linux readelf,readelf指令常用參數介紹

readelf指令用來檢視ELF檔案，Linux系統中的目标檔案，可執行檔案，以及.s0動态連結庫，都是ELF檔案格式。

-S(大寫)

彙總顯示ELF檔案的所有section header的資訊

$ readelf -S hh1.o

There are 12 section headers, starting at offset 0x21c:

Section Headers:

[Nr] Name Type Addr Off Size ES Flg Lk Inf Al

[ 0] NULL 00000000 000000 000000 00 0 0 0

[ 1] .text PROGBITS 00000000 000034 000020 00 AX 0 0 4

[ 2] .rel.text REL 00000000 0001a8 000010 08 I 9 1 4

[ 3] .data PROGBITS 00000000 000054 000000 00 WA 0 0 1

[ 4] .bss NOBITS 00000000 000054 000000 00 WA 0 0 1

[ 5] .rodata PROGBITS 00000000 000054 000006 00 A 0 0 4

[ 6] .comment PROGBITS 00000000 00005a 000024 01 MS 0 0 1

[ 7] .note.GNU-stack PROGBITS 00000000 00007e 000000 00 0 0 1

[ 8] .ARM.attributes ARM_ATTRIBUTES 00000000 00007e 00002f 00 0 0 1

[ 9] .symtab SYMTAB 00000000 0000b0 0000e0 10 10 12 4

[10] .strtab STRTAB 00000000 000190 000017 00 0 0 1

[11] .shstrtab STRTAB 00000000 0001b8 000061 00 0 0 1

Key to Flags:

W (write), A (alloc), X (execute), M (merge), S (strings), I (info),

L (link order), O (extra OS processing required), G (group), T (TLS),

C (compressed), x (unknown), o (OS specific), E (exclude),

y (purecode), p (processor specific)

-t

詳細顯示section header

$ readelf -t hh1.o

There are 12 section headers, starting at offset 0x21c:

Section Headers:

[Nr] Name

Type Addr Off Size ES Lk Inf Al

Flags

[ 0]

NULL 00000000 000000 000000 00 0 0 0

[00000000]:

[ 1] .text

PROGBITS 00000000 000034 000020 00 0 0 4

[00000006]: ALLOC, EXEC

[ 2] .rel.text

REL 00000000 0001a8 000010 08 9 1 4

[00000040]: INFO LINK

[ 3] .data

PROGBITS 00000000 000054 000000 00 0 0 1

[00000003]: WRITE, ALLOC

[ 4] .bss

NOBITS 00000000 000054 000000 00 0 0 1

[00000003]: WRITE, ALLOC

[ 5] .rodata

PROGBITS 00000000 000054 000006 00 0 0 4

[00000002]: ALLOC

[ 6] .comment

PROGBITS 00000000 00005a 000024 01 0 0 1

[00000030]: MERGE, STRINGS

[ 7] .note.GNU-stack

PROGBITS 00000000 00007e 000000 00 0 0 1

[00000000]:

[ 8] .ARM.attributes

ARM_ATTRIBUTES 00000000 00007e 00002f 00 0 0 1

[00000000]:

[ 9] .symtab

SYMTAB 00000000 0000b0 0000e0 10 10 12 4

[00000000]:

[10] .strtab

STRTAB 00000000 000190 000017 00 0 0 1

[00000000]:

[11] .shstrtab

STRTAB 00000000 0001b8 000061 00 0 0 1

[00000000]:

-s(小寫)

顯示符号表 symbol table

$ readelf -s hh1.o

Symbol table '.symtab' contains 14 entries:

Num: Value Size Type Bind Vis Ndx Name

0: 00000000 0 NOTYPE LOCAL DEFAULT UND

1: 00000000 0 FILE LOCAL DEFAULT ABS hh1.c

2: 00000000 0 SECTION LOCAL DEFAULT 1

3: 00000000 0 SECTION LOCAL DEFAULT 3

4: 00000000 0 SECTION LOCAL DEFAULT 4

5: 00000000 0 SECTION LOCAL DEFAULT 5

6: 00000000 0 NOTYPE LOCAL DEFAULT 5 $d

7: 00000000 0 NOTYPE LOCAL DEFAULT 1 $a

8: 0000001c 0 NOTYPE LOCAL DEFAULT 1 $d

9: 00000000 0 SECTION LOCAL DEFAULT 7

10: 00000000 0 SECTION LOCAL DEFAULT 6

11: 00000000 0 SECTION LOCAL DEFAULT 8

12: 00000000 32 FUNC GLOBAL DEFAULT 1 main

13: 00000000 0 NOTYPE GLOBAL DEFAULT UND puts

-x

以十六進制的形式，顯示某個section的内容

$ readelf -x 5 hh1.o

Hex dump of section '.rodata':

0x00000000 61626364 6500 abcde.

$ readelf -x 10 hh1.o

Hex dump of section '.strtab':

0x00000000 00686831 2e630024 64002461 006d6169 .hh1.c.$d.$a.mai

0x00000010 6e007075 747300 n.puts.

-h

顯示elf檔案頭。

-r

顯示重定位表(.rel...段)的資訊。

-a

顯示所有資訊。

-----------程式員的分割線-------------

readelf指令能夠檢視任意section的内容，如果要将.text的内容做反彙編，就還是要用objdump -d指令。