二进制安全-ELF-实验:查询函数定义对应的ELF文件

原创 已于 2023-04-15 17:55:08 修改 · 192 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#ELF

于 2023-04-15 13:23:39 首次发布
文章展示了使用readelf工具分析ELF文件的符号表,包括静态链接和动态链接的情况。对比了未strip和strip后的文件,关注点在于全局函数如add以及动态库函数如printf和__libc_start_main。还提到了对象文件中的局部和全局变量。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

1 需求

2 语法

3 示例:not stripped

总结:

  • 静态链接:
    • symtab:47: 0000000000000681    20 FUNC    GLOBAL DEFAULT   14 add
  • 动态链接:
    • symtab:46: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND add
    • dynsym:2: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND add

readelf -s main 

Symbol table '.dynsym' contains 7 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_deregisterTMCloneTab
     2: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND printf@GLIBC_2.2.5 (2)
     3: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.2.5 (2)
     4: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
     5: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_registerTMCloneTable
     6: 0000000000000000     0 FUNC    WEAK   DEFAULT  UND __cxa_finalize@GLIBC_2.2.5 (2)

Symbol table '.symtab' contains 65 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 0000000000000238     0 SECTION LOCAL  DEFAULT    1 
     2: 0000000000000254     0 SECTION LOCAL  DEFAULT    2 
     3: 0000000000000274     0 SECTION LOCAL  DEFAULT    3 
     4: 0000000000000298     0 SECTION LOCAL  DEFAULT    4 
     5: 00000000000002b8     0 SECTION LOCAL  DEFAULT    5 
     6: 0000000000000360     0 SECTION LOCAL  DEFAULT    6 
     7: 00000000000003e4     0 SECTION LOCAL  DEFAULT    7 
     8: 00000000000003f8     0 SECTION LOCAL  DEFAULT    8 
     9: 0000000000000418     0 SECTION LOCAL  DEFAULT    9 
    10: 00000000000004d8     0 SECTION LOCAL  DEFAULT   10 
    11: 00000000000004f0     0 SECTION LOCAL  DEFAULT   11 
    12: 0000000000000510     0 SECTION LOCAL  DEFAULT   12 
    13: 0000000000000530     0 SECTION LOCAL  DEFAULT   13 
    14: 0000000000000540     0 SECTION LOCAL  DEFAULT   14 
    15: 0000000000000714     0 SECTION LOCAL  DEFAULT   15 
    16: 0000000000000720     0 SECTION LOCAL  DEFAULT   16 
    17: 0000000000000728     0 SECTION LOCAL  DEFAULT   17 
    18: 0000000000000770     0 SECTION LOCAL  DEFAULT   18 
    19: 0000000000200db8     0 SECTION LOCAL  DEFAULT   19 
    20: 0000000000200dc0     0 SECTION LOCAL  DEFAULT   20 
    21: 0000000000200dc8     0 SECTION LOCAL  DEFAULT   21 
    22: 0000000000200fb8     0 SECTION LOCAL  DEFAULT   22 
    23: 0000000000201000     0 SECTION LOCAL  DEFAULT   23 
    24: 0000000000201010     0 SECTION LOCAL  DEFAULT   24 
    25: 0000000000000000     0 SECTION LOCAL  DEFAULT   25 
    26: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    27: 0000000000000570     0 FUNC    LOCAL  DEFAULT   14 deregister_tm_clones
    28: 00000000000005b0     0 FUNC    LOCAL  DEFAULT   14 register_tm_clones
    29: 0000000000000600     0 FUNC    LOCAL  DEFAULT   14 __do_global_dtors_aux
    30: 0000000000201010     1 OBJECT  LOCAL  DEFAULT   24 completed.7698
    31: 0000000000200dc0     0 OBJECT  LOCAL  DEFAULT   20 __do_global_dtors_aux_fin
    32: 0000000000000640     0 FUNC    LOCAL  DEFAULT   14 frame_dummy
    33: 0000000000200db8     0 OBJECT  LOCAL  DEFAULT   19 __frame_dummy_init_array_
    34: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS main.c
    35: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS add.c
    36: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    37: 0000000000000894     0 OBJECT  LOCAL  DEFAULT   18 __FRAME_END__
    38: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS 
    39: 0000000000200dc0     0 NOTYPE  LOCAL  DEFAULT   19 __init_array_end
    40: 0000000000200dc8     0 OBJECT  LOCAL  DEFAULT   21 _DYNAMIC
    41: 0000000000200db8     0 NOTYPE  LOCAL  DEFAULT   19 __init_array_start
    42: 0000000000000728     0 NOTYPE  LOCAL  DEFAULT   17 __GNU_EH_FRAME_HDR
    43: 0000000000200fb8     0 OBJECT  LOCAL  DEFAULT   22 _GLOBAL_OFFSET_TABLE_
    44: 0000000000000710     2 FUNC    GLOBAL DEFAULT   14 __libc_csu_fini
    45: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_deregisterTMCloneTab
    46: 0000000000201000     0 NOTYPE  WEAK   DEFAULT   23 data_start
    47: 0000000000000681    20 FUNC    GLOBAL DEFAULT   14 add
    48: 0000000000201010     0 NOTYPE  GLOBAL DEFAULT   23 _edata
    49: 0000000000000714     0 FUNC    GLOBAL DEFAULT   15 _fini
    50: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND printf@@GLIBC_2.2.5
    51: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@@GLIBC_
    52: 0000000000201000     0 NOTYPE  GLOBAL DEFAULT   23 __data_start
    53: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
    54: 0000000000201008     0 OBJECT  GLOBAL HIDDEN    23 __dso_handle
    55: 0000000000000720     4 OBJECT  GLOBAL DEFAULT   16 _IO_stdin_used
    56: 00000000000006a0   101 FUNC    GLOBAL DEFAULT   14 __libc_csu_init
    57: 0000000000201018     0 NOTYPE  GLOBAL DEFAULT   24 _end
    58: 0000000000000540    43 FUNC    GLOBAL DEFAULT   14 _start
    59: 0000000000201010     0 NOTYPE  GLOBAL DEFAULT   24 __bss_start
    60: 000000000000064a    55 FUNC    GLOBAL DEFAULT   14 main
    61: 0000000000201010     0 OBJECT  GLOBAL HIDDEN    23 __TMC_END__
    62: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_registerTMCloneTable
    63: 0000000000000000     0 FUNC    WEAK   DEFAULT  UND __cxa_finalize@@GLIBC_2.2
    64: 00000000000004f0     0 FUNC    GLOBAL DEFAULT   11 _init

readelf -s main_dyn  

Symbol table '.dynsym' contains 13 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_deregisterTMCloneTab
     2: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND add
     3: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND printf@GLIBC_2.2.5 (2)
     4: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.2.5 (2)
     5: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
     6: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_registerTMCloneTable
     7: 0000000000000000     0 FUNC    WEAK   DEFAULT  UND __cxa_finalize@GLIBC_2.2.5 (2)
     8: 0000000000201010     0 NOTYPE  GLOBAL DEFAULT   23 _edata
     9: 0000000000201018     0 NOTYPE  GLOBAL DEFAULT   24 _end
    10: 0000000000201010     0 NOTYPE  GLOBAL DEFAULT   24 __bss_start
    11: 00000000000005e8     0 FUNC    GLOBAL DEFAULT   11 _init
    12: 0000000000000804     0 FUNC    GLOBAL DEFAULT   15 _fini

Symbol table '.symtab' contains 64 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 0000000000000238     0 SECTION LOCAL  DEFAULT    1 
     2: 0000000000000254     0 SECTION LOCAL  DEFAULT    2 
     3: 0000000000000274     0 SECTION LOCAL  DEFAULT    3 
     4: 0000000000000298     0 SECTION LOCAL  DEFAULT    4 
     5: 00000000000002d0     0 SECTION LOCAL  DEFAULT    5 
     6: 0000000000000408     0 SECTION LOCAL  DEFAULT    6 
     7: 00000000000004be     0 SECTION LOCAL  DEFAULT    7 
     8: 00000000000004d8     0 SECTION LOCAL  DEFAULT    8 
     9: 00000000000004f8     0 SECTION LOCAL  DEFAULT    9 
    10: 00000000000005b8     0 SECTION LOCAL  DEFAULT   10 
    11: 00000000000005e8     0 SECTION LOCAL  DEFAULT   11 
    12: 0000000000000600     0 SECTION LOCAL  DEFAULT   12 
    13: 0000000000000630     0 SECTION LOCAL  DEFAULT   13 
    14: 0000000000000640     0 SECTION LOCAL  DEFAULT   14 
    15: 0000000000000804     0 SECTION LOCAL  DEFAULT   15 
    16: 0000000000000810     0 SECTION LOCAL  DEFAULT   16 
    17: 0000000000000818     0 SECTION LOCAL  DEFAULT   17 
    18: 0000000000000858     0 SECTION LOCAL  DEFAULT   18 
    19: 0000000000200da0     0 SECTION LOCAL  DEFAULT   19 
    20: 0000000000200da8     0 SECTION LOCAL  DEFAULT   20 
    21: 0000000000200db0     0 SECTION LOCAL  DEFAULT   21 
    22: 0000000000200fb0     0 SECTION LOCAL  DEFAULT   22 
    23: 0000000000201000     0 SECTION LOCAL  DEFAULT   23 
    24: 0000000000201010     0 SECTION LOCAL  DEFAULT   24 
    25: 0000000000000000     0 SECTION LOCAL  DEFAULT   25 
    26: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    27: 0000000000000670     0 FUNC    LOCAL  DEFAULT   14 deregister_tm_clones
    28: 00000000000006b0     0 FUNC    LOCAL  DEFAULT   14 register_tm_clones
    29: 0000000000000700     0 FUNC    LOCAL  DEFAULT   14 __do_global_dtors_aux
    30: 0000000000201010     1 OBJECT  LOCAL  DEFAULT   24 completed.7698
    31: 0000000000200da8     0 OBJECT  LOCAL  DEFAULT   20 __do_global_dtors_aux_fin
    32: 0000000000000740     0 FUNC    LOCAL  DEFAULT   14 frame_dummy
    33: 0000000000200da0     0 OBJECT  LOCAL  DEFAULT   19 __frame_dummy_init_array_
    34: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS main.c
    35: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    36: 000000000000095c     0 OBJECT  LOCAL  DEFAULT   18 __FRAME_END__
    37: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS 
    38: 0000000000200da8     0 NOTYPE  LOCAL  DEFAULT   19 __init_array_end
    39: 0000000000200db0     0 OBJECT  LOCAL  DEFAULT   21 _DYNAMIC
    40: 0000000000200da0     0 NOTYPE  LOCAL  DEFAULT   19 __init_array_start
    41: 0000000000000818     0 NOTYPE  LOCAL  DEFAULT   17 __GNU_EH_FRAME_HDR
    42: 0000000000200fb0     0 OBJECT  LOCAL  DEFAULT   22 _GLOBAL_OFFSET_TABLE_
    43: 0000000000000800     2 FUNC    GLOBAL DEFAULT   14 __libc_csu_fini
    44: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_deregisterTMCloneTab
    45: 0000000000201000     0 NOTYPE  WEAK   DEFAULT   23 data_start
    46: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND add
    47: 0000000000201010     0 NOTYPE  GLOBAL DEFAULT   23 _edata
    48: 0000000000000804     0 FUNC    GLOBAL DEFAULT   15 _fini
    49: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND printf@@GLIBC_2.2.5
    50: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@@GLIBC_
    51: 0000000000201000     0 NOTYPE  GLOBAL DEFAULT   23 __data_start
    52: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
    53: 0000000000201008     0 OBJECT  GLOBAL HIDDEN    23 __dso_handle
    54: 0000000000000810     4 OBJECT  GLOBAL DEFAULT   16 _IO_stdin_used
    55: 0000000000000790   101 FUNC    GLOBAL DEFAULT   14 __libc_csu_init
    56: 0000000000201018     0 NOTYPE  GLOBAL DEFAULT   24 _end
    57: 0000000000000640    43 FUNC    GLOBAL DEFAULT   14 _start
    58: 0000000000201010     0 NOTYPE  GLOBAL DEFAULT   24 __bss_start
    59: 000000000000074a    55 FUNC    GLOBAL DEFAULT   14 main
    60: 0000000000201010     0 OBJECT  GLOBAL HIDDEN    23 __TMC_END__
    61: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_registerTMCloneTable
    62: 0000000000000000     0 FUNC    WEAK   DEFAULT  UND __cxa_finalize@@GLIBC_2.2
    63: 00000000000005e8     0 FUNC    GLOBAL DEFAULT   11 _init

3 示例:stripped

readelf -s main

Symbol table '.dynsym' contains 7 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_deregisterTMCloneTab
     2: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND printf@GLIBC_2.2.5 (2)
     3: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.2.5 (2)
     4: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
     5: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_registerTMCloneTable
     6: 0000000000000000     0 FUNC    WEAK   DEFAULT  UND __cxa_finalize@GLIBC_2.2.5 (2)

readelf -s main_dyn

Symbol table '.dynsym' contains 13 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 
     1: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_deregisterTMCloneTab
     2: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND add
     3: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND printf@GLIBC_2.2.5 (2)
     4: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.2.5 (2)
     5: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
     6: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _ITM_registerTMCloneTable
     7: 0000000000000000     0 FUNC    WEAK   DEFAULT  UND __cxa_finalize@GLIBC_2.2.5 (2)
     8: 0000000000201010     0 NOTYPE  GLOBAL DEFAULT   23 _edata
     9: 0000000000201018     0 NOTYPE  GLOBAL DEFAULT   24 _end
    10: 0000000000201010     0 NOTYPE  GLOBAL DEFAULT   24 __bss_start
    11: 00000000000005e8     0 FUNC    GLOBAL DEFAULT   11 _init
    12: 0000000000000804     0 FUNC    GLOBAL DEFAULT   15 _fini

3 示例

grep -r websGetVar ./

objdump -t libgo.so| grep -e "\.c" -e "websGetVar" 

readelf -s libgo.so | grep -e "\.c" -e "websGetVar"

4 参考资料

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值