASZ 8 d_val mandatory optional
DT_RELAENT 9 d_val mandatory optional
DT_STRSZ 10 d_val mandatory mandatory
DT_SYMENT 11 d_val mandatory mandatory
DT_INIT 12 d_ptr optional optional
DT_FINI 13 d_ptr optional optional
DT_SONAME 14 d_val ignored optional
DT_RPATH 15 d_val optional ignored
DT_SYMBOLIC 16 ignored ignored optional
DT_REL 17 d_ptr mandatory optional
DT_RELSZ 18 d_val mandatory optional
DT_RELENT 19 d_val mandatory optional
DT_PLTREL 20 d_val optional optional
DT_DEBUG 21 d_ptr optional ignored
DT_TEXTREL 22 ignored optional optional
DT_JMPREL 23 d_ptr optional optional
DT_LOPROC 0x70000000 unspecified unspecified unspecified
DT_HIPROC 0x7fffffff unspecified unspecified unspecified
DT_NULL An entry with a DT_NULL tag marks the end of the _DYNAMIC array.
(DT_NULL類型的數組項表示 _DYNAMIC數組的結束。)
DT_NEEDED This element holds the string table offset of a null-terminated string, giving the name of a needed library. The offset is an index into the table recorded in the DT_STRTAB entry. See ‘‘Shared Object Dependencies’’ for more information about these names. The dynamic array may contain multiple entries with this type. These entries’ relative order is significant, though their relation to entries of other types is not (significant).
(DT_NEEDED 類型的數組項儲存着一個以NULL結尾的字元串在字元串表中的偏移量,這個字元串是所需“庫”的名字(例如:libc.so.6)。該偏移量是:在 DT_STRTAB類型數組項中記錄的字元串表的索引值。參看“Shared Object Dependencies”關于這些名字的更多資訊。動态連接配接數組中可以包含多個這種類型的數組項。這些(同類)數組項之間的互相順序是重要的,但是它們跟其他類型數組項的關系是不重要的。)
DT_PLTRELSZ This element holds the total size, in bytes, of the relocation entries associated with the procedure linkage table. If an entry of type DT_JMPREL is present, a DT_PLTRELSZ must accompany it.
(DT_PLTRELSZ 類型的數組項儲存着跟PLT關聯的重定位表表項的總體位元組大小。假如_DYNAMIC數組中有一個DT_JMPREL類型的數組項存在,那麼一個DT_PLTRELSZ類型的數組項也必須伴随存在。)
DT_PLTGOT This element holds an address associated with the procedure linkage table and/or the
global offset table. See this section in the processor supplement for details.
(DT_PLTGOT 類型的數組項儲存着一個跟PLT和/或者GOT相關的位址(例如:.got section 首位址)。具體細節看處理器補充部分。)
DT_HASH This element holds the address of the symbol hash table, described in ‘‘Hash Table.’’ This hash table refers to the symbol table referenced by the DT_SYMTAB element.
(DT_HASH 類型的數組項儲存着符号哈希表的位址(例如:.hash section 首位址),在“哈希表”有描述。這個符号哈希表指向被DT_SYMTAB數組項引用的符号表。)
DT_STRTAB This element holds the address of the string table, described in Part 1. Symbol names, library names, and other strings reside in this table.
(DT_STRTAB 類型的數組項儲存着“字元串表”位址(例如:.dynstr section 首位址),字元串表在第一部分有描述,包含了符号名,庫名,和其他的字元串。)
DT_SYMTAB This element holds the address of the symbol table, described in Part 1, with Elf32_Sym entries for the 32-bit class of files.
(DT_SYMTAB 類型的數組項儲存着“符号表”的位址(例如:.dynsym section 首位址),符号表在第一部分有描述,32-bit類型的檔案具有Elf32_Sym資料結構的符号表項。)
DT_RELA This element holds the address of a relocation table, described in Part 1. Entries in the table have explicit addends, such as Elf32_Rela for the 32-bit file class. An object file may have multiple relocation sections. When building the relocation table for an executable or shared object file, the link editor catenates those sections to form a single table. Although the sections remain independent in the object file, the dynamic linker sees a single table. When the dynamic linker creates the process image for an executable file or adds a shared object to the process image, it reads the relocation table and performs the associated actions. If this element is present, the dynamic structure must also have DT_RELASZ and DT_RELAENT elements. When relocation is ‘‘mandatory’’ for a file??, either DT_RELA or DT_REL may occur (both are permitted but not required).
(DT_RELA 類型的數組項儲存着“重定位表”的位址,重定位表在第一部分有描述。Rela類型重定位表中的表項會有一個明确的加數,比如32-bit類型的檔案具有的 Elf32_Rela資料結構的重定位表項。一個object檔案可以具有多個重定位section(例如:.rel.plt seciton .rel.got section)。當為一個可執行或共享檔案建立“重定位表”的時候,連接配接編輯器把這些重定位section連接配接起來(邏輯上)組成一個單一的表。盡管在 object檔案中sections是保持互相獨立的,動态連接配接器卻把它們看成單一的表。當動态連接配接器為一個可執行檔案建立一個程序映象或者是加載一個共享object到程序映象中,它去讀“重定位表”和執行相關的動作。假如動态連接配接數組中出現DT_RELA類型數組項,動态連接配接數組中必須也要有 DT_RELASZ和DT_RELAENT類型的數組項。當檔案的重定位是mandatory(是指數組項的d_tag是重定位的??),DT_RELA 或者 DT_REL都可能出現(同時出現也是允許的,但是不必要的)。)
DT_RELASZ This element holds the total size, in bytes, of the DT_RELA relocation table.
(DT_RELASZ 類型的數組項儲存着DT_RELA類型的數組項中重定位表總的位元組大小。)
DT_RELAENT This element holds the size, in bytes, of the DT_RELA relocation entry.
(DT_RELAENT 類型的數組項儲存着DT_RELA類型的數組項中重定位表每個表項的位元組大小。)
DT_STRSZ This element holds the size, in bytes, of the string table.
(DT_STRSZ 類型的數組項儲存着字元串表的位元組大小。)
DT_SYMENT This element holds the size, in bytes, of a symbol table entry.
(DT_SYNENT 類型的數組項儲存着符号表每個表項的位元組大小。)
DT_INIT This element holds the address of the initialization function, discussed in ‘‘Initialization and Termination Functions’’ below.
(DT_INIT 類型的數組項儲存着初始化函數的位址(例如:.init section 首位址),在下面“初始化和終止函數”中讨論。)
DT_FINI This element holds the address of the termination function, discussed in ‘‘Initialization and Termination Functions’’ below.
(DT_FINI 類型的數組項儲存着終止函數的位址(例如:.fini section 首位址),在下面“初始化和終止函數”中讨論。)
DT_SONAME This element holds the string table offset of a null-terminated string, giving the name of the shared object. The offset is an index into the table recorded in the DT_STRTAB entry. See ‘‘Shared Object Dependencies’’ below for more information about these names.
(DT_SONAME 類型的數組項儲存着一個以NULL結尾的字元串在字元串表中的偏移量,這個字元串是共享object的名字。該偏移量是:在DT_STRTAB類型數組項中記錄的字元串表的索引值。參看“Shared Object Dependencies”關于這些名字的更多資訊。)
DT_RPATH This element holds the string table offset of a null-terminated search library search path string??, discussed in ‘‘Shared Object Dependencies.’’ The offset is an index into the table recorded in the DT_STRTAB entry.
(DT_RPATH 類型的數組項儲存着一個以NULL結尾的字元串在字元串表中的偏移量,這個字元串是庫(檔案)搜尋路徑。在”Shared Object Dependencies”中有相關讨論。該偏移量是:在DT_STRTAB類型數組項中記錄的字元串表的索引值。)
DT_SYMBOLIC This element’s presence in a shared object library alters the dynamic linker’s symbol resolution algorithm(運算法則) for references within the library. Instead of starting a symbol search with the executable file, the dynamic linker starts from the shared object (library) itself. If the shared object (library) fails to supply the referenced(引用的) symbol, the dynamic linker then searches the executable file and other shared objects as usual.
(DT_SYMBOLIC 類型的數組項出現在一個共享object庫中,改變了動态連接配接器對于庫中的(符号的)引用進行的符号解析算法。動态連接配接器将首先從共享object庫自身中的符号開始搜尋,而不是先在可執行檔案中的符号開始搜尋,如果該共享object庫無法提供所引用的符号,那麼動态連接配接器再照常搜尋可執行檔案和其他的共享object。)
DT_REL This element is similar to DT_RELA, except its table has implicit addends, such as Elf32_Rel for the 32-bit file class. If this element is present, the dynamic structure must also have DT_RELSZ and DT_RELENT elements.
(DT_REL 類型的數組項類似于DT_RELA類型的數組項(例如:.rel.got section 首位址),隻是Rel類型重定位表中的表項會有一個隐含的加數,比如32-bit類型的檔案具有的Elf32_Rel資料結構的重定位表項。假如動态連接配接數組中出現DT_REL類型數組項,動态連接配接數組中必須也要有DT_RELSZ和DT_RELENT類型的數組項。)
DT_RELSZ This element holds the total size, in bytes, of the DT_REL relocation table.
(DT_RELSZ 類型的數組項儲存着DT_REL類型數的組項中的重定位表總的位元組大小。)
DT_RELENT This element holds the size, in bytes, of the DT_REL relocation entry.
(DT_RELENT 類型的數組項儲存着DT_REL類型的數組項中重定位表每個表項的位元組大小。)
DT_PLTREL This member specifies the type of relocation entry to which the procedure linkage table refers. The d_val member holds DT_REL or DT_RELA, as appropriate. All relocations in a procedure linkage table must use the same relocation.
(DT_PLTREL 類型的數組項指定PLT指向的重定位表表項的類型(例如:REL類型或RELA類型)。DT_PLTREL數組項的d_val成員适當儲存着 DT_REL或DT_RELA(數組項的值??)。在一個PLT中的所有重定位必須使用相同(類型:DT_PLTREL)的重定位(表項)。)
DT_DEBUG This member is used for debugging. Its contents are not specified for the ABI; programs that access this entry are not ABI-conforming.
(DT_DEBUG 類型的數組項用于調試。它的内容沒有為ABI指定;通路DT_PLTREL 類型的數組項的程式是不符合ABI的。)
DT_TEXTREL This member’s absence signifies that no relocation entry should cause a modification to a non-writable segment, as specified by the segment permissions in the program header table. If this member is present, one or more relocation entries might request modifications to a non-writable segment, and the dynamic linker can prepare accordingly.
(假如DT_TEXTREL 類型的數組項不存在,表示沒有重定位表表項會引起對非可寫段的修改,象在程式頭表中的(非可寫)段權限所指定的那樣。假如DT_TEXTREL 類型的數組項存在,表示一個或多個重定位表表項可能請求對一個非可寫段進行修改,動态連接配接器能是以而做相應準備。)
DT_JMPREL If present, this entries’s d_ptr member holds the address of relocation entries associated solely with the procedure linkage table. Separating these relocation entries lets the dynamic linker ignore them during process initialization, if lazy binding is enabled. If this entry is present, the related entries of types DT_PLTRELSZ and DT_PLTREL must also be present.
(假如DT_JMPREL 類型的數組項存在,DT_JMPREL數組項的d_ptr成員儲存着和PLT單獨關聯的重定位表表項的位址(例如:.rel.plt section 首位址)。假如lazy binding 激活,那麼分離這些重定位表表項讓動态連接配接器在程序初始化時忽略它們。假如DT_JMPREL類型數組項存在,相關聯的DT_PLTRELSZ類型數組項和DT_PLTREL類型數組項一定要在動态連接配接數組中存在。)
DT_LOPROC through DT_HIPROC
Values in this inclusive range are reserved for processor-specific semantics.
(在DT_LOPROC – DT_HIPROC 範圍内的值為特定處理器語義保留。)
Except for the DT_NULL element at the end of the array, and the relative order of DT_NEEDED elements, entries may appear in any order. Tag values not appearing in the table are reserved.
(除了DT_NULL類型數組項位于動态連接配接數組的末尾,和DT_NEEDED類型數組項的相對次序外,動态連接配接數組中的其他數組項可以任何次序出現。在上表中沒有出現的d_Tag值是保留的。)
Shared Object Dependencies
When the link editor processes an archive library, it extracts library members and copies them into the output object file. These statically linked services are available during execution without involving(包括) the dynamic linker. Shared objects also provide services, and the dynamic linker must attach the proper shared object files to the process image for execution. Thus executable and shared object files describe their specific dependencies.
(當連接配接編輯器處理一個文檔庫時,它取出庫成員并且把它們拷貝到輸出object檔案中。當運作時沒有包括動态連接配接器的時候,這些靜态連接配接的服務函數是可用的。共享object也提供了服務函數,動态連接配接器必須把适當的共享object檔案連接配接到要程序映象中以便執行。因而,可執行檔案和共享object檔案描述了他們明确的依賴關系。)
When the dynamic linker creates the memory segments for an object file, the dependencies (recorded in DT_NEEDED entries of the dynamic structure) tell what shared objects are needed to supply the program’s services. By repeatedly connecting referenced shared objects and their dependencies, the dynamic linker builds a complete process image. When resolving symbolic references, the dynamic linker examines the symbol tables with a breadth-first search. That is, it first looks at the symbol table of the executable program itself, then at the symbol tables of the DT_NEEDED entries (in order), then at the second level DT_NEEDED entries, and so on. Shared object files must be readable by the process; other permissions are not required.
(當動态連接配接器為一個object檔案建立記憶體段時,依賴關系(記錄在動态連接配接數組中的DT_NEEDED類型數組項們中)說明需要哪些共享object來為程式提供服務函數。通過多次連接配接這些被引用的共享object和他們的依賴關系,動态連接配接器建立一個完整的程序映象。當解析符号引用的時候,動态連接配接器以寬度優先搜尋(算法)來檢查符号表,也即,動态連接配接器先檢視可執行程式自身的符号表,然後在DT_NEEDED類型數組項記錄的”庫”的符号表中搜尋(按順序),再接下來是在第二級 DT_NEEDED類型數組項記錄的”庫”的符号表中搜尋,依次類推。共享object檔案必須對程序是可讀的;其他權限則不是必需的。)
NOTE
Even when a shared object is referenced multiple times in the dependency list, the dynamic linker will connect the object only once to the process.
(注意:即使在依賴關系清單中一個共享object被引用多次,動态連接配接器隻把它連接配接到程序中一次。)
Names in the dependency list are copies either of the DT_SONAME strings or the path names of the shared objects used to build the object file??. For example, if the link editor builds an executable file using one shared object with a DT_SONAME entry of lib1 and another shared object library with the path name /usr/lib/lib2, the executable file will contain lib1 and /usr/lib/lib2 in its dependency list.
(依賴關系清單中的名字或者是 DT_SONAME類型數組項中的字元串的拷貝,或者是用來建立object檔案的共享objects的路徑名字們的拷貝。例如,動态連接配接器建立一個可執行檔案時,使用1個共享object 對應的DT_SONAME數組項的值為“lib1”,使用的另1個共享 object庫:路徑名為/usr/lib/lib2,那麼可執行檔案在它的依賴關系清單中将會包含lib1和/usr/lib/lib2。)
If a shared object name has one or more slash (/) characters anywhere in the name, such as /usr/lib/lib2 above or directory/file, the dynamic linker uses that string directly as the path name. If the name has no slashes, such as lib1 above, three facilities specify shared object path searching, with the following precedence.
(假如一個共享object檔案的名字中任何位置包含一個或多個的反斜杠字元(/),例如上面的/usr/lib/lib2檔案或類似directory/file的格式,動态連接配接器直接使用那個字元串做為路徑名。假如名字中沒有包含反斜杠字元(/),例如上面的lib1,則有三種方法指定共享object檔案路徑搜尋,按照如下優先級:)
First, the dynamic array tag DT_RPATH may give a string that holds a list of directories, separated by colons (:). For example, the string /home/dir/lib:/home/dir2/lib: tells the dynamic linker to search first the directory /home/dir/lib, then /home/dir2/lib, and then the current directory to find dependencies.
(* 第一,動态連接配接數組中DT_RPATH類型的數組項給出一個包含以冒号分隔的目錄清單的字元串。例如,字元串 /home/dir/lib:/home/dir2/lib: 告訴動态連接配接器先搜尋/home/dir/lib,再搜尋/home/dir2/lib,再搜尋目前目錄以找到依賴關系。)
Second, a variable called LD_LIBRARY_PATH in the process environment [see exec(BA_OS)] may hold a list of directories as above, optionally followed by a semicolon (;) and another directory list.
The following values would be equivalent to the previous example:
(* 第二,在程序環境中(參見 exec(BA_OS)),有一個環境變量稱為LD_LIBRARY_PATH可以儲存象前面一樣的目錄清單(随意地跟随一個分号(;)和其他目錄清單)。
下面的值等價于前面的例子:)
LD_LIBRARY_PATH=/home/dir/lib:/home/dir2/lib:
LD_LIBRARY_PATH=/home/dir/lib;/home/dir2/lib:
LD_LIBRARY_PATH=/home/dir/lib:/home/dir2/lib:;
All LD_LIBRARY_PATH directories are searched after those from DT_RPATH. Although some programs (such as the link editor) treat the lists before and after the semicolon differently, the dynamic linker does not. Nevertheless, the dynamic linker accepts the semicolon notation, with the semantics described above.
(在搜尋了DT_RPATH類型數組項指定的目錄之後,接着搜尋所有的LD_LIBRARY_PATH目錄。盡管有一些程式(例如連接配接編輯器)處理分号前和分号後的(目錄)清單會有所不同,但是動态連接配接器不會這樣。不過,動态連接配接器接受分号符号,語意如上面描述。)
Third, if the other two groups of directories fail to locate the desired library, the dynamic linker searches /usr/lib.
(* 第三,如果在前面的兩組目錄中查找庫檔案名失敗,那麼動态連接配接器搜尋/usr/lib.)
NOTE
For security, the dynamic linker ignores environmental search specifications (such as LD_LIBRARY_PATH) for set-user and set-group ID programs. It does, however, search DT_RPATH directories and /usr/lib.
(注意:出于安全考慮,動态連接配接器忽略set-user ID和set-group ID程式的環境搜尋設定(例如:LD_LIBRARY_PATH)。但它會搜尋DT_RPATH類型數組項指定的目錄和/usr/lib。)
Global Offset Table
Position-independent code cannot, in general, contain absolute virtual addresses. Global offset tables hold absolute addresses in private data, thus making the addresses available without compromising the position-independence and sharability of a program’s text. A program references its global offset table using position-independent addressing(尋址) and extracts absolute values, thus redirecting position-independent references to absolute locations.
(一般情況下,位置無關的“代碼”中不能包含絕對虛拟位址。全局偏移量表在私有的“資料”中存放絕對位址(不在“代碼”中而是在“資料”中存放GOT表,在GOT表中儲存絕對位址,就不會影響“代碼”的位置無關性),進而使絕對位址可用,無需折中程式正文的位置無關性和可共享能力。一個程式使用位置無關尋址來引用它的GOT表(内容) 并從GOT表中取出絕對位址值,進而把位置無關引用重定向到絕對位址。)
Initially, the global offset table holds information as required by its relocation entries [see ‘‘Relocation’’ in Part 1]. After the system creates memory segments for a loadable object file, the dynamic linker processes the relocation entries, some of which will be type R_386_GLOB_DAT(Relocation Types) referring to the global offset table. The dynamic linker determines the associated symbol values, calculates their absolute addresses, and sets the appropriate memory table entries to the proper values. Although the absolute addresses are unknown when the link editor builds an object file, the dynamic linker knows the addresses of all memory segments and can thus calculate the absolute addresses of the symbols contained therein??.
(最初,GOT裡面儲存着GOT對應的重定位表項所必需的資訊[參看第一部分的“Relocation”] (GOT對應的重定位表項儲存在 .rel.got section裡面)。在系統為一個可加載的object 檔案建立記憶體段們以後,動态連接配接器處理重定位表項們(包括.rel.got section和.rel.plt section中包含的重定位表項),其中有一些重定向類型為R_386_GLOB_DAT的重定位表項指向全局偏移量表(可以用 readelf -a test 看到R_386_GLOB_DAT類型的重定位表項位于.rel.got section中)。動态連接配接器确定相關的符号值,(根據GOT)計算符号值的絕對位址,并且把适當的記憶體表表項設定為正确的值。雖然當連接配接編輯器建立 object檔案的時候 絕對位址是不知道的,但是動态連接配接器會知道所有記憶體段的位址并且能夠計算出它們包含的符号的絕對位址。)
If a program requires direct access to the absolute address of a symbol, that symbol will have a global offset table entry. Because the executable file and shared objects have separate global offset tables, a symbol’s address may appear in several tables. The dynamic linker processes all the global offset table relocations before giving control to any code in the process image, thus ensuring the absolute addresses are available during execution.
(假如程式需要直接通路一個符号的絕對位址,那麼這個符号在GOT(全局偏移量表)中将擁有一個表項。因為可執行檔案和共享檔案有互相獨立的GOT,一個符号的位址可能出現在幾個GOT表中。在将控制權交給程序映象任何代碼之前,動态連接配接器處理所有的全局偏移量表(相關的)重定位(表表項),這樣就可以保證在執行期間絕對位址都是可用的。)
The table’s entry zero is reserved to hold the address of the dynamic structure(_DYNAMIC[]), referenced with the symbol _DYNAMIC. This allows a program, such as the dynamic linker, to find its own dynamic structure without having yet processed its relocation entries.?? This is especially important for the dynamic linker, because it must initialize itself without relying on other programs to relocate its memory image. On the 32-bit Intel Architecture, entries one and two in the global offset table also are reserved. ‘‘Procedure Linkage Table’’ below describes them.
(GOT表的表項0被保留用于儲存動态連接配接數組(_DYNAMIC[])的位址,動态連接配接數組由符号 _DYNAMIC 來引用。這允許一個程式,例如動态連接配接程式,在它的重定位表項還沒有處理時就可找到它自己的動态連接配接數組。這對于動态連接配接程式是尤其重要的,因為動态連接配接程式必需初始化自身而不依賴其他程式來重定位它的記憶體映象。在32位Intel系統結構中,在GOT中的表項1和2也是保留的,下面的過程連接配接表(Procedure LinkageTable)将給予描述。)
The system may choose different memory segment addresses for the same shared object in different programs; it may even choose different library addresses for different executions of the same program. Nonetheless, memory segments do not change addresses once the process image is established. As long as a process exists, its memory segments reside at fixed virtual addresses.
(系統可以為同一個共享object(比如:庫檔案)在不同的程式中選擇不同的記憶體段位址;它甚至可以為同一個程式不同的執行(副本)選擇不同的庫位址。雖然如此,一旦程序映象被建立以後,記憶體段不會再改變它們的位址。隻要一個程序還繼續存在着,它的記憶體段們将駐留在固定的虛拟位址處。)
A global offset table’s format and interpretation are processor-specific. For the 32-bit Intel Architecture, the symbol _GLOBAL_OFFSET_TABLE_ may be used to access the table.
(GOT表的格式和解釋是特定處理器相關的。在32位Intel體系結構下,符号 _GLOBAL_OFFSET_TABLE_ 可用于通路GOT表。)
Figure 2-11: Global Offset Table
extern Elf32_Addr _GLOBAL_OFFSET_TABLE_[];
The symbol _GLOBAL_OFFSET_TABLE_ may reside in the middle of the .got section, allowing both negative and non-negative ‘‘subscripts’’ into the array of addresses??.
(符号_GLOBAL_OFFSET_TABLE_可能駐留在.got section的中間,允許負的和非負的位址的數組下标??。)
Procedure Linkage Table
Much as the global offset table redirects position-independent address calculations to absolute locations,the procedure linkage table redirects position-independent function calls to absolute locations. The link editor cannot resolve execution transfers (such as function calls) from one executable or shared object to another. Consequently, the link editor arranges to have the program transfer control to entries in the procedure linkage table. On the SYSTEM V architecture, procedure linkage tables reside in shared text, but they use addresses in the private global offset table. The dynamic linker determines the destinations’ absolute addresses and modifies the global offset table’s memory image accordingly. The dynamic linker thus can redirect the entries without compromising the position-independence and sharability of the program’s text. Executable files and shared object files have separate procedure linkage tables.
(和 全局偏移表(GOT)用于把位置無關的位址計算重定向到絕對位置幾乎一樣,過程連接配接表(PLT)用于把位置無關的函數調用重定向到絕對位置。連接配接編輯器不能解決從一個可執行檔案或者共享object檔案到另一個 object file的執行(控制權的)傳輸(例如函數調用),是以,連接配接編輯器安排程式把控制權傳遞給PLT中的某個表項。在SYSTEM V體系結構上,PLT駐留在共享正文(代碼部分)中,但是PLT表項使用私有(資料中)的GOT中的(絕對)位址。動态連接配接器确定目的地的絕對位址并且修改(對應的)GOT的記憶體映象。是以,“動态連接配接器”能夠重定向這些PLT表項,無需折中程式正文的位置無關性和可共享能力。可執行檔案和共享 object檔案擁有互相獨立的PLT。)
Figure 2-12: Absolute Procedure Linkage Table (絕對的過程聯接表)
.PLT0:pushl got_plus_4
jmp *got_plus_8
nop; nop
nop; nop
.PLT1:jmp *name1_in_GOT
pushl $offset
jmp [email protected]
.PLT2:jmp *name2_in_GOT
pushl $offset
jmp [email protected]
...
Figure 2-13: Position-Independent Procedure Linkage Table (位置無關的過程聯接表)
.PLT0:pushl 4(%ebx) (使用的都是相對位址)
jmp *8(%ebx)
nop; nop
nop; nop
.PLT1:jmp *[email protected](%ebx)
pushl $offset
jmp [email protected]
.PLT2:jmp *[email protected](%ebx)
pushl $offset
jmp [email protected]
...
NOTE
As the figures show, the procedure linkage table instructions use different operand addressing modes for absolute code and for position-independent code. Nonetheless, their interfaces to the dynamic linker are the same.
(注意:如上圖所示,PLT中的指令 對于絕對代碼和位置無關的代碼 使用不同的操作數尋址方式。雖然如此,他們的界面對動态連接配接器而言是相同的。)
Following the steps below, the dynamic linker and the program ‘‘cooperate’’ to resolve symbolic references through the procedure linkage table and the global offset table.
(按照以下的步驟,動态連接配接器和程式合作通過PLT和GOT來解析符号引用。)
1 . When first creating the memory image of the program, the dynamic linker sets the second and the third entries in the global offset table to special values. Steps below explain more about these values.
(1. 當第一次建立程式的記憶體映象時,動态連接配接器把GOT表的第2個和第3個表項(即:GOT[1]和GOT[2] 參見P53)設定為特殊的值。下面的步驟更為詳細地解釋這些值。)
2 . If the procedure linkage table is position-independent, the address of the global offset table must reside in %ebx. Each shared object file in the process image has its own procedure linkage table, and control transfers to a procedure linkage table entry only from within(從...的内部) the same object file. Consequently, the calling function is responsible for setting the global offset table base register(基址[變址]寄存器) before calling the procedure linkage table entry.
(2. 假如PLT是位置無關的,那麼GOT的位址必須駐留在%ebx寄存器中。每個在程序映象中的共享object檔案都有它自己的PLT,并且僅僅從同一個 object檔案的内部控制傳輸到PLT中的某個表項。是以,在調用PLT表項(中的指令)之前,調用函數要負責設定GOT的基址寄存器(GOT的基址寄存器就是%ebx寄存器,因為每個object檔案也有各自獨立的GOT(參見P53),是以被調用的函數如果屬于不同的object檔案,那麼就要使用相應的object檔案中的GOT)。
3 . For illustration, assume the program calls name1, which transfers control to the label .PLT1.
(3. 舉例說明,參見Figure 2-12 假定程式調用(函數)name1,它将控制權傳遞到PLT中的表項:.PLT1處執行)
4 . The first instruction jumps to the address in the global offset table entry for name1. Initially, the global offset table holds the address of the following pushl instruction, not the real address of name1.
(.PLT1 中的第一條指令(jmp *name1_in_GOT)跳轉到name1對應的GOT表項中儲存的位址處,最初,name1對應的GOT表項中暫時儲存的是 .PLT1中的第2條指令(pushl $offset)的位址,而不是真正的name1的位址。(于是接下來執行指令:pushl $offset))
5 . Consequently, the program pushes a relocation offset (offset) on the stack. The relocation offset is a 32-bit, non-negative byte offset into the relocation table. The designated relocation entry will have type R_386_JMP_SLOT, and its offset will specify the global offset table entry used in the previous jmp instruction. The relocation entry also contains a symbol table index, thus telling the dynamic linker what symbol is being referenced, name1 in this case.
(5. 是以 (接下來執行指令:pushl $offset) ,程式在堆棧中壓入一個重定位偏移量。重定位偏移量是在重定位表中的一個32位、非負的位元組偏移量(PLT對應的重定位表在.rel.plt section中)。(重定位偏移量)指定的重定位表表項的類型是:R_386_JMP_SLOT類型,該重定位表表項的偏移量成員将指向(前面的 .PLT1中的第1條指令jmp *name1_in_GOT 所用到的)GOT表項(例如:用readelf –a test 可以看到 .rel.plt section中包含的重定位表表項的偏移量值都指向 .got section)。該重定位表表項也包含一個符号表索引(= 符号的名字:name1),進而告訴動态連接配接器哪個“符号”正在被引用,在這裡正在被引用符号就是name1。)
6 . After pushing the relocation offset, the program then jumps to .PLT0, the first entry in the procedure linkage table. The pushl instruction places the value of the second global offset table entry (got_plus_4 or 4(%ebx)) on the stack, thus giving the dynamic linker one word of identifying information(辨識資訊). The program then jumps to the address in the third global offset table entry (got_plus_8 or 8(%ebx)), which transfers control to the dynamic linker.
(6. 在壓入重定位偏移量後,程式跳轉到PLT中的第一個表項:.PLT0處執行。.PLT0中的第1條指令:pushl got_plus_4把第二個GOT表項(got_plus_4 或 4(%ebx))中包含的值壓入在堆棧中,目的是給動态連接配接器一個辨識資訊“字”。然後程式跳轉到第三個GOT表項 (got_plus_8 或 8(%ebx))中包含的位址處,傳遞控制權到動态連接配接器。)
7 . When the dynamic linker receives control, it unwinds the stack, looks at the designated relocation entry, finds the symbol’s value, stores the ‘‘real’’ address for name1 in its global offset table entry, and transfers control to the desired destination.
(7. 當動态連接配接器接到控制權,它展開堆棧,檢視在步驟5中(壓入堆棧的重定位偏移量)指定的重定位表表項,找到重定位表表項中包含的符号的值(= name1真實的位址),然後把name1 真實的位址儲存到name1對應的GOT表項中,然後傳遞控制權到想要目的地(name1真實的位址處)。)
8 . Subsequent executions of the procedure linkage table entry will transfer directly to name1, without calling the dynamic linker a second time. That is, the jmp instruction at .PLT1 will transfer to name1, instead of ‘‘falling through’’ to the pushl instruction.
(以後的.PLT1表項 (中的指令)的執行将直接傳輸控制給name1,而不用第二次調用動态連接配接器了(因為這時已經得到name1真實的位址了)。也就是說,在.PLT1中的指令jmp *name1_in_GOT将會傳輸控制給name1,而不用再象前面那樣跳轉到.PLT1的pushl $offset指令。)
The LD_BIND_NOW environment variable can change dynamic linking behavior. If its value is non-null, the dynamic linker evaluates procedure linkage table entries before transferring control to the program. That is, the dynamic linker processes relocation entries of type R_386_JMP_SLOT during process initialization. Otherwise, the dynamic linker evaluates procedure linkage table entries lazily, delaying symbol resolution and relocation until the first execution of a table entry.
(LD_BIND_NOW環境變量能改變動态連接配接器的行為。假如這個變量為非空,動态連接配接器在傳輸控制到程式之前就評估PLT表項。也就是說,在程序初始化時,動态連接配接器會處理重定位類型為R_386_JMP_SLOT的重定位表項。否則,動态連接配接器評估PLT表項是懶惰的,它會将符号解析和重定位工作推遲到一個PLT表項(中指令)的第一次執行時。)
NOTE
Lazy binding generally improves overall application performance, because unused symbols do not incur the dynamic linking overhead. Nevertheless, two situations make lazy binding undesirable for some applications.
First, the initial reference to a shared object function takes longer than subsequent calls, because the dynamic linker intercepts the call to resolve the symbol. Some applications cannot tolerate this unpredictability.
Second, if an error occurs and the dynamic linker cannot resolve the symbol, the dynamic linker will terminate the program. Under lazy binding, this might occur at arbitrary times. Once again, some applications cannot tolerate this unpredictability. By turning off lazy binding, the dynamic linker forces the failure to occur during process initialization, before the application receives control.
(注意:一般來說,lazy binding通常能提升全面的應用程式性能。因為不使用的符号就不會招緻動态連接配接器做無用功。然而,對于一些應用程式有兩種情形會使得lazy binding方式不受歡迎。
第1 初次引用一個共享object中的函數 所花的時間肯定比後來再次調用要花的時間長,因為第1次調用時動态連接配接器先要攔截調用來解析符号。一些應用程式不能容忍這種不可預知性。
第 2 如果一個錯誤發生并且動态連接配接器不能解析該符号,動态連接配接器将終止整個程式。在lazy binding方式下,前述情況可能發生在程式運作當中的任何時候。一些應用程式也是不能容忍這種不可預知性的。通過關掉lazy binding方式,動态連接配接器在應用程式接到控制權之前,迫使程式失敗發生在程序初始化期間。(即:盡量在初始階段就發現錯誤,不要到運作時才出亂子))
Hash Table
A hash table of Elf32_Word objects supports symbol table access. Labels appear below to help explain the hash table organization, but they are not part of the specification.
(一個包含Elf32_Word 對象的哈希表支援對符号表的通路。下面的标記幫助解釋哈希表的組織結構,但是它們不是規範的一部分。)
Figure 2-14: Symbol Hash Table
nbucket
nchain
bucket[0]
...
bucket[nbucket - 1]
chain[0]
...
chain[nchain - 1]
The bucket array contains nbucket entries, and the chain array contains nchain entries; indexes start at 0. Both bucket and chain hold symbol table indexes. Chain table entries parallel the symbol table. The number of symbol table entries should equal nchain; so symbol table indexes also select chain table entries.
(bucket數組包含了nbucket個條目,chain數組包含了nchain個條目;索引從0開始。bucket和chain都儲存着符号表的索引。Chain表條目平行于符号表。符号表表項的數目應該等于nchain;是以用符号表的索引也可選取chain表表項。)
A hashing function (shown below) accepts a symbol name and returns a value that may be used to compute a bucket index. Consequently, if the hashing function returns the value x for some name, bucket[x%nbucket] gives an index, y, into both the symbol table and the chain table. If the symbol table entry is not the one desired, chain[y] gives the next symbol table entry with the same hash value. One can follow the chain links until either the selected symbol table entry holds the desired name or the chain entry contains the value STN_UNDEF.
(一個哈希函數elf_hash()接受一個符号名然後傳回一個值,該值可以用于計算bucket數組索引。是以,假如elf_hash()函數接受一些符号名字後傳回值為x,那麼bucket數組元素:bucket[x%nbucket]可給出一個索引y(索引y既是符号表也是chain表的索引)。假如符号表表項不是期望的,chain 數組元素:chain[y]給出下一個符号表表項(這些符号表表項具有相同的哈希值)。可以沿着chain鍊一直到選取到的符号表表項包含了所期望的名字或者是碰到的chain數組元素中包含值為:STN_UNDEF。)
Figure 2-15: Hashing Function
unsigned long
elf_hash(const unsigned char *name)
{
unsigned long h = 0, g;
while (*name) {
h = (h << 4) + *name++;
if (g = h & 0xf0000000)
h ^= g >> 24;
h &= ~g;
}
return h;
}
Initialization and Termination Functions
After the dynamic linker has built the process image and performed the relocations, each shared object gets the opportunity to execute some initialization code. These initialization functions are called in no specified order, but all shared object initializations happen before the executable file gains control.
(在動态連接配接器建立程序映象和執行重定位以後,每一個共享object将會得到機會來執行一些初始化代碼。這些初始化函數被調用并沒有特别的順序,但是所有的共享object初始化都發生在執行檔案獲得控制之前。)
Similarly, shared objects may have termination functions, which are executed with the atexit(BA_OS) mechanism after the base process begins its termination sequence??. Once again, the order in which the dynamic linker calls termination functions is unspecified.
(類似地,共享的object可以具有終止函數,在基礎程序開始它的終止系列(過程)之後,終止函數以atexit(BA_OS)的機制被執行。動态連接配接器調用終止函數的順序也是不定的。)
Shared objects designate their initialization and termination functions through the DT_INIT and DT_FINI entries in the dynamic structure, described in ‘‘Dynamic Section’’ above. Typically, the code for these functions resides in the .init and .fini sections, mentioned in ‘‘Sections’’ of Part 1.
(共享object通過在動态數組中的DT_INIT和DT_FINI類型的數組項指定它們的初始化和終止函數,如前面Dynamic Section部分描述的。典型的,這些函數的代碼儲存在section:.init和.fini 中,在第一部分的“section”已經提到過。)
NOTE
Although the atexit(BA_OS) termination processing normally will be done, it is not guaranteed to have executed upon process death. In particular, the process will not execute the termination processing if it calls _exit [see exit(BA_OS)] or if the process dies because it received a signal that it neither caught nor ignored.
(注意:盡管atexit(BA_OS)的終止處理一般可以正常完成,但是不保證在僵死程序上被執行。特别的,假如程序調用了_exit(見exit(BA_OS))或者假如程序因為接收到一個既不能捕獲也不能忽略的信号而死掉,那麼程序是不執行終止處理的。)
3 C LIBRARY
C Library 3-1
Global Data Symbols 3-2
C Library
The C library, libc, contains all of the symbols contained in libsys, and, in addition, contains the routines listed in the following two tables. The first table lists routines from the ANSI C standard.
(C庫:libc 包含了在libsys中包含的所有的符号,另外,libc包含了在下面兩個表中列出的正常函數。第一個表中的正常函數來自于ANSI C标準。)
Figure 3-1: libc Contents, Names without Synonyms(同義字)
abort fputc isprint putc strncmp
abs fputs ispunct putchar strncpy
asctime fread isspace puts strpbrk
atof freopen isupper qsort strrchr
atoi frexp isxdigit raise strspn
atol fscanf labs rand strstr
bsearch fseek ldexp rewind strtod
clearerr fsetpos ldiv scanf strtok
clock ftell localtime setbuf strtol
ctime fwrite longjmp setjmp strtoul
difftime getc mblen setvbuf tmpfile
div getchar mbstowcs sprintf tmpnam
fclose getenv mbtowc srand tolower
feof gets memchr sscanf toupper
ferror gmtime memcmp strcat ungetc
fflush isalnum memcpy strchr vfprintf
fgetc isalpha memmove strcmp vprintf
fgetpos iscntrl memset strcpy vsprintf
fgets isdigit mktime strcspn wcstombs
fopen isgraph perror strlen wctomb
fprintf islower printf strncat
Additionally,libc holds the following services.
(另外, libc 儲存着以下的服務函數。)
Figure 3-2: libc Contents, Names with Synonyms (同義字)
__assert getdate lockf ** sleep tell **
cfgetispeed getopt lsearch strdup tempnam
cfgetospeed getpass memccpy swab tfind
cfsetispeed getsubopt mkfifo tcdrain toascii
cfsetospeed getw mktemp tcflow _tolower
ctermid hcreate monitor tcflush tsearch
cuserid hdestroy nftw tcgetattr _toupper
dup2 hsearch nl_langinfo tcgetpgrp twalk
fdopen isascii pclose tcgetsid tzset
__filbuf isatty popen tcsendbreak _xftw
fileno isnan putenv tcsetattr
__flsbuf isnand ** putw tcsetpgrp
fmtmsg ** lfind setlabel tdelete
** = Function is at Level 2 in the SVID Issue 3 and therefore at Level 2 in the ABI.
Besides the symbols listed in the With Synonyms table above, synonyms of the form _name exist for name entries that are not listed with a leading underscore prepended to their name. Thus libc contains both getopt and _getopt, for example.
(除了Figure 3-2表中列出的符号名字外,對于name表項的已經存在的同意形式_name(帶一個下劃線字首,上面沒有列出來)優先權高于它們的名字。是以,例如,libc中同時包含了getopt和_getopt。)
Of the routines listed above, the following are not defined elsewhere.
(在上面所列的正常函數中,以下幾個在其他地方沒有被定義。)
int __filbuf(FILE *f);
This function returns the next input character for f, filling
its buffer as appropriate. It returns EOF if an error occurs.
int __flsbuf(int x, FILE *f);
This function flushes the output characters for f as if
putc(x, f) had been called and then appends the value of x to
the resulting output stream. It returns EOF if an error occurs
and x otherwise.
int _xftw(int, char *, int (*)(char *, struct stat *, int), int);
Calls to the ftw(BA_LIB) function are mapped to this function
when applications are compiled. This function is identical to
ftw(BA_LIB), except that _xftw() takes an interposed first
argument, which must have the value 2.
See this chapter’s other library sections for more SVID, ANSI C, and POSIX facilities. See ‘‘System Data
Interfaces’’ later in this chapter for more information.
(要了解更多的關于SVID,ANSI C,POSIX的知識,可看該章節其他的有關庫的部分。
該節“System Data Interfaces”後有更多的描述。
Global Data Symbols
The libc library requires that some global external data symbols be defined for its routines to work properly. All the data symbols required for the libsys library must be provided by libc, as well as the data symbols listed in the table below.
(libc庫為了它自己的正常函數能夠正常工作 要求一些全局的外部資料符号應該是被定義的。
Libc必須提供 libsys庫所必需的所有資料符号,也包括下表所列的資料符号。)
For formal declarations of the data objects represented by these symbols, see the System V Interface Definition, Third Edition or the ‘‘Data Definitions’’ section of Chapter 6 in the appropriate processor supplement to the System V ABI.
(這些符号描述的資料對象的正式聲明,參見System V接口定義,第三版本或者第6章節的資料定義部分(Data Definitions)(在适當的處理器補充System V ABI)。)
For entries in the following table that are in name - _name form, both symbols in each pair represent the same data. The underscore synonyms are provided to satisfy the ANSI C standard.
(下表中的表項具有:name-_name的形式。每一對的兩個符号代表了同一資料。帶下劃線的同義詞假設滿足ANSI C标準。)
Figure 3-3: l i b c Contents, Global External Data Symbols
getdate_err optarg
_getdate_err opterr
__iob optind
optopt
附:elf檔案實際例子
$ more test.c
#include
int main(int argc, char *argv[])
{
printf("Hello, world
");
return 0;
}
$ gcc -o test test.c
$ ./test
Hello, world
$ readelf -a test
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32 ; e_ident[EI_CLASS]=1
Data: 2's complement, little endian ; e_ident[EI_DATA]=1
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file) ; e_type=2
Machine: Intel 80386 ; e_machine=3
Version: 0x1 ; e_version
Entry point address: 0x8048360 ; e_entry(對應:.text section)
Start of program headers: 52 (bytes into file) ; e_phoff
Start of section headers: 31572 (bytes into file) ; e_shoff
Flags: 0x0 ; e_flags
Size of this header: 52 (bytes) ; e_ehsize
Size of program headers: 32 (bytes) ; e_phentsize
Number of program headers: 6 ; e_phnum
Size of section headers: 40 (bytes) ; e_shentsize
Number of section headers: 30 ; e_shnum
Section header string table index: 27 ; e_shstrndx=27 對應着section header table中的.shstrtab
; section header table是section header結構的數組,section 頭表索引是section頭數組的下标值,例如:.dynsym section所對應的section header在section header table中是第6項,那麼.dynsym section的section header index =5 (section header數組是從0開始計數))
Section Headers:
; sh_name sh_type sh_addr sh_offset sh_size sh_entsize sh_flags sh_link sh_info sh_addralign
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .interp PROGBITS 080480f4 0000f4 000013 00 A 0 0 1
[ 2] .note.ABI-tag NOTE 08048108 000108 000020 00 A 0 0 4
[ 3] .hash HASH 08048128 000128 000034 04 A 4 0 4
[ 4] .dynsym DYNSYM 0804815c 00015c 000080 10 A 5 1 4
[ 5] .dynstr STRTAB 080481dc 0001dc 000095 00 A 0 0 1
[ 6] .gnu.version VERSYM 08048272 000272 000010 02 A 4 0 2
[ 7] .gnu.version_r VERNEED 08048284 000284 000030 00 A 5 1 4
[ 8] .rel.got REL 080482b4 0002b4 000008 08 A 4 13 4 (sh_link=4 表示相關的符号表是.dynsym section; sh_info=13是16進制,即10進制的19,對應了.got section)
[ 9] .rel.plt REL 080482bc 0002bc 000028 08 A 4 b 4 (sh_link=4 表示相關的符号表是.dynsym section; sh_info=b 是16進制,即10進制的11,對應了.plt section)
[10] .init PROGBITS 080482e4 0002e4 000018 00 AX 0 0 4
[11] .plt PROGBITS 080482fc 0002fc 000060 04 AX 0 0 4
[12] .text PROGBITS 08048360 000360 0002e0 00 AX 0 0 16
[13] .fini PROGBITS 08048640 000640 00001e 00 AX 0 0 4
[14] .rodata PROGBITS 08048660 000660 00001e 00 A 0 0 4
[15] .data PROGBITS 08049680 000680 005024 00 WA 0 0 4
[16] .eh_frame PROGBITS 0804e6a4 0056a4 000004 00 WA 0 0 4
[17] .ctors PROGBITS 0804e6a8 0056a8 000008 00 WA 0 0 4
[18] .dtors PROGBITS 0804e6b0 0056b0 000008 00 WA 0 0 4
[19] .got PROGBITS 0804e6b8 0056b8 000024 04 WA 0 0 4
[20] .dynamic DYNAMIC 0804e6dc 0056dc 0000a0 08 WA 5 0 4
[21] .sbss PROGBITS 0804e77c 00577c 000000 00 W 0 0 1
[22] .bss NOBITS 0804e77c 00577c 000018 00 WA 0 0 4
[23] .stab PROGBITS 00000000 00577c 0007a4 0c 24 0 4
[24] .stabstr STRTAB 00000000 005f20 001985 00 0 0 1
[25] .comment PROGBITS 00000000 0078a5 00014d 00 0 0 1
[26] .note NOTE 00000000 0079f2 000078 00 0 0 1
[27] .shstrtab STRTAB 00000000 007a6a 0000e9 00 0 0 1
[28] .symtab SYMTAB 00000000 008004 000500 10 29 3b 4
[29] .strtab STRTAB 00000000 008504 000238 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
Program Headers: ;對可執行檔案,共有六個"程式段"
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x08048034 0x08048034 0x000c0 0x000c0 R E 0x4 ; "PHDR類型程式段"指向程式頭表自身
INTERP 0x0000f4 0x080480f4 0x080480f4 0x00013 0x00013 R 0x1 ; "INTERP類型程式段"隻包含了一個 .interp secion,.interp secion同時也屬于"正文程式段",是包含在"正文程式段"中一起被裝入記憶體的,是以"INTERP程式段"的基位址是和"正文程式段"的基位址相等的:0x08048000。)
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD 0x000000 0x08048000 0x08048000 0x0067e 0x0067e R E 0x1000 ; "LOAD類型正文程式段" (LOAD:表示運作之前此程式段需要被載入記憶體;VirtAddr=0x08048000表示此程式段所包含的所有sections從虛拟位址 0x08048000為起點陸續載入記憶體;LOAD類型程式段的基位址必須是0x1000的倍數而且是和載入位址最接近的值,是以"正文程式段"的基位址是0x08048000;Offset=0 表示"載入位址"相對于"基位址"的偏移為0)
LOAD 0x000680 0x08049680 0x08049680 0x050fc 0x05114 RW 0x1000 ; "LOAD類型資料程式段" (LOAD:表示運作之前此程式段需要被載入記憶體;VirtAddr=0x08049680表示此程式段所包含的所有sections從虛拟位址 0x08049680為起點陸續載入記憶體;LOAD類型程式段的基位址必須是0x1000的倍數而且是和載入位址最接近的值,是以"資料程式段"的基位址是0x08049000;Offset=0x000680 表示"載入位址"相對于"基位址"的偏移為0x000680)
DYNAMIC 0x0056dc 0x0804e6dc 0x0804e6dc 0x000a0 0x000a0 RW 0x4 ; "DYNAMIC類型程式段": 給出動态連接配接資訊 (DYNAMIC segment 中隻包含了一個 .dynamic section,.dynamic secion同時也屬于"資料程式段",是包含在"資料程式段"中一起被裝入記憶體的,是以"DYNAMIC程式段"的基位址是和"資料程式段"的基位址相等的:0x08049000。)
NOTE 0x000108 0x08048108 0x08048108 0x00020 0x00020 R 0x4 ; "NOTE類型程式段": 給出輔助資訊 (NOTE segment 中隻包含了一個 .note.ABI-tag section,.note.ABI-tag section同時也屬于"正文程式段",是包含在"正文程式段"中一起被裝入記憶體的,是以"NOTE程式段"的基位址是和"正文程式段"的基位址相等的:0x08048000。)
Section to Segment mapping: ;下表描述每個"程式段"裡面包含的sections
Segment Sections...
00 ("PHDR類型程式段"指向程式頭表自身,沒有相對應的section)
01 .interp ("INTERP類型程式段"中隻包含了一個 .interp section)
02 .interp .note.ABI-tag .hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.got .rel.plt .init .plt .text .fini .rodata ("正文程式段"中包含:.interp等14個sections)
03 .data .eh_frame .ctors .dtors .got .dynamic .bss ("資料程式段"中包含:.data 等7個 sections)
04 .dynamic ("DYNAMIC類型程式段"中隻包含了一個 .dynamic section)
05 .note.ABI-tag ("NOTE類型程式段"中隻包含了一個 .note.ABI-tag section)
Dynamic segment at offset 0x56dc contains 20 entries: (DYNAMIC segment 中隻包含了一個 .dynamic section)
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000c (INIT) 0x80482e4
0x0000000d (FINI) 0x8048640
0x00000004 (HASH) 0x8048128
0x00000005 (STRTAB) 0x80481dc
0x00000006 (SYMTAB) 0x804815c
0x0000000a (STRSZ) 127 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000015 (DEBUG) 0x0
0x00000003 (PLTGOT) 0x804e6b8
0x00000002 (PLTRELSZ) 40 (bytes)
0x00000014 (PLTREL) REL
0x00000017 (JMPREL) 0x80482bc
0x00000011 (REL) 0x80482b4
0x00000012 (RELSZ) 8 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x6ffffffe (VERNEED) 0x8048284
0x6fffffff (VERNEEDNUM) 1
0x6ffffff0 (VERSYM) 0x8048272
0x00000000 (NULL) 0x0
Relocation section '.rel.got' at offset 0x2b4 contains 1 entries:
Offset Info Type Symbol's Value Symbol's Name
0804e6d8 00706 R_386_GLOB_DAT 00000000 __gmon_start__
Relocation section '.rel.plt' at offset 0x2bc contains 5 entries:
Offset Info Type Symbol's Value Symbol's Name
0804e6c4 00107 R_386_JUMP_SLOT 0804830c __register_frame_info
0804e6c8 00207 R_386_JUMP_SLOT 0804831c __deregister_frame_info
0804e6cc 00307 R_386_JUMP_SLOT 0804832c __libc_start_main
0804e6d0 00407 R_386_JUMP_SLOT 0804833c printf
0804e6d4 00507 R_386_JUMP_SLOT 0804834c __cxa_finalize
There are no unwind sections in this file.
Symbol table '.dynsym' contains 8 entries:
; st_value st_size ELF32_ST_TYPE ELF32_ST_BIND st_info st_shndx st_name
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 0804830c 129 FUNC WEAK DEFAULT UND [email protected]_2.0 (2)
2: 0804831c 172 FUNC WEAK DEFAULT UND [email protected]_2.0 (2)
3: 0804832c 198 FUNC GLOBAL DEFAULT UND [email protected]_2.0 (2)
4: 0804833c 46 FUNC GLOBAL DEFAULT UND [email protected]_2.0 (2)
5: 0804834c 129 FUNC WEAK DEFAULT UND [email protected]_2.1.3 (3)
6: 08048664 4 OBJECT GLOBAL DEFAULT 14 _IO_stdin_used
7: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
Symbol table '.symtab' contains 80 entries:
; st_value st_size ELF32_ST_TYPE ELF32_ST_BIND st_info st_shndx st_name
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 080480f4 0 SECTION LOCAL DEFAULT 1 (系統符号表中 1-29項是29個sections的對應符号值)
2: 08048108 0 SECTION LOCAL DEFAULT 2
3: 08048128 0 SECTION LOCAL DEFAULT 3
4: 0804815c 0 SECTION LOCAL DEFAULT 4
5: 080481dc 0 SECTION LOCAL DEFAULT 5
6: 08048272 0 SECTION LOCAL DEFAULT 6
7: 08048284 0 SECTION LOCAL DEFAULT 7
8: 080482b4 0 SECTION LOCAL DEFAULT 8
9: 080482bc 0 SECTION LOCAL DEFAULT 9
10: 080482e4 0 SECTION LOCAL DEFAULT 10
11: 080482fc 0 SECTION LOCAL DEFAULT 11
12: 08048360 0 SECTION LOCAL DEFAULT 12
13: 08048640 0 SECTION LOCAL DEFAULT 13
14: 08048660 0 SECTION LOCAL DEFAULT 14
15: 08049680 0 SECTION LOCAL DEFAULT 15
16: 0804e6a4 0 SECTION LOCAL DEFAULT 16
17: 0804e6a8 0 SECTION LOCAL DEFAULT 17
18: 0804e6b0 0 SECTION LOCAL DEFAULT 18
19: 0804e6b8 0 SECTION LOCAL DEFAULT 19
20: 0804e6dc 0 SECTION LOCAL DEFAULT 20
21: 0804e77c 0 SECTION LOCAL DEFAULT 21
22: 0804e77c 0 SECTION LOCAL DEFAULT 22
23: 00000000 0 SECTION LOCAL DEFAULT 23
24: 00000000 0 SECTION LOCAL DEFAULT 24
25: 00000000 0 SECTION LOCAL DEFAULT 25
26: 00000000 0 SECTION LOCAL DEFAULT 26
27: 00000000 0 SECTION LOCAL DEFAULT 27
28: 00000000 0 SECTION LOCAL DEFAULT 28
29: 00000000 0 SECTION LOCAL DEFAULT 29
30: 00000000 0 FILE LOCAL DEFAULT ABS initfini.c
31: 08048384 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
32: 08048384 0 FUNC LOCAL DEFAULT 12 call_gmon_start
33: 00000000 0 FILE LOCAL DEFAULT ABS init.c
34: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
35: 080483b0 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
36: 08049688 0 OBJECT LOCAL DEFAULT 15 p.0
37: 0804e6b0 0 OBJECT LOCAL DEFAULT 18 __DTOR_LIST__
38: 0804968c 0 OBJECT LOCAL DEFAULT 15 completed.1
39: 080483b0 0 FUNC LOCAL DEFAULT 12 __do_global_dtors_aux
40: 0804e6a4 0 OBJECT LOCAL DEFAULT 16 __EH_FRAME_BEGIN__
41: 08048410 0 FUNC LOCAL DEFAULT 12 fini_dummy
42: 0804e77c 24 OBJECT LOCAL DEFAULT 22 object.2
43: 08048420 0 FUNC LOCAL DEFAULT 12 frame_dummy
44: 08048450 0 FUNC LOCAL DEFAULT 12 init_dummy
45: 08049690 0 OBJECT LOCAL DEFAULT 15 force_to_data
46: 0804e6a8 0 OBJECT LOCAL DEFAULT 17 __CTOR_LIST__
47: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
48: 08048600 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
49: 08048600 0 FUNC LOCAL DEFAULT 12 __do_global_ctors_aux
50: 0804e6ac 0 OBJECT LOCAL DEFAULT 17 __CTOR_END__
51: 08048630 0 FUNC LOCAL DEFAULT 12 init_dummy
52: 0804e6a4 0 OBJECT LOCAL DEFAULT 15 force_to_data
53: 0804e6b4 0 OBJECT LOCAL DEFAULT 18 __DTOR_END__
54: 0804e6a4 0 OBJECT LOCAL DEFAULT 16 __FRAME_END__
55: 00000000 0 FILE LOCAL DEFAULT ABS initfini.c
56: 08048640 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
57: 00000000 0 FILE LOCAL DEFAULT ABS debug1.c
58: 08048460 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
59: 0804e6dc 0 OBJECT GLOBAL DEFAULT 20 _DYNAMIC
60: 0804830c 129 FUNC WEAK DEFAULT UND [email protected]@GLIBC_2.0
61: 08048660 4 NOTYPE GLOBAL DEFAULT 14 _fp_hw
62: 080482e4 0 FUNC GLOBAL DEFAULT 10 _init
63: 0804831c 172 FUNC WEAK DEFAULT UND [email protected]@GLIBC_2.0
64: 08048460 303 FUNC GLOBAL DEFAULT 12 sort
65: 08048360 0 FUNC GLOBAL DEFAULT 12 _start
66: 0804e77c 0 OBJECT GLOBAL DEFAULT ABS __bss_start
67: 08048590 110 FUNC GLOBAL DEFAULT 12 main
68: 0804832c 198 FUNC GLOBAL DEFAULT UND [email protected]@GLIBC_2.0
69: 08049680 0 NOTYPE WEAK DEFAULT 15 data_start
70: 0804833c 46 FUNC GLOBAL DEFAULT UND [email protected]@GLIBC_2.0
71: 08048640 0 FUNC GLOBAL DEFAULT 13 _fini
72: 0804834c 129 FUNC WEAK DEFAULT UND [email protected]@GLIBC_2.1.3
73: 08049690 20500 OBJECT GLOBAL DEFAULT 15 array
74: 0804e77c 0 OBJECT GLOBAL DEFAULT ABS _edata
75: 0804e6b8 0 OBJECT GLOBAL DEFAULT 19 _GLOBAL_OFFSET_TABLE_
76: 0804e794 0 OBJECT GLOBAL DEFAULT ABS _end
77: 08048664 4 OBJECT GLOBAL DEFAULT 14 _IO_stdin_used
78: 08049680 0 NOTYPE GLOBAL DEFAULT 15 __data_start
79: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
Histogram for bucket list length (total of 3 buckets):
Length Number % of total Coverage
0 0 ( 0.0%)
1 1 ( 33.3%) 14.3%
2 0 ( 0.0%) 14.3%
3 2 ( 66.7%) 100.0%
Version symbols section '.gnu.version' contains 8 entries:
Addr: 0000000008048272 Offset: 0x000272 Link: 4 (.dynsym)
000: 0 (*local*) 2 (GLIBC_2.0) 2 (GLIBC_2.0) 2 (GLIBC_2.0)
004: 2 (GLIBC_2.0) 3 (GLIBC_2.1.3) 1 (*global*) 0 (*local*)
Version needs section '.gnu.version_r' contains 1 entries:
Addr: 0x0000000008048284 Offset: 0x000284 Link to section: 5 (.dynstr)
000000: Version: 1 File: libc.so.6 Cnt: 2
0x0010: Name: GLIBC_2.1.3 Flags: none Version: 3
0x0020: Name: GLIBC_2.0 Flags: none Version: 2
說明:在此感謝alert7,辛辛等高手,我是參照他們的中文翻譯繼續工作的。另外alert7的另一篇文章《elf動态解析符号過程》也對學習elf很有幫助,有興趣的可以看看。
文檔中紅色的表示:重點注意的或有疑問的内容。蘭色是一些英文标準翻譯。有些意義搞不懂的地方,在末尾加了??。本文檔可任意傳播修改,但請本着認真的态度修改,以利廣大網友學習。因水準有限,也花了不少精力,但目前暫時沒有時間繼續下去,希望廣大愛好者繼續完善它。也衷心希望網絡上有更多更精的技術文檔,為我們的自由軟體技術多盡一份力。 :)