From f6240b494eadafabe9fc5abfa6bf26b7aec00dd4 Mon Sep 17 00:00:00 2001
From: kingking888 <184108270@qq.com>
Date: Wed, 20 May 2020 14:20:11 +0800
Subject: [PATCH] update readelf
---
.idea/.gitignore | 8 +
.idea/AndroidReverseEngineering.iml | 11 +
.../inspectionProfiles/profiles_settings.xml | 6 +
.idea/misc.xml | 7 +
.idea/modules.xml | 8 +
.idea/vcs.xml | 6 +
readelf/README.md | 58 +++
readelf/readelf.py | 361 ++++++++++++++++++
readelf/result.txt | 273 +++++++++++++
9 files changed, 738 insertions(+)
create mode 100644 .idea/.gitignore
create mode 100644 .idea/AndroidReverseEngineering.iml
create mode 100644 .idea/inspectionProfiles/profiles_settings.xml
create mode 100644 .idea/misc.xml
create mode 100644 .idea/modules.xml
create mode 100644 .idea/vcs.xml
create mode 100644 readelf/README.md
create mode 100644 readelf/readelf.py
create mode 100644 readelf/result.txt
diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100644
index 0000000..73f69e0
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
+# Editor-based HTTP Client requests
+/httpRequests/
diff --git a/.idea/AndroidReverseEngineering.iml b/.idea/AndroidReverseEngineering.iml
new file mode 100644
index 0000000..69440b3
--- /dev/null
+++ b/.idea/AndroidReverseEngineering.iml
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml
new file mode 100644
index 0000000..105ce2d
--- /dev/null
+++ b/.idea/inspectionProfiles/profiles_settings.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..8656114
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,7 @@
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..bad0ea0
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..94a25f7
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/readelf/README.md b/readelf/README.md
new file mode 100644
index 0000000..640df29
--- /dev/null
+++ b/readelf/README.md
@@ -0,0 +1,58 @@
+# AndroidReverseEngineering
+
+安卓逆向工程之so文件分析
+
+ SO文件是Linux下共享库文件,它的文件格式被称为ELF文件格式。在Android逆向中对so文件格式分析非常重要。
+ ELF文件主要由 ELF header 、section header table、program header table组成
+
+ ELF header
+
+ 什么是ELFheader?
+
+ 所谓的elfHeader也就是系统要解析一个elf文件第一步需要解析的地方,怎么解析不是本章的主要,本章只分析elf文件整体的框架,方面在脑袋里形成图画。所以elf文件头部包含了整个elf文件重要组成部分的offset,什么是重要的组成部分?上面说到了section header table、program header table。
+
+ ELFheader的组成:
+
+ 1.固定格式(ident/type/machine/version/entry):这些成员在同类型的elf文件中一般是固定的
+
+ 2.sectionHeaderTable信息(shoff/shentsize/shnum):此三个成员描述的是sectionHeaderTable的偏移、单个大小、总个数
+
+ 3.programHeaderTable信息(phoff/phentsize/phnum):同上,描述的是programHeaderTable的信息
+
+ 4.字符串表在sectionHeaderTable中的位置(这个先不说了,说也说不明白,等第二篇解析ELF文件的时候在说,总之有这个东西)
+
+ 换句话说:通过elfHeader我们便可获取到elf文件的各种信息。因为已经获取到了其他两个table的偏移、单个大小、总个数
+
+ section header table
+
+ 什么是section header table?
+
+ 一句话:一个so里面所有的资源。如变量名、字符串、执行代码、got、plt等。。。
+
+ sectionHeaderTable的组成:
+
+ 1.由多个sectionHeader组成,至于是多少个?上面ELFHreader已经告诉我们了
+
+ 2.每个sectionHeader又代表了不同的资源。如上面说的变量名、字符串、执行代码等。。。
+
+ 换句话说:section header table表示so里面所有的资源的一个表单
+
+ program header table
+
+ 什么是program header table?
+ 服务于sectionHreader的一张表!
+
+ sectionHeaderTable的组成:
+
+ 1.一个sectionHeaderTable由多个segment组成.
+
+ 2.而一个segment包含多个section
+
+ 换句话说: 从组成结构上可以看得出他主要是服务于section的,而section又是so的资源,所以狭义上我们可以理解成此表为告诉计算机要怎么加载解析so资源的一张表.
+
+使用:
+
+ Run readelf
+ 然后输入so的路径
+
+
diff --git a/readelf/readelf.py b/readelf/readelf.py
new file mode 100644
index 0000000..26c069f
--- /dev/null
+++ b/readelf/readelf.py
@@ -0,0 +1,361 @@
+# -*- coding: utf-8 -*-
+# !/usr/bin/env python
+
+"""
+-------------------------------------------------
+ File Name: readelf.py
+ Description : 分析so文件
+ Author : Andy Zhong
+ date: 2020/5/20
+-------------------------------------------------
+ Change Activity:
+ 2020/5/20:
+-------------------------------------------------
+"""
+
+__author__ = 'Andy Zhong'
+
+import sys
+import mmap
+import binascii
+
+
+def hexlify(data):
+ return '0x' + binascii.hexlify(data).decode()
+
+
+class ELFFile(object):
+ def __init__(self, elf):
+ self.header = ELFHeader(elf)
+ self.program_headers = []
+ current = self.header.phoff
+ for i in range(self.header.phnum):
+ p_header = ProgramHeader(elf, self.header, current)
+ self.program_headers.append(p_header)
+ current += self.header.phentsize
+
+ self.section_headers = []
+ self.strtable = None
+ current = self.header.shoff
+ for i in range(self.header.shnum):
+ s_header = SectionHeader(elf, self.header, current)
+ if i == self.header.shstrndx:
+ self.strtable = StrTableSection(elf, s_header)
+ self.section_headers.append(s_header)
+ current += self.header.shentsize
+
+ def print_program_header(self):
+ if len(self.program_headers) == 0:
+ print('There is no program header....')
+ return
+ ProgramHeader.print_title()
+ for header in self.program_headers:
+ header.print()
+
+ def print_section_header(self):
+ if len(self.section_headers) == 0:
+ print('There is no section header....')
+ return
+ SectionHeader.print_section_header_title()
+ for header in self.section_headers:
+ header.print()
+
+
+class ELFHeader(object):
+ def __init__(self, elf):
+ self.magic = elf[0:3]
+ if self.magic != b'\x7fEL':
+ raise ValueError('Illegal file format: ', self.magic)
+ self.clazz = elf[4]
+ self.data = elf[5]
+
+ original = lambda x: x
+ # (attr_name, size, transform_func)
+ items = [('version', 1, self.int_from_bytes),
+ ('osabi', 1, None),
+ ('abiversion', 1, None),
+ ('pad', 7, original),
+ ('type', 2, None),
+ ('machine', 2, None),
+ ('e_version', 4, self.int_from_bytes),
+ ('entry', 8 if self.is_64 else 4, original),
+ ('phoff', 8 if self.is_64 else 4, self.int_from_bytes),
+ ('shoff', 8 if self.is_64 else 4, self.int_from_bytes),
+ ('flags', 4, None),
+ ('ehsize', 2, self.int_from_bytes),
+ ('phentsize', 2, self.int_from_bytes),
+ ('phnum', 2, self.int_from_bytes),
+ ('shentsize', 2, self.int_from_bytes),
+ ('shnum', 2, self.int_from_bytes),
+ ('shstrndx', 2, self.int_from_bytes)]
+ current = 0x06
+ for item in items:
+ attr_name, size, transform_func = item
+ next_current = current + size
+ value = elf[current: next_current]
+ current = next_current
+ if transform_func is not None:
+ value = transform_func(value)
+ elif size != 1 and self.is_little:
+ value = value[::-1]
+ setattr(self, attr_name, value)
+
+ def int_from_bytes(self, bytes):
+ return int.from_bytes(bytes, 'little' if self.is_little else 'big', signed=True)
+
+ @property
+ def is_little(self):
+ return self.data == 1
+
+ @property
+ def is_64(self):
+ return self.clazz == 2
+
+ def _class_desc(self):
+ return 'ELF64' if self.is_64 else 'ELF32'
+
+ def _data_desc(self):
+ return "2's complement, little endian" if self.is_little else "2's complement, big endian"
+
+ def _osabi_desc(self):
+ abi = {b'\x00': "System V",
+ b'\x01': "HP-UX",
+ b'\x02': "NetBSD",
+ b'\x03': "Linux",
+ b'\x04': "GNU Hurd",
+ b'\x06': "Solaris",
+ b'\x07': "AIX",
+ b'\x08': "IRIX",
+ b'\x09': "FreeBSD"}
+ return abi[self.osabi]
+
+ def _type_desc(self):
+ type = {
+ b'\x00\x00': "NONE",
+ b'\x00\x01': "REL",
+ b'\x00\x02': "EXEC",
+ b'\x00\x03': "DYN",
+ b'\x00\x04': "CORE",
+ b'\xfe\x00': "LOOS",
+ b'\xfe\xff': "HIOS",
+ }
+ return type[self.type]
+
+ def _machine_desc(self):
+ machine = {
+ b'\x00\x00': 'NONE',
+ b'\x00\x02': 'SPARC',
+ b'\x00\x03': 'x86',
+ b'\x00\x08': 'MIPS',
+ b'\x00\x14': "PowerPC",
+ b'\x00\x16': "S390",
+ b'\x00\x28': 'ARM',
+ b'\x00\x2A': "SuperH",
+ b'\x00\x32': 'IA-64',
+ b'\x00\x3E': 'x86-64',
+ b'\x00\xB7': 'AArch64',
+ b'\x00\xF3': 'RISC-V'
+ }
+ return machine[self.machine]
+
+ def print(self):
+ width = 45
+ print('ELF Header: ')
+ print(' Class:'.ljust(width), self._class_desc())
+ print(' Data:'.ljust(width), self._data_desc())
+ print(' OS/ABI:'.ljust(width), self._osabi_desc())
+ print(' Type:'.ljust(width), self._type_desc())
+ print(' Machine:'.ljust(width), self._machine_desc())
+ print(' Entry point address:'.ljust(width), hex(self.int_from_bytes(self.entry)))
+ print(' Start of program headers:'.ljust(width), self.phoff, ' (bytes into file)')
+ print(' Start for section headers:'.ljust(width), self.shoff, ' (bytes into file)')
+ print(' Flags:'.ljust(width), self.flags)
+ print(' Size of this header:'.ljust(width), self.ehsize, ' (bytes)')
+ print(' Size of program header:'.ljust(width), self.phentsize, ' (bytes)')
+ print(' Number of program headers:'.ljust(width), self.phnum)
+ print(' Size of section headers:'.ljust(width), self.shentsize, ' (bytes)')
+ print(' Number of section headers:'.ljust(width), self.shnum)
+ print(' Section header string table index:'.ljust(width), self.shstrndx)
+ print('')
+
+
+class ProgramHeader(object):
+ def __init__(self, elf, elf_header, base):
+ address_offset = 8 if elf_header.is_64 else 4
+ items = [
+ ('type', 4, None),
+ ('flags', 4 if elf_header.is_64 else 0, None),
+ ('offset', address_offset, elf_header.int_from_bytes),
+ ('vaddr', address_offset, None),
+ ('paddr', address_offset, None),
+ ('filesz', address_offset, elf_header.int_from_bytes),
+ ('memsz', address_offset, elf_header.int_from_bytes),
+ ('flags', 0 if elf_header.is_64 else 4, None),
+ ('align', address_offset, elf_header.int_from_bytes)]
+ current = base
+ for item in items:
+ attr_name, size, transform_func = item
+ current_next = current + size
+ if size == 0:
+ continue
+ value = elf[current: current_next]
+ if transform_func is not None:
+ value = transform_func(value)
+ elif elf_header.is_little:
+ value = value[::-1]
+ setattr(self, attr_name, value)
+ current = current_next
+
+ @staticmethod
+ def print_item(items, item_width=10):
+ content = ' '.join(
+ [str(item).center(item_width) if type(item) is not tuple else str(item[0]).center(item[1]) for item in
+ items])
+ print(content)
+
+ def _type_desc(self):
+ types = {
+ b'\x00\x00\x00\x00': 'NULL',
+ b'\x00\x00\x00\x01': 'LOAD',
+ b'\x00\x00\x00\x02': 'DYNAMIC',
+ b'\x00\x00\x00\x03': 'INTERP',
+ b'\x00\x00\x00\x04': 'NOTE',
+ b'\x00\x00\x00\x05': 'SHLIB',
+ b'\x00\x00\x00\x06': 'PHDR',
+ b'\x60\x00\x00\x00': 'LOOS',
+ b'\x6F\xFF\xFF\xFF': 'HIOS',
+ b'\x70\x00\x00\x00': 'LOPROC',
+ b'\x7F\xFF\xFF\xFF': 'HIPROC'
+ }
+ if self.type in types:
+ return types[self.type]
+ return hexlify(self.type)
+
+ @staticmethod
+ def print_title():
+ ProgramHeader.print_item(['type', 'flags', 'offset', \
+ ('vaddr', 20), ('paddr', 20), \
+ 'filesz', 'memsz', 'align'])
+
+ def print(self):
+ ProgramHeader.print_item([self._type_desc(), hexlify(self.flags), self.offset, \
+ (hexlify(self.vaddr), 20), (hexlify(self.paddr), 20), \
+ self.filesz, self.memsz, self.align])
+
+
+class SectionHeader(object):
+ def __init__(self, elf, elf_header, base):
+ self.elf = elf
+ address_len = 8 if elf_header.is_64 else 4
+ items = [
+ ('name', 4, None),
+ ('type', 4, None),
+ ('flags', address_len, None),
+ ('addr', address_len, None),
+ ('offset', address_len, elf_header.int_from_bytes),
+ ('size', address_len, elf_header.int_from_bytes),
+ ('link', 4, elf_header.int_from_bytes),
+ ('info', 4, None),
+ ('addralign', address_len, elf_header.int_from_bytes),
+ ('entsize', address_len, elf_header.int_from_bytes)
+ ]
+ current = base
+ for item in items:
+ attr_name, size, transform_func = item
+ next_current = current + size
+ value = elf[current: next_current]
+ if transform_func is not None:
+ value = transform_func(value)
+ elif elf_header.is_little:
+ value = value[::-1]
+ current = next_current
+ setattr(self, attr_name, value)
+
+ def _type_desc(self):
+ types = {
+ b'\x00\x00\x00\x00': 'NULL',
+ b'\x00\x00\x00\x01': 'PROGBITS',
+ b'\x00\x00\x00\x02': 'SYMTAB',
+ b'\x00\x00\x00\x03': 'STRTAB',
+ b'\x00\x00\x00\x04': 'RELA',
+ b'\x00\x00\x00\x05': 'HASH',
+ b'\x00\x00\x00\x06': 'DYNAMIC',
+ b'\x00\x00\x00\x07': 'NOTE',
+ b'\x00\x00\x00\x08': 'NOBITS',
+ b'\x00\x00\x00\x09': 'REL',
+ b'\x00\x00\x00\x0A': 'SHLIB',
+ b'\x00\x00\x00\x0B': 'DYNSYM',
+ b'\x00\x00\x00\x0E': 'INIT_ARRAY',
+ b'\x00\x00\x00\x0F': 'FINI_ARRAY',
+ b'\x00\x00\x00\x10': 'PREINIT_ARRAY',
+ b'\x00\x00\x00\x11': 'GROUP',
+ b'\x00\x00\x00\x12': 'SYMTAB_SHNDX',
+ b'\x00\x00\x00\x13': 'NUM',
+ }
+ if self.type in types:
+ return types[self.type]
+ return hexlify(self.type)
+
+ def _flag_desc(self):
+ flags = {
+ 0x01: 'WRITE',
+ 0x02: 'ALLOC',
+ 0x04: 'EXECINSTR',
+ 0x10: 'MERGE',
+ 0x20: 'STRINGS',
+ 0x40: 'INFO_LINK',
+ 0x80: 'LINK_ORDER',
+ 0x100: 'OS_NONCONFORMING',
+ 0x0200: 'GROUP',
+ 0x0400: 'TLS',
+ 0x0ff00000: 'MASKOS',
+ 0xf0000000: 'MASKPROC',
+ 0x40000000: 'ORDERED',
+ 0x80000000: 'EXCLUDE'
+ }
+ flag = int.from_bytes(self.flags, byteorder='big')
+ if flag in flags:
+ return flags[flag]
+ else:
+ return hexlify(self.flags)
+
+ def _name_desc(self):
+ if self.elf.strtable is None:
+ return hexlify(self.name)
+ else:
+ return hexlify(self.name)
+
+ @staticmethod
+ def print_section_header_title():
+ ProgramHeader.print_item(['name', ('type', 15), ('flags', 20), \
+ ('addr', 20), ('offset', 5), ('size', 8), \
+ ('link', 8), 'info', 'addralign'])
+
+ def print(self):
+ ProgramHeader.print_item([hexlify(self.name), (self._type_desc(), 15), (self._flag_desc(), 20), \
+ (hexlify(self.addr), 20), (self.offset, 5), (self.size, 8), \
+ (self.link, 8), hexlify(self.info), self.addralign])
+
+
+class StrTableSection(object):
+ def __init__(self, elf, strtable_header):
+ content = elf[strtable_header.offset: strtable_header.offset + strtable_header.size]
+ self.strs = content.split(b'\x00')
+
+
+if __name__ == '__main__':
+ # file_path = sys.argv[1]
+ file_path = input("[请输入您的so文件路径,如:C:\\Users\\Administrator\\Desktop\\libcms.so]==>>>")
+ print("\n")
+ # file_path = r"C:\Users\Administrator\Desktop\libcms.so"
+ print("read elf info from: ", file_path)
+ elffile = open(file_path, 'r')
+ map = mmap.mmap(elffile.fileno(), 0, access=mmap.ACCESS_READ)
+ elf = ELFFile(map)
+ elf.header.print()
+ print('\nELF Program Headers:')
+ elf.print_program_header()
+ print('\nELF Section Headers: ')
+ elf.print_section_header()
+ map.close()
+ elffile.close()
diff --git a/readelf/result.txt b/readelf/result.txt
new file mode 100644
index 0000000..3e50a49
--- /dev/null
+++ b/readelf/result.txt
@@ -0,0 +1,273 @@
+ELF 头:
+ Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
+ 类别: ELF64
+ 数据: 2 补码,小端序 (little endian)
+ 版本: 1 (current)
+ OS/ABI: UNIX - System V
+ ABI 版本: 0
+ 类型: DYN (共享目标文件)
+ 系统架构: Advanced Micro Devices X86-64
+ 版本: 0x1
+ 入口点地址: 0x1040
+ 程序头起点: 64 (bytes into file)
+ Start of section headers: 14712 (bytes into file)
+ 标志: 0x0
+ 本头的大小: 64 (字节)
+ 程序头大小: 56 (字节)
+ Number of program headers: 11
+ 节头大小: 64 (字节)
+ 节头数量: 29
+ 字符串表索引节头: 28
+
+节头:
+ [号] 名称 类型 地址 偏移量
+ 大小 全体大小 旗标 链接 信息 对齐
+ [ 0] NULL 0000000000000000 00000000
+ 0000000000000000 0000000000000000 0 0 0
+ [ 1] .interp PROGBITS 00000000000002a8 000002a8
+ 000000000000001c 0000000000000000 A 0 0 1
+ [ 2] .note.ABI-tag NOTE 00000000000002c4 000002c4
+ 0000000000000020 0000000000000000 A 0 0 4
+ [ 3] .note.gnu.build-i NOTE 00000000000002e4 000002e4
+ 0000000000000024 0000000000000000 A 0 0 4
+ [ 4] .gnu.hash GNU_HASH 0000000000000308 00000308
+ 000000000000001c 0000000000000000 A 5 0 8
+ [ 5] .dynsym DYNSYM 0000000000000328 00000328
+ 00000000000000a8 0000000000000018 A 6 1 8
+ [ 6] .dynstr STRTAB 00000000000003d0 000003d0
+ 0000000000000082 0000000000000000 A 0 0 1
+ [ 7] .gnu.version VERSYM 0000000000000452 00000452
+ 000000000000000e 0000000000000002 A 5 0 2
+ [ 8] .gnu.version_r VERNEED 0000000000000460 00000460
+ 0000000000000020 0000000000000000 A 6 1 8
+ [ 9] .rela.dyn RELA 0000000000000480 00000480
+ 00000000000000c0 0000000000000018 A 5 0 8
+ [10] .rela.plt RELA 0000000000000540 00000540
+ 0000000000000018 0000000000000018 AI 5 22 8
+ [11] .init PROGBITS 0000000000001000 00001000
+ 000000000000001b 0000000000000000 AX 0 0 4
+ [12] .plt PROGBITS 0000000000001020 00001020
+ 0000000000000020 0000000000000010 AX 0 0 16
+ [13] .text PROGBITS 0000000000001040 00001040
+ 0000000000000195 0000000000000000 AX 0 0 16
+ [14] .fini PROGBITS 00000000000011d8 000011d8
+ 000000000000000d 0000000000000000 AX 0 0 4
+ [15] .rodata PROGBITS 0000000000002000 00002000
+ 0000000000000011 0000000000000000 A 0 0 4
+ [16] .eh_frame_hdr PROGBITS 0000000000002014 00002014
+ 0000000000000034 0000000000000000 A 0 0 4
+ [17] .eh_frame PROGBITS 0000000000002048 00002048
+ 00000000000000d8 0000000000000000 A 0 0 8
+ [18] .init_array INIT_ARRAY 0000000000003de8 00002de8
+ 0000000000000008 0000000000000008 WA 0 0 8
+ [19] .fini_array FINI_ARRAY 0000000000003df0 00002df0
+ 0000000000000008 0000000000000008 WA 0 0 8
+ [20] .dynamic DYNAMIC 0000000000003df8 00002df8
+ 00000000000001e0 0000000000000010 WA 6 0 8
+ [21] .got PROGBITS 0000000000003fd8 00002fd8
+ 0000000000000028 0000000000000008 WA 0 0 8
+ [22] .got.plt PROGBITS 0000000000004000 00003000
+ 0000000000000020 0000000000000008 WA 0 0 8
+ [23] .data PROGBITS 0000000000004020 00003020
+ 0000000000000010 0000000000000000 WA 0 0 8
+ [24] .bss NOBITS 0000000000004030 00003030
+ 0000000000000008 0000000000000000 WA 0 0 1
+ [25] .comment PROGBITS 0000000000000000 00003030
+ 000000000000002b 0000000000000001 MS 0 0 1
+ [26] .symtab SYMTAB 0000000000000000 00003060
+ 0000000000000600 0000000000000018 27 44 8
+ [27] .strtab STRTAB 0000000000000000 00003660
+ 000000000000020f 0000000000000000 0 0 1
+ [28] .shstrtab STRTAB 0000000000000000 0000386f
+ 0000000000000103 0000000000000000 0 0 1
+Key to Flags:
+ W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
+ L (link order), O (extra OS processing required), G (group), T (TLS),
+ C (compressed), x (unknown), o (OS specific), E (exclude),
+ l (large), p (processor specific)
+
+There are no section groups in this file.
+
+程序头:
+ Type Offset VirtAddr PhysAddr
+ FileSiz MemSiz Flags Align
+ PHDR 0x0000000000000040 0x0000000000000040 0x0000000000000040
+ 0x0000000000000268 0x0000000000000268 R 0x8
+ INTERP 0x00000000000002a8 0x00000000000002a8 0x00000000000002a8
+ 0x000000000000001c 0x000000000000001c R 0x1
+ [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
+ LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
+ 0x0000000000000558 0x0000000000000558 R 0x1000
+ LOAD 0x0000000000001000 0x0000000000001000 0x0000000000001000
+ 0x00000000000001e5 0x00000000000001e5 R E 0x1000
+ LOAD 0x0000000000002000 0x0000000000002000 0x0000000000002000
+ 0x0000000000000120 0x0000000000000120 R 0x1000
+ LOAD 0x0000000000002de8 0x0000000000003de8 0x0000000000003de8
+ 0x0000000000000248 0x0000000000000250 RW 0x1000
+ DYNAMIC 0x0000000000002df8 0x0000000000003df8 0x0000000000003df8
+ 0x00000000000001e0 0x00000000000001e0 RW 0x8
+ NOTE 0x00000000000002c4 0x00000000000002c4 0x00000000000002c4
+ 0x0000000000000044 0x0000000000000044 R 0x4
+ GNU_EH_FRAME 0x0000000000002014 0x0000000000002014 0x0000000000002014
+ 0x0000000000000034 0x0000000000000034 R 0x4
+ GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
+ 0x0000000000000000 0x0000000000000000 RW 0x10
+ GNU_RELRO 0x0000000000002de8 0x0000000000003de8 0x0000000000003de8
+ 0x0000000000000218 0x0000000000000218 R 0x1
+
+ Section to Segment mapping:
+ 段节...
+ 00
+ 01 .interp
+ 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt
+ 03 .init .plt .text .fini
+ 04 .rodata .eh_frame_hdr .eh_frame
+ 05 .init_array .fini_array .dynamic .got .got.plt .data .bss
+ 06 .dynamic
+ 07 .note.ABI-tag .note.gnu.build-id
+ 08 .eh_frame_hdr
+ 09
+ 10 .init_array .fini_array .dynamic .got
+
+Dynamic section at offset 0x2df8 contains 26 entries:
+ 标记 类型 名称/值
+ 0x0000000000000001 (NEEDED) 共享库:[libc.so.6]
+ 0x000000000000000c (INIT) 0x1000
+ 0x000000000000000d (FINI) 0x11d8
+ 0x0000000000000019 (INIT_ARRAY) 0x3de8
+ 0x000000000000001b (INIT_ARRAYSZ) 8 (bytes)
+ 0x000000000000001a (FINI_ARRAY) 0x3df0
+ 0x000000000000001c (FINI_ARRAYSZ) 8 (bytes)
+ 0x000000006ffffef5 (GNU_HASH) 0x308
+ 0x0000000000000005 (STRTAB) 0x3d0
+ 0x0000000000000006 (SYMTAB) 0x328
+ 0x000000000000000a (STRSZ) 130 (bytes)
+ 0x000000000000000b (SYMENT) 24 (bytes)
+ 0x0000000000000015 (DEBUG) 0x0
+ 0x0000000000000003 (PLTGOT) 0x4000
+ 0x0000000000000002 (PLTRELSZ) 24 (bytes)
+ 0x0000000000000014 (PLTREL) RELA
+ 0x0000000000000017 (JMPREL) 0x540
+ 0x0000000000000007 (RELA) 0x480
+ 0x0000000000000008 (RELASZ) 192 (bytes)
+ 0x0000000000000009 (RELAENT) 24 (bytes)
+ 0x000000006ffffffb (FLAGS_1) 标志: PIE
+ 0x000000006ffffffe (VERNEED) 0x460
+ 0x000000006fffffff (VERNEEDNUM) 1
+ 0x000000006ffffff0 (VERSYM) 0x452
+ 0x000000006ffffff9 (RELACOUNT) 3
+ 0x0000000000000000 (NULL) 0x0
+
+重定位节 '.rela.dyn' at offset 0x480 contains 8 entries:
+ 偏移量 信息 类型 符号值 符号名称 + 加数
+000000003de8 000000000008 R_X86_64_RELATIVE 1130
+000000003df0 000000000008 R_X86_64_RELATIVE 10e0
+000000004028 000000000008 R_X86_64_RELATIVE 4028
+000000003fd8 000100000006 R_X86_64_GLOB_DAT 0000000000000000 _ITM_deregisterTMClone + 0
+000000003fe0 000300000006 R_X86_64_GLOB_DAT 0000000000000000 __libc_start_main@GLIBC_2.2.5 + 0
+000000003fe8 000400000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0
+000000003ff0 000500000006 R_X86_64_GLOB_DAT 0000000000000000 _ITM_registerTMCloneTa + 0
+000000003ff8 000600000006 R_X86_64_GLOB_DAT 0000000000000000 __cxa_finalize@GLIBC_2.2.5 + 0
+
+重定位节 '.rela.plt' at offset 0x540 contains 1 entry:
+ 偏移量 信息 类型 符号值 符号名称 + 加数
+000000004018 000200000007 R_X86_64_JUMP_SLO 0000000000000000 puts@GLIBC_2.2.5 + 0
+
+The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.
+
+Symbol table '.dynsym' contains 7 entries:
+ Num: Value Size Type Bind Vis Ndx Name
+ 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
+ 1: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTab
+ 2: 0000000000000000 0 FUNC GLOBAL DEFAULT UND puts@GLIBC_2.2.5 (2)
+ 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.2.5 (2)
+ 4: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
+ 5: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable
+ 6: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.2.5 (2)
+
+Symbol table '.symtab' contains 64 entries:
+ Num: Value Size Type Bind Vis Ndx Name
+ 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
+ 1: 00000000000002a8 0 SECTION LOCAL DEFAULT 1
+ 2: 00000000000002c4 0 SECTION LOCAL DEFAULT 2
+ 3: 00000000000002e4 0 SECTION LOCAL DEFAULT 3
+ 4: 0000000000000308 0 SECTION LOCAL DEFAULT 4
+ 5: 0000000000000328 0 SECTION LOCAL DEFAULT 5
+ 6: 00000000000003d0 0 SECTION LOCAL DEFAULT 6
+ 7: 0000000000000452 0 SECTION LOCAL DEFAULT 7
+ 8: 0000000000000460 0 SECTION LOCAL DEFAULT 8
+ 9: 0000000000000480 0 SECTION LOCAL DEFAULT 9
+ 10: 0000000000000540 0 SECTION LOCAL DEFAULT 10
+ 11: 0000000000001000 0 SECTION LOCAL DEFAULT 11
+ 12: 0000000000001020 0 SECTION LOCAL DEFAULT 12
+ 13: 0000000000001040 0 SECTION LOCAL DEFAULT 13
+ 14: 00000000000011d8 0 SECTION LOCAL DEFAULT 14
+ 15: 0000000000002000 0 SECTION LOCAL DEFAULT 15
+ 16: 0000000000002014 0 SECTION LOCAL DEFAULT 16
+ 17: 0000000000002048 0 SECTION LOCAL DEFAULT 17
+ 18: 0000000000003de8 0 SECTION LOCAL DEFAULT 18
+ 19: 0000000000003df0 0 SECTION LOCAL DEFAULT 19
+ 20: 0000000000003df8 0 SECTION LOCAL DEFAULT 20
+ 21: 0000000000003fd8 0 SECTION LOCAL DEFAULT 21
+ 22: 0000000000004000 0 SECTION LOCAL DEFAULT 22
+ 23: 0000000000004020 0 SECTION LOCAL DEFAULT 23
+ 24: 0000000000004030 0 SECTION LOCAL DEFAULT 24
+ 25: 0000000000000000 0 SECTION LOCAL DEFAULT 25
+ 26: 0000000000000000 0 FILE LOCAL DEFAULT ABS init.c
+ 27: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
+ 28: 0000000000001070 0 FUNC LOCAL DEFAULT 13 deregister_tm_clones
+ 29: 00000000000010a0 0 FUNC LOCAL DEFAULT 13 register_tm_clones
+ 30: 00000000000010e0 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux
+ 31: 0000000000004030 1 OBJECT LOCAL DEFAULT 24 completed.7286
+ 32: 0000000000003df0 0 OBJECT LOCAL DEFAULT 19 __do_global_dtors_aux_fin
+ 33: 0000000000001130 0 FUNC LOCAL DEFAULT 13 frame_dummy
+ 34: 0000000000003de8 0 OBJECT LOCAL DEFAULT 18 __frame_dummy_init_array_
+ 35: 0000000000000000 0 FILE LOCAL DEFAULT ABS helloworld.c
+ 36: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
+ 37: 000000000000211c 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__
+ 38: 0000000000000000 0 FILE LOCAL DEFAULT ABS
+ 39: 0000000000003df0 0 NOTYPE LOCAL DEFAULT 18 __init_array_end
+ 40: 0000000000003df8 0 OBJECT LOCAL DEFAULT 20 _DYNAMIC
+ 41: 0000000000003de8 0 NOTYPE LOCAL DEFAULT 18 __init_array_start
+ 42: 0000000000002014 0 NOTYPE LOCAL DEFAULT 16 __GNU_EH_FRAME_HDR
+ 43: 0000000000004000 0 OBJECT LOCAL DEFAULT 22 _GLOBAL_OFFSET_TABLE_
+ 44: 00000000000011d0 5 FUNC GLOBAL DEFAULT 13 __libc_csu_fini
+ 45: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTab
+ 46: 0000000000004020 0 NOTYPE WEAK DEFAULT 23 data_start
+ 47: 0000000000000000 0 FUNC GLOBAL DEFAULT UND puts@@GLIBC_2.2.5
+ 48: 0000000000004030 0 NOTYPE GLOBAL DEFAULT 23 _edata
+ 49: 00000000000011d8 0 FUNC GLOBAL HIDDEN 14 _fini
+ 50: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_
+ 51: 0000000000004020 0 NOTYPE GLOBAL DEFAULT 23 __data_start
+ 52: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
+ 53: 0000000000004028 0 OBJECT GLOBAL HIDDEN 23 __dso_handle
+ 54: 0000000000002000 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used
+ 55: 0000000000001160 101 FUNC GLOBAL DEFAULT 13 __libc_csu_init
+ 56: 0000000000004038 0 NOTYPE GLOBAL DEFAULT 24 _end
+ 57: 0000000000001040 47 FUNC GLOBAL DEFAULT 13 _start
+ 58: 0000000000004030 0 NOTYPE GLOBAL DEFAULT 24 __bss_start
+ 59: 0000000000001139 34 FUNC GLOBAL DEFAULT 13 main
+ 60: 0000000000004030 0 OBJECT GLOBAL HIDDEN 23 __TMC_END__
+ 61: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable
+ 62: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@@GLIBC_2.2
+ 63: 0000000000001000 0 FUNC GLOBAL HIDDEN 11 _init
+
+Version symbols section '.gnu.version' contains 7 entries:
+ 地址:0000000000000452 Offset: 0x000452 Link: 5 (.dynsym)
+ 000: 0 (*本地*) 0 (*本地*) 2 (GLIBC_2.2.5) 2 (GLIBC_2.2.5)
+ 004: 0 (*本地*) 0 (*本地*) 2 (GLIBC_2.2.5)
+
+Version needs section '.gnu.version_r' contains 1 entry:
+ 地址:0x0000000000000460 Offset: 0x000460 Link: 6 (.dynstr)
+ 000000: Version: 1 文件:libc.so.6 计数:1
+ 0x0010: Name: GLIBC_2.2.5 标志:无 版本:2
+
+Displaying notes found in: .note.ABI-tag
+ 所有者 Data size Description
+ GNU 0x00000010 NT_GNU_ABI_TAG (ABI version tag)
+ OS: Linux, ABI: 3.2.0
+
+Displaying notes found in: .note.gnu.build-id
+ 所有者 Data size Description
+ GNU 0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring)
+ Build ID: 7b05d407cc9308c507c5aad8955ef0d3db19563d