How to interpret the dynamic symbol table in an ELF executable?_问答_开发者

How to interpret the dynamic symbol table in an ELF executable?

开发者 https://www.devze.com 2023-03-29 11:43 出处：网络

I was looking at interpreting the dynamic symbol table (.dynsym) of an ELF executable file. I could successfully interpret the symbol table .symtab (16 bytes for each symbol) using the value attribute

I was looking at interpreting the dynamic symbol table (.dynsym) of an ELF executable file. I could successfully interpret the symbol table .symtab (16 bytes for each symbol) using the value attribute to denote the address of the symbol and name attribute to denote the offset of the start of string in .strtab section. But I'm unable to interpret the dynamic symbol table (.dynsym) using the same method. I used Ali's blog [1] for reference.

I looked at another blog of Ali's [2] but I'm not understand as to how to interpret the dynamic symbol table using the hash table. Clearly it isn't the same mapping as used by the symbol table. How should I interpret the dynamic symbol table (.dynsym)?

Also, the ELF executable which I'm looking at has two sections, namely .hash and .gnu.hash. Which section do I refer for the hash values?

[1] http://blogs.oracle.com/ali/entry/inside_elf_symbol_tables

[2] http://blogs.ora开发者_C百科cle.com/ali/entry/gnu_hash_elf_sections

From ELF specification, each symbol is defined using the following structure:

typedef struct {
      Elf32_Word
      Elf32_Addr
      Elf32_Word
      unsigned char
      unsigned char
      Elf32_Half
} Elf32_Sym;

So in general this will be 16 bytes. The dynamic and static symbol table use the same structure, so parsing this table is just the same for static and linking. Of course the meaning of the values aren't always the same.

You can reach a symbol in the symbol table by two means. First, if you already know the symbol index you can just go to that index. But some times you doesn't have the symbol index, you have only a symbol name and in fact you wanna check if the symbol table has a definition for a symbol with that name. In this second situation you use the hash sections. Those are used to quick check if a symbol is present in a symbol table: symbol-name -> hash -> symb_index -> check if symbol_table[symb_index] == symbol-name.

But I'm unable to interpret the dynamic symbol table (.dynsym) using the same method.

You would need to look for strings in the .dynstr section.

Also, the ELF executable which I'm looking at has two sections, namely .hash and .gnu.hash. Which section do I refer for the hash values?

It would depend on the kind of symbol you wish to look up. From what I know, GNU style hash tables only contain information that is relevant for dynamic linking.

See also: Jakub Jelinek's description of GNU hash tables, posted on the GNU binutils mailing list.