Skip to content

Commit

Permalink
How to find the GELF_Sym's GELF_Phdr?
Browse files Browse the repository at this point in the history 
1. sym->st_shndx -> section header;
2. shdr offset range in phdr;
3. phdr has one vma;

Signed-off-by: Rong Tao <[email protected]>
  • Loading branch information
@Rtoax
Rtoax committed Jul 28, 2024
1 parent 02d79a4 commit 2876fba
Show file tree
Hide file tree
Showing 5 changed files with 207 additions and 6 deletions.
197 changes: 197 additions & 0 deletions docs/elf.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,197 @@


## ELF Header

```
$ readelf -h hello
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x4010f0
Start of program headers: 64 (bytes into file)
Start of section headers: 18064 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 13
Size of section headers: 64 (bytes)
Number of section headers: 39
Section header string table index: 38
```


## Program Headers

```
$ readelf -l hello
Elf file type is EXEC (Executable file)
Entry point 0x4010f0
There are 13 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040
0x00000000000002d8 0x00000000000002d8 R 0x8
INTERP 0x0000000000000318 0x0000000000400318 0x0000000000400318
0x000000000000001c 0x000000000000001c R 0x1
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
0x0000000000000650 0x0000000000000650 R 0x1000
LOAD 0x0000000000001000 0x0000000000401000 0x0000000000401000
0x0000000000000379 0x0000000000000379 R E 0x1000
LOAD 0x0000000000002000 0x0000000000402000 0x0000000000402000
0x00000000000001d4 0x00000000000001d4 R 0x1000
LOAD 0x0000000000002df8 0x0000000000403df8 0x0000000000403df8
0x0000000000000248 0x0000000000000260 RW 0x1000
DYNAMIC 0x0000000000002e08 0x0000000000403e08 0x0000000000403e08
0x00000000000001d0 0x00000000000001d0 RW 0x8
NOTE 0x0000000000000338 0x0000000000400338 0x0000000000400338
0x0000000000000050 0x0000000000000050 R 0x8
NOTE 0x0000000000000388 0x0000000000400388 0x0000000000400388
0x0000000000000044 0x0000000000000044 R 0x4
GNU_PROPERTY 0x0000000000000338 0x0000000000400338 0x0000000000400338
0x0000000000000050 0x0000000000000050 R 0x8
GNU_EH_FRAME 0x0000000000002058 0x0000000000402058 0x0000000000402058
0x0000000000000054 0x0000000000000054 R 0x4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x10
GNU_RELRO 0x0000000000002df8 0x0000000000403df8 0x0000000000403df8
0x0000000000000208 0x0000000000000208 R 0x1
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.gnu.property .note.gnu.build-id .note.ABI-tag .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt
03 .init .plt .plt.sec .text .fini
04 .rodata .eh_frame_hdr .eh_frame
05 .init_array .fini_array .dynamic .got .got.plt .data .bss
06 .dynamic
07 .note.gnu.property
08 .note.gnu.build-id .note.ABI-tag
09 .note.gnu.property
10 .eh_frame_hdr
11
12 .init_array .fini_array .dynamic .got
```

## Section Headers

```
$ readelf -S hello
There are 39 section headers, starting at offset 0x4690:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .interp PROGBITS 0000000000400318 00000318
000000000000001c 0000000000000000 A 0 0 1
[ 2] .note.gnu.pr[...] NOTE 0000000000400338 00000338
0000000000000050 0000000000000000 A 0 0 8
[ 3] .note.gnu.bu[...] NOTE 0000000000400388 00000388
0000000000000024 0000000000000000 A 0 0 4
[ 4] .note.ABI-tag NOTE 00000000004003ac 000003ac
0000000000000020 0000000000000000 A 0 0 4
[ 5] .gnu.hash GNU_HASH 00000000004003d0 000003d0
0000000000000024 0000000000000000 A 6 0 8
[ 6] .dynsym DYNSYM 00000000004003f8 000003f8
00000000000000d8 0000000000000018 A 7 1 8
[ 7] .dynstr STRTAB 00000000004004d0 000004d0
0000000000000078 0000000000000000 A 0 0 1
[ 8] .gnu.version VERSYM 0000000000400548 00000548
0000000000000012 0000000000000002 A 6 0 2
[ 9] .gnu.version_r VERNEED 0000000000400560 00000560
0000000000000030 0000000000000000 A 7 1 8
[10] .rela.dyn RELA 0000000000400590 00000590
0000000000000030 0000000000000018 A 6 0 8
[11] .rela.plt RELA 00000000004005c0 000005c0
0000000000000090 0000000000000018 AI 6 24 8
[12] .init PROGBITS 0000000000401000 00001000
000000000000001b 0000000000000000 AX 0 0 4
[13] .plt PROGBITS 0000000000401020 00001020
0000000000000070 0000000000000010 AX 0 0 16
[14] .plt.sec PROGBITS 0000000000401090 00001090
0000000000000060 0000000000000010 AX 0 0 16
[15] .text PROGBITS 00000000004010f0 000010f0
000000000000027b 0000000000000000 AX 0 0 16
[16] .fini PROGBITS 000000000040136c 0000136c
000000000000000d 0000000000000000 AX 0 0 4
[17] .rodata PROGBITS 0000000000402000 00002000
0000000000000056 0000000000000000 A 0 0 8
[18] .eh_frame_hdr PROGBITS 0000000000402058 00002058
0000000000000054 0000000000000000 A 0 0 4
[19] .eh_frame PROGBITS 00000000004020b0 000020b0
0000000000000124 0000000000000000 A 0 0 8
[20] .init_array INIT_ARRAY 0000000000403df8 00002df8
0000000000000008 0000000000000008 WA 0 0 8
[21] .fini_array FINI_ARRAY 0000000000403e00 00002e00
0000000000000008 0000000000000008 WA 0 0 8
[22] .dynamic DYNAMIC 0000000000403e08 00002e08
00000000000001d0 0000000000000010 WA 7 0 8
[23] .got PROGBITS 0000000000403fd8 00002fd8
0000000000000010 0000000000000008 WA 0 0 8
[24] .got.plt PROGBITS 0000000000403fe8 00002fe8
0000000000000048 0000000000000008 WA 0 0 8
[25] .data PROGBITS 0000000000404030 00003030
0000000000000010 0000000000000000 WA 0 0 4
[26] .bss NOBITS 0000000000404040 00003040
0000000000000018 0000000000000000 WA 0 0 8
[27] .comment PROGBITS 0000000000000000 00003040
000000000000005c 0000000000000001 MS 0 0 1
[28] .annobin.notes STRTAB 0000000000000000 0000309c
000000000000014f 0000000000000001 MS 0 0 1
[29] .gnu.build.a[...] NOTE 0000000000406058 000031ec
0000000000000144 0000000000000000 0 0 4
[30] .debug_aranges PROGBITS 0000000000000000 00003330
0000000000000030 0000000000000000 0 0 1
[31] .debug_info PROGBITS 0000000000000000 00003360
000000000000040f 0000000000000000 0 0 1
[32] .debug_abbrev PROGBITS 0000000000000000 0000376f
00000000000001a9 0000000000000000 0 0 1
[33] .debug_line PROGBITS 0000000000000000 00003918
0000000000000126 0000000000000000 0 0 1
[34] .debug_str PROGBITS 0000000000000000 00003a3e
00000000000002f7 0000000000000001 MS 0 0 1
[35] .debug_line_str PROGBITS 0000000000000000 00003d35
00000000000000b4 0000000000000001 MS 0 0 1
[36] .symtab SYMTAB 0000000000000000 00003df0
0000000000000498 0000000000000018 37 27 8
[37] .strtab STRTAB 0000000000000000 00004288
0000000000000274 0000000000000000 0 0 1
[38] .shstrtab STRTAB 0000000000000000 000044fc
0000000000000194 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
D (mbind), l (large), p (processor specific)
```

## Relationship Between shdr and phdr

```
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000001000 0x0000000000401000 0x0000000000401000
0x0000000000000379 0x0000000000000379 R E 0x1000
03 .init .plt .plt.sec .text .fini
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[15] .text PROGBITS 00000000004010f0 000010f0
000000000000027b 0000000000000000 AX 0 0 16
```

The section `.text` range `Offset ~ Offset + Size` is in `Offset ~ Offset + FileSiz`.

2 changes: 2 additions & 0 deletions mkdocs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ nav:
- ULTask: ultask.md
- Contributing: CONTRIBUTING.md
- Knowledge:
- Elf: elf.md
- Relocations: relocations.md
- Symbol Value: symbol-value.md
- Data Structure: data-structure.md
Expand Down Expand Up @@ -130,6 +131,7 @@ plugins:
ULTask: 进程热修改器
Contributing: 贡献
Knowledge: 相关知识
Elf: ELF文件
Relocations: 重定向
Symbol Value: 符号地址
Data Structure: 数据结构
Expand Down
3 changes: 2 additions & 1 deletion src/elf/elf_api.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,8 @@ struct symbol {
* Maybe belongs to a VMA, and this vma is ELF format, which is the
* leader of all other PT_LOAD vmas.
*
* If symbol from ELF file, vma will equal to NULL.
* FIXME: If symbol from ELF file, we could found the vma by match
* the program header, the point it to right vma.
*/
struct vm_area_struct *vma;

Expand Down
4 changes: 2 additions & 2 deletions src/utils/task.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -550,11 +550,11 @@ int vma_peek_phdr(struct vm_area_struct *vma)
}

/* VMA is ELF, handle it */
vma->vma_elf = malloc(sizeof(struct vma_elf));
vma->vma_elf = malloc(sizeof(struct vma_elf_mem));
if (!vma->vma_elf)
return -ENOMEM;

memset(vma->vma_elf, 0x00, sizeof(struct vma_elf));
memset(vma->vma_elf, 0x00, sizeof(struct vma_elf_mem));

/* Copy ehdr from load var */
memcpy(&vma->vma_elf->ehdr, &ehdr, sizeof(ehdr));
Expand Down
7 changes: 4 additions & 3 deletions src/utils/task.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ static const char __unused *__VMA_TYPE_NAME[] = {

struct vm_area_struct;

struct vma_elf {
struct vma_elf_mem {
GElf_Ehdr ehdr;
GElf_Phdr *phdrs;
unsigned long load_addr;
Expand Down Expand Up @@ -118,13 +118,14 @@ struct vm_area_struct {
struct {
bool is_matched_phdr;
/**
* Point to leader ELF VMA's vma::vma_elf->phdrs[i] if matched.
* Point to leader ELF VMA's vma::vma_elf_mem->phdrs[i] if
* matched.
*/
GElf_Phdr phdr;
};

/* Only elf has it */
struct vma_elf *vma_elf;
struct vma_elf_mem *vma_elf;

/* Only VMA_ULPATCH has it */
struct vma_ulp *ulp;
Expand Down

0 comments on commit 2876fba

Please sign in to comment.