一，简介

本文主要介绍什么是elf文件，以及查看elf文件内部信息的常用命令。

二，ELF文件介绍

ELF（Excutable Linkable Format）。
ELF文件不仅包括可执行文件还包括动态链接库和静态链接库。

三，常用命令汇总

objdump:

命令	功能介绍
objdump -h SimpleSection.o	打印elf文件各段的基本信息
objdump -x SimpleSection.o	把elf文件更多的信息打印出来
size SimpleSection.o	查看代码段，数据段，bss段长度
objdump -s -d SimpleSection.o	分析代码段的内容。-s 把所有参数以16进制打印出来，-d 所有包含指令的段反汇编
objdump -r SimpleSection.o	查看elf文件中要重定位的地方，即elf文件中所有引用到外部符号的地址

readelf：

命令	功能介绍
readelf -h SimpleSection.o	查看elf文件头
readelf -S SimpleSection.o	查看elf文件段，它显示的结果才是真正的段表结构
readelf -s SimpleSection.o	查看elf文件的符号
readelf -h SimpleSection.o	查看elf文件头

nm：

命令	功能介绍
nm SimpleSection.o	查看elf符号表

四，命令使用示例

本章节以SimpleSection.c为例，在linux环境下执行常用命令查看效果。

SimpleSection.c：

int printf(const char *format, ...);int global_init_var = 84;
int global_uninit_var;void func1(int i)
{printf("%d\n", i);
}int main()
{static int static_var = 85;static int static_var2;int a = 1;int b;func1(static_var + static_var2 + a + b);return a;
}

使用gcc命令编译成.o文件：

gcc -c SimpleSection.c

4.1 objdump -h SimpleSection.o

objdump -h SimpleSection.o

SimpleSection.o:     file format elf64-x86-64Sections:
Idx Name          Size      VMA               LMA               File off  Algn0 .text         00000055  0000000000000000  0000000000000000  00000040  2**0CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE1 .data         00000008  0000000000000000  0000000000000000  00000098  2**2CONTENTS, ALLOC, LOAD, DATA2 .bss          00000004  0000000000000000  0000000000000000  000000a0  2**2ALLOC3 .rodata       00000004  0000000000000000  0000000000000000  000000a0  2**0CONTENTS, ALLOC, LOAD, READONLY, DATA4 .comment      00000036  0000000000000000  0000000000000000  000000a4  2**0CONTENTS, READONLY5 .note.GNU-stack 00000000  0000000000000000  0000000000000000  000000da  2**0CONTENTS, READONLY6 .eh_frame     00000058  0000000000000000  0000000000000000  000000e0  2**3CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA

4.2 size SimpleSection.o

   text    data     bss     dec     hex filename177       8       4     189      bd SimpleSection.o

4.3 objdump -s -d SimpleSection.o

显示信息太多就不贴了。。。

4.4 objdump -r SimpleSection.o

SimpleSection.o:     file format elf64-x86-64RELOCATION RECORDS FOR [.text]:
OFFSET           TYPE              VALUE
0000000000000011 R_X86_64_32       .rodata
000000000000001b R_X86_64_PC32     printf-0x0000000000000004
0000000000000033 R_X86_64_PC32     .data
0000000000000039 R_X86_64_PC32     .bss-0x0000000000000004
000000000000004c R_X86_64_PC32     func1-0x0000000000000004RELOCATION RECORDS FOR [.eh_frame]:
OFFSET           TYPE              VALUE
0000000000000020 R_X86_64_PC32     .text
0000000000000040 R_X86_64_PC32     .text+0x0000000000000022

4.5 readelf -h SimpleSection.o

ELF Header:Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00Class:                             ELF64Data:                              2's complement, little endianVersion:                           1 (current)OS/ABI:                            UNIX - System VABI Version:                       0Type:                              REL (Relocatable file)Machine:                           Advanced Micro Devices X86-64Version:                           0x1Entry point address:               0x0Start of program headers:          0 (bytes into file)Start of section headers:          1072 (bytes into file)Flags:                             0x0Size of this header:               64 (bytes)Size of program headers:           0 (bytes)Number of program headers:         0Size of section headers:           64 (bytes)Number of section headers:         13Section header string table index: 10

4.6 readelf -S SimpleSection.o

There are 13 section headers, starting at offset 0x430:Section Headers:[Nr] Name              Type             Address           OffsetSize              EntSize          Flags  Link  Info  Align[ 0]                   NULL             0000000000000000  000000000000000000000000  0000000000000000           0     0     0[ 1] .text             PROGBITS         0000000000000000  000000400000000000000055  0000000000000000  AX       0     0     1[ 2] .rela.text        RELA             0000000000000000  000003200000000000000078  0000000000000018   I      11     1     8[ 3] .data             PROGBITS         0000000000000000  000000980000000000000008  0000000000000000  WA       0     0     4[ 4] .bss              NOBITS           0000000000000000  000000a00000000000000004  0000000000000000  WA       0     0     4[ 5] .rodata           PROGBITS         0000000000000000  000000a00000000000000004  0000000000000000   A       0     0     1[ 6] .comment          PROGBITS         0000000000000000  000000a40000000000000036  0000000000000001  MS       0     0     1[ 7] .note.GNU-stack   PROGBITS         0000000000000000  000000da0000000000000000  0000000000000000           0     0     1[ 8] .eh_frame         PROGBITS         0000000000000000  000000e00000000000000058  0000000000000000   A       0     0     8[ 9] .rela.eh_frame    RELA             0000000000000000  000003980000000000000030  0000000000000018   I      11     8     8[10] .shstrtab         STRTAB           0000000000000000  000003c80000000000000061  0000000000000000           0     0     1[11] .symtab           SYMTAB           0000000000000000  000001380000000000000180  0000000000000018          12    11     8[12] .strtab           STRTAB           0000000000000000  000002b80000000000000066  0000000000000000           0     0     1
Key to Flags:W (write), A (alloc), X (execute), M (merge), S (strings), l (large)I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)O (extra OS processing required) o (OS specific), p (processor specific)

4.7 readelf -s SimpleSection.o

Symbol table '.symtab' contains 16 entries:Num:    Value          Size Type    Bind   Vis      Ndx Name0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND1: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS SimpleSection.c2: 0000000000000000     0 SECTION LOCAL  DEFAULT    13: 0000000000000000     0 SECTION LOCAL  DEFAULT    34: 0000000000000000     0 SECTION LOCAL  DEFAULT    45: 0000000000000000     0 SECTION LOCAL  DEFAULT    56: 0000000000000004     4 OBJECT  LOCAL  DEFAULT    3 static_var.18397: 0000000000000000     4 OBJECT  LOCAL  DEFAULT    4 static_var2.18408: 0000000000000000     0 SECTION LOCAL  DEFAULT    79: 0000000000000000     0 SECTION LOCAL  DEFAULT    810: 0000000000000000     0 SECTION LOCAL  DEFAULT    611: 0000000000000000     4 OBJECT  GLOBAL DEFAULT    3 global_init_var12: 0000000000000004     4 OBJECT  GLOBAL DEFAULT  COM global_uninit_var13: 0000000000000000    34 FUNC    GLOBAL DEFAULT    1 func114: 0000000000000000     0 NOTYPE  GLOBAL DEFAULT  UND printf15: 0000000000000022    51 FUNC    GLOBAL DEFAULT    1 main

4.8 readelf -h SimpleSection.o

ELF Header:Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00Class:                             ELF64Data:                              2's complement, little endianVersion:                           1 (current)OS/ABI:                            UNIX - System VABI Version:                       0Type:                              REL (Relocatable file)Machine:                           Advanced Micro Devices X86-64Version:                           0x1Entry point address:               0x0Start of program headers:          0 (bytes into file)Start of section headers:          1072 (bytes into file)Flags:                             0x0Size of this header:               64 (bytes)Size of program headers:           0 (bytes)Number of program headers:         0Size of section headers:           64 (bytes)Number of section headers:         13Section header string table index: 10

五，总结

本文主要讲了elf文件的常用命令，供参考。欢迎一起讨论交流~