ELF Header
fearloathing2001_at_yahoo.com
Date: 10/11/05
- Previous message: Jirka Kosina: "Re: alloca"
- Next in thread: Tauno Voipio: "Re: ELF Header"
- Reply: Tauno Voipio: "Re: ELF Header"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 10 Oct 2005 23:01:06 -0700
I'm not sure if this is the right place or not. Sorry, if it's not. I'm
running Slackware 9.1, Celeron 566. I've been studying the ELF format
in /usr/local/elf.h and TIS ELF Specification Version 1.2. I wrote a
simple C program that doesn't do anything:
int main()
{
return;
}
I compiled it (gcc 3.2.3) and dumped the hex of the a.out with xxd (xxd
a.out)
0000000: 7f45 4c46 0101 0100 0000 0000 0000 0000 .ELF............
0000010: 0200 0300 0100 0000 6482 0408 3400 0000 ........d...4...
etc.
#define EI_NIDENT 16
typedef struct {
unsigned char e_ident[EI_NIDENT];
Elf32_Half e_type;
Elf32_Half e_machine;
Elf32_Word e_version;
Elf32_Addr e_entry;
Elf32_Off e_phoff;
Elf32_Off e_shoff;
Elf32_Word e_flags;
Elf32_Half e_ehsize;
Elf32_Half e_phentsize;
Elf32_Half e_phnum;
Elf32_Half e_shentsize;
Elf32_Half e_shnum;
Elf32_Half e_shtrndx;
} Elf32_Ehdr;
According to the specification e_ident's indexs are (my values are in
the last column):
Name Value Purpose
EI_MAG0 0 File identification 7f
EI_MAG1 1 File identification 45
EI_MAG2 2 File identification 4c
EI_MAG3 3 File identification 46
EI_CLASS 4 File class 01
EI_DATA 5 Data encoding 01
EI_VERSION 6 File version 01
EI_OSABI 7 Operating system/ABI identification 00
EI_ABIVERSION 8 ABI version 00
EI_PAD 9 Start of padding bytes 00000000000000
EI_NIDENT 16 Size of e_ident[] ?
EI_NIDENT is 16, how could you reference e_ident[16]? What is that last
value in the table?
Also the next line in my hex dump is:
e_type is 02 (That's fine --- it is an executable file ET_EXEC)
e_machine is 00 ??? 0 is no machine from the specification.
Should e_machine be a Elf32_Word (so that would be 0003) not
Elf32_Half?
Then after that are 3 bytes of padded zeros (I guess they are) until
you get to e_entry.
Does anyone know of some good documentation for the ELF format? Thanks
a lot!
Shawn Windle
- Previous message: Jirka Kosina: "Re: alloca"
- Next in thread: Tauno Voipio: "Re: ELF Header"
- Reply: Tauno Voipio: "Re: ELF Header"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
