分类: LINUX
2009-05-13 20:15:10
Executable and Linkable Format (ELF)
Contents
Preface
1 OBJECT FILES
Introduction 1-1
ELF Header 1-3
Sections 1-8
String Table 1-16
Symbol Table 1-17
Relocation 1-21
2 PROGRAM LOADING AND DYNAMIC LINKING
Introduction 2-1
Program Header 2-2
Program Loading 2-7
Dynamic Linking 2-10
3 C LIBRARY
C Library 3-1
I Index
Index I-1
Figures and Tables
Figure 1-1: Object File Format 1-1
Figure 1-2: 32-Bit Data Types 1-2
Figure 1-3: ELF Header 1-3
Figure 1-4: e_ident[ ] Identification Indexes 1-5
Figure 1-5: Data Encoding ELFDATA2LSB 1-6
Figure 1-6: Data Encoding ELFDATA2MSB 1-6
Figure 1-7: 32-bit Intel Architecture Identification, e_ident 1-7
Figure 1-8: Special Section Indexes 1-8
Figure 1-9: Section Header 1-9
Figure 1-10: Section Types, sh_type 1-10
Figure 1-11: Section Header Table Entry: Index 0 1-11
Figure 1-12: Section Attribute Flags, sh_flags 1-12
Figure 1-13: sh_link and sh_info Interpretation 1-13
Figure 1-14: Special Sections 1-13
Figure 1-15: String Table Indexes 1-16
Figure 1-16: Symbol Table Entry 1-17
Figure 1-17: Symbol Binding, ELF32_ST_BIND 1-18
Figure 1-18: Symbol Types, ELF32_ST_TYPE 1-19
Figure 1-19: Symbol Table Entry: Index 0 1-20
Figure 1-20: Relocation Entries 1-21
Figure 1-21: Relocatable Fields 1-22
Figure 1-22: Relocation Types 1-23
Figure 2-1: Program Header 2-2
Figure 2-2: Segment Types, p_type 2-3
Figure 2-3: Note Information 2-4
Figure 2-4: Example Note Segment 2-5
Figure 2-5: Executable File 2-7
Figure 2-6: Program Header Segments 2-7
Figure 2-7: Process Image Segments 2-8
Figure 2-8: Example Shared Object Segment Addresses 2-9
Figure 2-9: Dynamic Structure 2-12
Figure 2-10: Dynamic Array Tags, d_tag 2-12
Figure 2-11: Global Offset Table 2-17
Figure 2-12: Absolute Procedure Linkage Table 2-17
Figure 2-13: Position-Independent Procedure Linkage Table 2-18
Figure 2-14: Symbol Hash Table 2-19
Figure 2-15: Hashing Function 2-20
Figure 3-1: libc Contents, Names without Synonyms 3-1
Figure 3-2: libc Contents, Names with Synonyms 3-1
Figure 3-3: libc Contents, Global External Data Symbols 3-2
Preface
ELF: Executable and Linking Format
The
Executable and Linking Format was originally developed and published by
UNIX System Laboratories (USL) as part of the Application Binary
Interface (ABI). The Tool Interface Standards committee (TIS) has
selected the evolving(使进化发展) ELF standard as a portable object file
format that works on 32-bit Intel Architecture environments for a
variety of operating systems.
(可执行连接格式起初是作为UNIX系统实验室(USL)作为应用程序二进制接口(ABI)的一部分而开发和发布的。工具接口标准委员会(TIS)选择了正在发展中的ELF标准作为 可运行在32位INTEL体系的各种操作系统上的可移植的二进制文件格式。)
The
ELF standard is intended to streamline software development by
providing developers with a set of binary interface definitions that
extend across multiple operating environments. This should reduce the
number of different interface implementations, thereby reducing the
need for recoding and recompiling code.
(ELF标准的目的是通过为开发者提供一个可扩展到多种操作系统环境的二进制接口规范,来简化软件的开发工作。减少了不同种类的接口实现的数量,代码的重新编码重新编译的需求也随之而减化。)
About This Document
This
document is intended for developers who are creating object or
executable files on various 32-bit environment operating systems. It is
divided into the following three parts:
Part 1, ‘‘Object Files’’ describes the ELF object file format for the three main types of object files.
Part
2, ‘‘Program Loading and Dynamic Linking’’ describes the object file
information and system actions that create running programs.
Part 3,
‘‘C Library’’ lists the symbols contained in libsys, the standard ANSI
C and libc routines, and the global data symbols required by the libc
routines.
(这篇文档是为那些想在各种32位操作系统环境上创建目标文件、可执行文件的开发者们准备的。文档分为以下三个部分:
* 第一部分, “目标文件Object Files”描述了三种主要类型目标文件的ELF目标文件格式。
* 第二部分, “程序加载和动态连接”描述了目标文件的相关信息和在创建运行程序时的系统行为。
* 第三部分, “C 语言库”列出了 libsys中包含的符号, 标准ANSI C 和libc的例程函数,还有libc例程函数所必需的全局数据符号。)
NOTE:References to X86 architecture have been changed to Intel Architecture.
(注意: 参考的X86体系已经被改成了Intel体系。)
Introduction 1-1
File Format 1-1
Data Representation 1-2
ELF Header 1-3
ELF Identification 1-5
Machine Information 1-7
Sections 1-8
Special Sections 1-13
String Table 1-16
Symbol Table 1-17
Symbol Values 1-20
Relocation 1-21
Relocation Types 1-22
Part
1 describes the iABI object file format, called ELF (Executable and
Linking Format). There are three main types of object files.
(第一部分描述iABI目标文件格式,称为ELF(Executable and Linking Format). 目标文件主要有3种类型。)
A
relocatable file holds code and data suitable for linking with other
object files to create an executable or a shared object file.
(* 可重定位文件:保存着代码和数据,适合于和其他的目标文件连接到一起,用来创建一个可执行目标文件或者是一个可共享目标文件。)
An executable file holds a program suitable for execution; the file specifies how exec(BA_OS) creates a program’s process image.
(* 可执行文件:保存着一个用来执行的程序(program);该文件指定exec(BA_OS)如何创建程序的进程映象。)
A
shared object file holds code and data suitable for linking in two
contexts(上下文环境). First, the link editor [see ld(SD_CMD)] may process it
with other relocatable and shared object files to create another object
file. Second, the dynamic linker combines it with an executable file
and other shared objects to create a process image.
(*
可共享目标文件:保存着的代码和数据,适合于在两种上下文环境里进行连接。第一种情况:是连接编辑器[请参看ld(SD_CMD)],可以把它和其它的可
重定位目标文件们和共享目标文件们一起进行处理,来创建另一目标文件(是静态的东西)。第二种情况:是动态链接器,可以把它和一个可执行文件文件和其他共
享目标文件们结合(combine)起来,创建一个进程映象(是动态的东西)。)
Created by the assembler and
link editor, object files are binary representations of programs
intended to execute directly on a processor. Programs that require
other abstract machines, such as shell scripts, are excluded.
(用汇编器和联接编辑器创建出来的目标文件,都是以程序的二进制格式来存放的,以便能在在处理器上直接运行。那些需要其他抽象机器的程序,比如象shell脚本,除外。)
After the introductory material, Part 1 focures on the file format and how it pertains(适合于) to building programs.
Part 2 also describes parts of the object file, concentrating on the information necessary to execute a program.
(在介绍性的材料过后,第一部分重点描述着文件的格式和文件格式怎样适于建立(building)程序(program)。第二部分也描述了object文件的几个组成部分,重点介绍执行一个程序所必须的信息。)
Object
files participate in program linking (building a program) and program
execution (running a program). For convenience and efficiency, the
object file format provides parallel views(视图) of a file’s contents,
reflecting the differing needs of these activities(即:program linking 和
program execution). Figure 1-1 shows an object file’s organization.
(目
标文件参与程序联接 (building a program)和程序执行 (running a program)。为了方便和有效率,目标文件格式
为一个文件的内容 提供2种并行的视图,2种组织方法反映出linking和execution 两种活动(activity)的不同需要。例
1-1图显示了一个object文件的组织结构图。)
An
ELF header resides at the beginning and holds a ‘‘road map’’(地图)
describing the file’s organization. Sections hold the bulk of object
file information for the program linking view: instructions(指令), data,
symbol table, relocation information, and so on. Descriptions of
special(特殊的) sections appear later in Part 1. Part 2 discusses segments
and the program execution view of the
file.(也即:sections是和程序连接相关;segments是和程序执行相关)
(ELF头位于文件的最开头部分,保存着一张描述文件
组织结构的“地图”。sections 保存目标文件的有关连接视图的信息:包括指令,数据,符号表,重定位信息等等。在第一部分当中有
特殊sections的描述。第二部分讨论segments和object文件的程序执行视图。)
A program header
table, if present, tells the system how to create a process image.
Files used to build a process image (execute a program) must have a
program header table; relocatable files do not need one.
(一个程序头表(program header table)(如果存在的话),告诉系统如何来创建一个进程映象。参与建立进程映象(即执行一个程序)的文件们必须要有一个程序头表(program header table);重定位文件们不需要程序头表。)
A
section header table contains information describing the file’s
sections. Every section has an entry in the table; each entry gives
information such as the section name, the section size, etc. Files used
during linking must have a section header table; other object files may
or may not have one.
(一个section头表(section header
table)包含了文件sections的相关信息。每个section在这个表中有一个表项;每个表项内容包括:section名字,section大
小,等信息。参与联接过程的文件们都必须有一个section头表;其他目标文件们的section头表可有可无。)
NOTE:Although
the figure shows the program header table immediately after the ELF
header, and the section header table following the sections, actual
files may differ. Moreover, sections and segments have no specified
order. Only the ELF header has a fixed position(固定位置) in the file.
(注意: 虽然上面图示的情形是程序头表的位置紧跟在ELF头的后面,section头表跟在sections的后面,但在实际的文件中位置是可变的。此外,sections和segments也没有特别的顺序。只有ELF header在文件中的位置必须是固定的。)
As
described here, the object file format supports various processors with
8-bit bytes and 32-bit architectures.Nevertheless, it is intended to be
extensible to larger (or smaller) architectures. Object files therefore
represent some control data with a machine-independent format, making
it possible to identify object files and interpret their(object files)
contents in a common way. Remaining data in an object file use the
encoding of the target processor, regardless of the machine on which
the file was created.
(object文件格式支持8位、32位架构不同的处理器。不过,它试图努力扩展到更大或更小的体系
上运行。因此,object文件采用与机器无关的格式表示一些控制数据,使得可用一种通用的方法识别object文件和描述他们的内容。在object文
件中其余的数据使用目标处理器的编码,不管文件是在哪台机器上创建的。)
(即:只需要把目标文件中的控制数据表示成机器无关格式就可以广泛移植了,而文件其余的数据按照目标处理器编码即可)
All
data structures that the object file format defines
(目标文件格式定义的所有数据结构)follow the ‘‘natural’’ size and alignment guidelines
for the relevant class(相关类型的对齐准则). If necessary, data structures
contain explicit padding(明确的填充字节) to ensure 4-byte alignment for 4-byte
objects(4字节对象,例如:4字节大小的数据结构), to force data structure sizes to a
multiple of 4(4的倍数), etc. Data also have suitable alignment from the
beginning of the file. Thus, for example, a data structure containing
an Elf32_Addr member will be aligned on a 4-byte boundary within the
file.
For portability reasons, ELF uses no bit-fields.
(目标文件格式定义的所
有数据结构都是依照“自然”大小和相关类型的对齐准则。如果需要的话,数据结构中包含了明确的填充字节,强制使数据结构的大小是4的倍数,
以保证4-byte
object是4字节对齐的。在文件开头的数据也有适当的对齐。例如,一个包含了一个Elf32_Addr成员的数据结构将会在文件中对齐到4字节的边界
上。
因为移植性的原因,ELF不使用位字段(bit-fields)。)
Some object
file control structures can grow, because the ELF header contains their
actual sizes. If the object file format changes, a program may
encounter control structures that are larger or smaller than expected.
Programs might therefore ignore ‘‘extra’’ information. The treatment of
‘‘missing’’ information depends on context and will be specified when
and if extensions are defined??.
(一些object文件的控制数据结构能够增长,因为ELF头包含了他们
实际的尺寸。假如object文件格式改变,程序可能会遇到或大或小他们不能预期的控制数据结构尺寸。程序可能因此忽略额外多余的信息。对于缺少的信息的
处理要依赖于上下文,如果扩展名(extensions)被定义,缺少的信息将会被指定。)
e_ident:
The initial bytes mark the file as an object file and provide
machine-independent data with which to decode and interpret the file’s
contents. Complete descriptions appear below, in ‘‘ELF Identification.’’
(e_ident标明文件为一个object文件,e_ident[]数组里面也提供了机器无关的数据用来解码和解释目标文件的内容。这些在下面的ELF Identification部分有详尽的描述。)
e_type: This member identifies the object file type.
Name Value Meaning
==== ===== =======
ET_NONE 0 No file type
ET_REL 1 Relocatable file
ET_EXEC 2 Executable file
ET_DYN 3 Shared object file
ET_CORE 4 Core file
ET_LOPROC 0xff00 Processor-specific
ET_HIPROC 0xffff Processor-specific
Although
the core file contents are unspecified, type ET_CORE is reserved to
mark the core file. Values from ET_LOPROC through ET_HIPROC (inclusive)
are reserved for processor-specific semantics. Other values are
reserved and will be assigned to new object file types as necessary.
(虽然CORE的文件内容未被指定详细说明,ET_CORE类型是保留用于core 文件的。从 ET_LOPROC 到 ET_HIPROC(包括ET_HIPROC)是为处理器特定相关的语义保留的。其他的保留值需要的话将来可用于新的object文件类型。)
e_machine: This member’s value specifies the required architecture for an individual file.
(e_machine成员的值指定一个单独文件必需的体系结构。)
Name Value Meaning
==== ===== =======
EM_NONE 0 No machine
EM_M32 1 AT&T WE 32100
EM_SPARC 2 SPARC
EM_386 3 Intel 80386
EM_68K 4 Motorola 68000
EM_88K 5 Motorola 88000
EM_860 7 Intel 80860
EM_MIPS 8 MIPS RS3000
Other
values are reserved and will be assigned to new machines as necessary.
Processor-specific ELF names use the machine name to distinguish them.
For example, the flags(即:e_flags) mentioned below use the prefix EF_; a
flag named WIDGET for the EM_XYZ machine would be called EF_XYZ_WIDGET.
(如有需要,其他保留的值将可用于新的机器类型上。机器名字可区分处理器特定相关的ELF名字。例如,下面将要被提到的成员flags使用前缀EF_;名字为WIDGET的flag用于一台EM_XYZ机器上,就叫做EF_XYZ_WIDGET。)
e_version: This member identifies the object file version.
(e_version 成员识别object文件的版本)
Name Value Meaning
==== ===== =======
EV_NONE 0 Invalid version
EV_CURRENT 1 Current version
The
value 1 signifies the original file format; extensions(未来的扩展) will
create new versions with higher numbers. The value of EV_CURRENT,
though given as 1 above, will change as necessary to reflect the
current version number.
(值1表示最初的文件格式(版本);extensions(未来扩展?)将会创建更高的(>1)版本数字。EV_CURRENT值(虽然上面给出为1)也将会根据需要而改变以反映当前的(最新)版本号。)
e_entry:
This member gives the virtual address to which the system first
transfers control, thus starting the process. If the file has no
associated entry point??, this member holds zero.
(e_entry成员是系统第一次将控制传递到的虚拟地址,从而启动进程。假如文件没有任何相关联的入口点,该成员的值为0。)
e_phoff:This member holds the program header table’s file offset in bytes. If
the file has no program header table, this member holds zero.
(e_phoff成员保持着程序头表(program header table)在文件中的偏移量(以字节为单位计数)。假如该文件没有程序头表的的话,该成员就保持为0。)
e_shoff:
This member holds the section header table’s file offset in bytes. If
the file has no section header table, this member holds zero.
(e_shoff成员保持着section头表(section header table)在文件中的偏移量(以字节为单位计数)。假如该文件没有section头表的的话,该成员就保持为0。)
e_flags:
This member holds processor-specific flags associated with the file.
Flag names take form the EF_machine_flag. See ‘‘Machine Information’’
for flag definitions(定义).
(e_flags成员保存着相关文件的处理器特定相关标志。flag的名字取自于EF_machine_flag。参看“Machine Information”部分的flag的定义。)
e_ehsize: This member holds the ELF header’s size in bytes.
(e_ehsize成员保存着ELF头大小(以字节为单位计数)。)
e_phentsize: This member holds the size in bytes of one entry in the file’s program header table; all entries are the same size.
(e_phentsize成员保存着文件的程序头表中每一个表项的大小(以字节计数)。所有的表项大小相同。)
e_phnum:
This member holds the number of entries in the program header table.
Thus the product of e_phentsize and e_phnum gives the table’s size in
bytes. If a file has no program header table, e_phnum holds the value
zero.
(e_phnum成员保存程序头表中全部表项的个数。因此,e_phentsize和e_phnum的乘积就是表的大小(以字节计数)。如果程序头表不存在,e_phnum的值为0。)
e_shentsize:
This member holds a section header’s size in bytes. A section header is
one entry in the section header table; all entries are the same size.
(e_shentsize成员保存着section头的大小(以字节计数)。一个section头就是section头表的一个表项;所有的表项大小相同。)
e_shnum: This member holds the number of entries in the section header table.
Thus the product of e_shentsize and e_shnum gives the section header
table’s size in bytes. If a file has no section header table, e_shnum
holds the value zero.
(e_shnum成员保存着section header table中的全部表项的个数。因此,e_shentsize和e_shnum的乘积就是section头表的大小(以字节计数)。如果文件没有section头表,e_shnum值为0。)
e_shstrndx: This member holds the section header table index of the entry
associated with the section name string table.?? If the file has no
section name string table, this member holds the value SHN_UNDEF. See
‘‘Sections’’ and ‘‘String Table’’ below for more information.
(该成员保存着section name string table相关表项(对应)的section头表索引。假如文件中没有section name string table,该变量值为SHN_UNDEF。)
As
mentioned above, ELF provides an object file framework(构架) to support
multiple processors, multiple data encodings, and multiple classes of
machines. To support this object file family, the initial bytes of the
file(e_ident[] =16 bytes) specify how to interpret the file, (initial
bytes in e_ident[] is)independent of the processor on which the inquiry
is made and (is also) independent of the file’s remaining contents.
The initial bytes of an ELF header (and an object file) correspond to the e_ident member.
(在上面提到的,ELF提供了一个目标文件架构来支持多种处理机,多种数据编码方式,及多种机器类型。为了支持这个目标文件家族(family),文件最初的几个字节是不依赖于处理器构架的,而且和文件剩下的内容无关,它们用来说明如何解释该文件。
ELF头(以及object文件头)最初的几个字节就是e_ident成员。)
Figure 1-4: e_ident[ ] Identification Indexes
Name Value Purpose
==== ===== =======
EI_MAG0 0 File identification
EI_MAG1 1 File identification
EI_MAG2 2 File identification
EI_MAG3 3 File identification
EI_CLASS 4 File class
EI_DATA 5 Data encoding
EI_VERSION 6 File version
EI_PAD 7 Start of padding bytes
EI_NIDENT 16 Size of e_ident[]
These indexes access bytes that hold the following values.
EI_MAG0 to EI_MAG3:A file’s first 4 bytes hold a ‘‘magic number,’’ identifying the file as an ELF object file.
(文件的前4个字符保存着一个魔术数(magic number),用来标识该文件是否为一个ELF目标文件。)
Name Value Position
==== ===== ========
ELFMAG0 0x7f e_ident[EI_MAG0]
ELFMAG1 'E' e_ident[EI_MAG1]
ELFMAG2 'L' e_ident[EI_MAG2]
ELFMAG3 'F' e_ident[EI_MAG3]
EI_CLASS: The next byte, e_ident[EI_CLASS], identifies the file’s class, or capacity(兼容性).
(e_ident[EI_CLASS],用来标识文件的类型或者相容性(capacity)。)
Name Value Meaning
==== ===== =======
ELFCLASSNONE 0 Invalid class
ELFCLASS32 1 32-bit objects
ELFCLASS64 2 64-bit objects
The
file format is designed to be portable among machines of various sizes,
without imposing(强加于 impossible) the sizes of the largest machine on
the smallest. EI_CLASS value ELFCLASS32 supports machines with files
and virtual address spaces up to 4 gigabytes; it uses the basic types
defined above. Class value ELFCLASS64 is reserved for 64-bit
architectures. Its appearance here shows how the object file may
change, but the 64-bit format is otherwise unspecified. Other classes
will be defined as necessary, with different basic types and sizes for
object file data.
(文件格式被设计成在不同size的机器中可伸缩移植的,而不至于在小型机上勉强用大型机上的尺寸
(size)。类型ELFCLASS32支持虚拟地址空间最大可达4GB的机器;它使用上面定义过的基本类型。类型ELFCLASS64为64位体系的机器保留。它表明了object文件可能演变的趋势,但是64位的格式目前还没有被定义。需要的话,也将会为目标文件数据定义其他classes(具有不同
的basic types和不同的大小尺寸。))
EI_DATA: Byte e_ident[EI_DATA] specifies the
data encoding of the processor-specific data in the object file. The
following encodings are currently defined.
(字节e_ident[EI_DATA]指定了object文件中与特定处理器相关的数据的编码方式。当前定义了以下编码方式。)
Name Value Meaning
==== ===== =======
ELFDATANONE 0 Invalid data encoding
ELFDATA2LSB 1 See below
ELFDATA2MSB 2 See below
More information on these encodings appears below. Other values are reserved and will be assigned to new encodings as necessary.
(更多的关于这些编码的含义在下面详细叙述。其他值保留,用于将来分配给新的编码方式。)
EI_VERSION:
Byte e_ident[EI_VERSION] specifies the ELF header version number.
Currently, this value must be EV_CURRENT, as explained above for
e_version.
(字节e_ident[EI_VERSION]指定了ELF头的版本号。现在这个值一定要设为EV_CURRENT,EV_CURRENT的解释在前面的e_version部分。)
EI_PAD:
This value marks the beginning of the unused bytes in e_ident[]. These
bytes are reserved and set to zero; programs that read object files
should ignore them. The value of EI_PAD will change in the future if
currently unused bytes are given meanings.
(EI_PAD标明了在e_ident[]中未使用字节的开始(位置)。这些未使用字节被保留并被设置为0;从object 文件程序时读取应该忽略他们。假如当前未被使用的字节将来被赋予了新的涵义,EI_PAD的值也将会改变。)
A
file’s data encoding (EI_DATA)specifies how to interpret the basic objects in a
file. As described above, class ELFCLASS32 files use objects that
occupy 1, 2, and 4 bytes. Under the defined encodings, objects are
represented as shown below. Byte numbers appear in the upper left
corners.
(一个文件的数据编码(EI_DATA)指出了如何来解释一个文件中基本的数据对象。在上述的描述中,class ELFCLAS32的文件使用的数据结构对象占用1,2或4字节。在这种编码方式的定义下,数据对象表示如下。Byte numbers出现在左上角。)
Encoding ELFDATA2LSB specifies 2's complement values, with the least significant byte occupying the lowest address.
(ELFDATA2LSB编码指定了2的补数值,最小有意义的字节占有最低的地址。)
Encoding ELFDATA2MSB specifies 2’s complement values, with the most significant byte occupying the lowest address.
(ELFDATA2MSB编码指定了2的补数值,最大有意义的字节占有最低的地址。)
For file identification in e_ident[], the 32-bit Intel Architecture requires the following values.
(为了在e_ident中标识文件,32位Intel体系结构的需要以下的值。)
Processor identification resides in the ELF header’s e_machine member and must have the value EM_386.The
ELF header’s e_flags member holds bit flags associated with the file.
The 32-bit Intel Architecture defines no flags; so this member contains
zero.
(ELF头里的e_machine成员用来标识处理器,其值必须为EM_386。ELF头里的e_flags成员保存了与文件相关的位标记。32位Intel体系上未定义位标记;所以这个成员的值为0。)
An
object file’s section header table lets one locate all the file’s
sections. The section header table is an array of Elf32_Shdr structures
as described below. A section header table index is a subscript(下标)
into this array.
The ELF header’s(Elf32_Ehdr) e_shoff member gives
the byte offset from the beginning of the file to the section header
table; e_shnum tells how many entries the section header table
contains; e_shentsize gives the size in bytes of each entry.
Some section header table indexes are reserved; an object file will not have sections for these special indexes.
(一个object文件的section头表可以让我们定位文件中所有的sections。section头表是个Elf32_Shdr结构的数组(在后面描述)。一个section 头表索引是这个数组的一个下标。
ELF header (Elf32_Ehdr)中:e_shoff成员给出了section头表的偏移量(从文件开始计算的字节数);e_shnum成员给出section头表中包含了多少个表项;e_shentsize 成员给出了每个表项的大小。
某些section头表索引是保留的;这些特殊的索引在一个object文件中没有与之对应sections。)
Figure 1-8: Special Section Index
Name Value
==== =====
SHN_UNDEF 0
SHN_LORESERVE 0xff00
SHN_LOPROC 0xff00
SHN_HIPROC 0xff1f
SHN_ABS 0xfff1
SHN_COMMON 0xfff2
SHN_HIRESERVE 0xffff
SHN_UNDEF: This value marks an undefined, missing, irrelevant(无关的), or otherwise
meaningless section reference. For example, a symbol ‘‘defined’’
relative to section number SHN_UNDEF(定义的与sention头表索引号SHN_UNDEF相关的标号们)
is an undefined symbol.
(该值标明一个 未定义,缺失,无关的或者无意义的section引用。例如,一个 被定义的 与sention头表索引号SHN_UNDEF有关的 符号是一个未定义符号。)
NOTE:Although
index 0(即:SHN_UNDEF) is reserved as the undefined value, the section
header table (still) contains an entry for index 0. That is, if the
e_shnum member of the ELF header says a file has 6 entries in the
section header table, they have the indexes 0 through 5. The contents
of the initial entry are specified later in this section.
(注意:
虽然索引0保留作为未定义的值,section报头表仍会为索引0保留一个表项。因此,假如ELF报头中的e_shnum成员说一个文件的section
报头表中有6个section表项的话,6个section表项的索引值应该是从0到5。初始表项的内容以后在这个section中被指定。)
SHN_LORESERVE: This value specifies the lower bound of the range of reserved indexes.
(该值指定被保留索引范围的最小边界值。)
SHN_LOPROC: through SHN_HIPROC Values in this inclusive range are reserved for processor-specific semantics.
(该范围值为特定处理器相关的语意保留。)
SHN_ABS:
This value specifies absolute values for the corresponding reference.
For example, symbols defined relative to section number SHN_ABS have
absolute values and are not affected by relocation.
(该值指定对应引用的绝对值。例如,被定义的与sention头表索引号SHN_ABS相关的符号们拥有绝对数值,不被重定位影响。)
SHN_COMMON:
Symbols defined relative to this section number SHN_COMMON are common
symbols, such as FORTRAN COMMON or unallocated C external
variables(外部变量).
(被定义的与sention头表索引号SHN_COMMON相关的符号们是一般符号,例如:FORTRAN COMMON或者未分配的C外部变量。)
SHN_HIRESERVE:
This value specifies the upper bound of the range of reserved indexes.
The system reserves indexes between SHN_LORESERVE and SHN_HIRESERVE,
inclusive(包括再内的); and these values do not reference the section header
table.That is, the section header table does not contain entries for
the reserved indexes.
(该值指定被保留索引范围的上限值。系统保留从SHN_LORESERVE到SHN_HIRESERVE之间的索引值;这些索引值不引用到section头表(的表项)。也就是说,section头表不含被保留索引值们的表项。)
Sections
contain all information in an object file, except the ELF header, the
program header table, and the section header table. Moreover, object
files’ sections satisfy several conditions:
(1) Every section in an
object file has exactly one section header describing it. Section
headers may exist that do not have a section.
(2) Each section occupies one contiguous (possibly empty) sequence of bytes within a file.
(3) Sections in a file may not overlap. No byte in a file resides in more than one section.
(4)
An object file may have inactive space. The various headers and the
sections might not ‘‘cover’’(笼罩普及) every byte in an object file. The
contents of the inactive data are unspecified.
除了ELF header,program
header table和section header
table,sections包含了一个object文件中其它所有信息(注意是指信息而非数据,即控制管理object文件的相关信息,而不是指
object文件中的所有字节数据)。此外,object文件的sections满足几个条件:
* 每个在object文件中的section都有一个确切的section的头来描述它。
可能会有section头存在但section不存在的情况。
* 每个section在文件中都占有一段相临连续的字节(但可能是空的)。
* 文件中的Sections不能重叠。文件中任何一个字节不能同时在多个section中。
* object文件可以有"非活动的"空间。所有的报头和sections未必能覆盖遍及
object文件中的每个字节。"非活动"数据的内容是未指定的。
Figure 1-9: Section Header
typedef struct {
Elf32_Word sh_name;
Elf32_Word sh_type;
Elf32_Word sh_flags;
Elf32_Addr sh_addr;
Elf32_Off sh_offset;
Elf32_Word sh_size;
Elf32_Word sh_link;
Elf32_Word sh_info;
Elf32_Word sh_addralign;
Elf32_Word sh_entsize;
} Elf32_Shdr;
sh_name:
This member specifies the name of the section. Its value is an index
into the section header string table section [see ‘‘String Table’’
below], giving the location of a null-terminated string.
(sh_name指定
section的名字。 Sh_name的值(例如:.dynsym) 是section头字符表中的一个索引值。[参看后面的“String
Table”,section header string table 存放在 .shstrtab section里面],
通过section头字符表可以查找出以NULL空字符结尾的字符串的位置。)
sh_type: This member
categorizes the section’s contents and semantics(按内容和意义分类). Section
types and their descriptions appear below.
sh_flags: Sections support 1-bit flags that describe miscellaneous(各种各样的) attributes. Flag definitions appear below.
sh_addr:
If the section will appear in the memory image of a process, this
member gives the address(内存地址) at which the section’s first byte should
reside. Otherwise, the member contains 0.
(如果一个section将参与出现在进程的内存映象里,sh_addr成员给出了该section的第一字节在内存中的驻留的地址。否则,sh_addr值为0。) (section是和程序连接相关的,所以sh_addr很重要)
sh_offset:
This member’s value gives the byte offset from the beginning of the
file to the first byte in the section. One section type, SHT_NOBITS
described below, occupies no space in the file, and its sh_offset
member locates the conceptual placement?? in the file.
(sh_offset给出了section的在文件中的字节偏移量(从文件开头到 section的第1个字节)。SHT_NOBITS类型的section(在后面讨论)在文件中不占空间,它的sh_offset成员定位在文件中的概念上的位置。)
sh_size:
This member gives the section’s size in bytes. Unless the section type
is SHT_NOBITS, the section occupies sh_size bytes in the file. A
section of SHT_NOBITS type may have a non-zero size, but it occupies no
space in the file.
(sh_size成员给出了section的大小(字节为单位)。除非这个section的类型为SHT_NOBITS,否则该section将在文件中将占有sh_size个字节。SHT_NOBITS类型的section的大小可能是非0的,但是在文件中不占空间。)
sh_link:
This member holds a section header table index link??, whose
interpretation depends on the section type. A table below describes the
values.
sh_info: This member holds extra information(额外的信息), whose
interpretation depends on the section type. A table below describes the
values.
sh_addralign: Some sections have address alignment
constraints. For example, if a section holds a double word, the system
must ensure doubleword alignment for the entire section. That is, the
value of sh_addr must be congruent to 0, modulo the value of
sh_addralign. Currently, only 0 and positive integral powers of two are
allowed. Values 0 and 1 mean the section has no alignment constraints.
(一些sections有地址对齐的约束。例如,假如一个section保存着一个双字,系统就必须确保整个section是双字对齐的。也就是说
sh_addr的值以sh_addralign的值取模结果为0。目前,sh_addralign允许取值0和2的正整数次幂,值为0和1表示该
section没有对齐约束。)
sh_entsize: Some sections hold a table of fixed-size
entries, such as a symbol table. For such a section, this member gives
the size in bytes of each entry. The member contains 0 if the section
does not hold a table of fixed-size entries.
(一些sections中(例如:.hash
.dynsym .symtab .plt
.got等secion)保存着一张表,该表的表项是大小固定的,比如符号表。对于这样的section来说,该成员给出了这张表每个表项的大小(字节为
单位)。如果该section没有保存着一张固定大小entry的表,sh_entsize成员就为0。(注意:字符串表的每个表项大小是不固定的,所以
.dynstr .shstrtab .strtab等section 的sh_entsize的值也为0))
A section header’s sh_type member specifies the section’s semantics(语意).
Figure 1-10: Section Types, sh_type
Name Value
==== =====
SHT_NULL 0
SHT_PROGBITS 1
SHT_SYMTAB 2
SHT_STRTAB 3
SHT_RELA 4
SHT_HASH 5
SHT_DYNAMIC 6
SHT_NOTE 7
SHT_NOBITS 8
SHT_REL 9
SHT_SHLIB 10
SHT_DYNSYM 11
SHT_LOPROC 0x70000000
SHT_HIPROC 0x7fffffff
SHT_LOUSER 0x80000000
SHT_HIUSER 0xffffffff
SHT_NULL:
This value marks the section header as inactive; it does not have an
associated section. Other members of the section header have undefined
values.
(sh_type=SHT_NULL 表明该section头是非活动的;它没有相关联的section。该section头的其他成员的值都是未定义的。)
SHT_PROGBITS:
The section holds information defined by the program, whose format and
meaning are determined(决定) solely(唯一地) by the program.
(sh_type=SHT_PROGBITS 表明该section保存着 被程序所定义信息,这些信息的格式和意义唯一取决于这个程序。)
SHT_SYMTAB and SHT_DYNSYM: These
sections hold a symbol table. Currently, an object file may have only
one section of each type(每种类型的section), but this restriction may be
relaxed in the future.
Typically, SHT_SYMTAB section provides
symbols for link editing, though it may also be used for dynamic
linking. As a complete symbol table, it may contain many symbols
unnecessary for dynamic linking. Consequently, an object file may also
contain a SHT_DYNSYM section, which holds a minimal set of dynamic
linking symbols, to save space. See ‘‘Symbol Table’’ below for details.
(这些类型的sections中保存着一个符号表(symbol table)。目前,一个object文件中SHT_SYMTAB和SHT_DYNSYM类型的section各只有一个,但是,在将来这个约束可能被放宽。
典型的,SHT_SYMTAB为连接器提供标号,当然它也可被动态连接时使用。SHT_SYMTAB包含了一个完整的符号表,可能包含的一些符号,在动态连接时根本用不着。因此,一个object文件也包含了一个SHT_DYNSYM类型的section,它保存着动态连接时所需最小的符号集合,以便节省空间。参看下面符号表“Symbol Table”的详细说明。)
SHT_STRTAB:
The section holds a string table. An object file may have multiple
string table sections. See ‘‘String Table’’ below for details.
(sh_type=SHT_STRTAB 表明该section保存着一个字符串表。一个object文件可以有多个SHT_STRTAB类型的section以包含多个字符串表。详情看下面字符串表“String Table”的详细说明。)
SHT_RELA:
The section holds relocation entries with explicit addends, such as
type Elf32_Rela for the 32-bit class of object files. An object file
may have multiple relocation sections. See ‘‘Relocation’’ below for
details.
(sh_type=SHT_RELA
表明该section保存着带有明确加数的重定位表项,比如object文件的32位类型重定位表项:Elf32_Rela。一个object文件可能有
多个重定位的sections。具体细节参看重定位“Relocation”部分。)
SHT_HASH: The section holds
a symbol hash table. All objects file participating in dynamic linking
must contain a symbol hash table. Currently, an object file may have
only one hash table, but this restriction may be relaxed in the future.
See ‘‘Hash Table’’ in Part 2 for details.
(sh_type=SHT_HASH
表明该section保存着一个
符号哈希表。所有参与动态连接的object必须包含一个符号哈希表。当前,一个object文件只有一个哈希表。但是,在将来这个约束可能被放宽。详细
细节看第二部分的哈希表"Hash Table"。)
SHT_DYNAMIC: The section holds information
for dynamic linking. Currently, an object file may have only one
dynamic section, but this restriction may be relaxed in the future. See
‘‘Dynamic Section’’ in Part 2 for details.
(sh_type=SHT_DYNAMIC 表明该section保存着用于动态连接的信息。当前,一个object可能只有一个动态的section,但是,将来这个限制可能被取消。详细细节看第二部分的“Dynamic Section”。)
SHT_NOTE: The section holds information that marks the file in some way. See ‘‘Note Section’’ in Part 2 for details.
(sh_type=SHT_NOTE 表明该section保存着其他的一些标志文件的信息。)
SHT_NOBITS:
A section of this type occupies no space in the file but otherwise
resembles SHT_PROGBITS. Although this section contains no bytes, this
type section’s sh_offset member contains the conceptual file offset.
(sh_type=SHT_NOBITS 表明该section在文件中不占空间,但是类似于SHT_PROGBITS类型section。 尽管该类型section不包含字节,但是section头的sh_offset成员包含了概念上的文件偏移量。)
SHT_REL:
The section holds relocation entries without explicit addends, such as
type Elf32_Rel for the 32-bit class of object files. An object file may
have multiple relocation sections. See ‘‘Relocation’’ below for
details.( SHT_RELA The section holds relocation entries with explicit
addends)
(sh_type=SHT_REL
表明该section保存着不带有明确加数的重定位表项,比如object文件的32位类型重定位表项:Elf32_Rel。一个object文件可能有
多个重定位的sections。具体细节参看重定位“Relocation”部分。)
SHT_SHLIB: This section type
is reserved but has unspecified semantics. Programs that contain a
section of this type do not conform to the ABI.
(sh_type=SHT_SHLIB 表明该section为保留但语意没有指明。包含这个类型的section的程序是不符合ABI的。)
SHT_LOPROC through SHT_HIPROC: Values in this inclusive range are reserved for processor-specific semantics.
(sh_type在SHT_LOPROC-SH_HIPROC范围之间的值为特定处理器语意保留的。)
SHT_LOUSER: This value specifies the lower bound of the range of indexes reserved for application programs(用户应用程序).
(SHT_LOUSER是为应用程序保留的索引范围的最小边界。)
SHT_HIUSER:
This value specifies the upper bound of the range of indexes reserved
for application programs. Section types between SHT_LOUSER and
SHT_HIUSER may be used by the application, without conflicting with
current or future system-defined section types.
(SHT_HIUSER是为应用程序保留的索引范围的最大边界。在SHT_LOUSER和HIUSER之间的section类型可能被应用程序使用,这和当前或者将来系统定义的section类型是不冲突的。)
Other
section type values are reserved. As mentioned before, the section
header for index 0 (SHN_UNDEF) exists, even though the index marks
undefined section references. This entry holds the following.
(其他
section类型值是保留的。前面提到过,section头表的index
0(SHN_UNDEF)对应的section头是存在的,尽管index 0标记的是未定义的section引用。)
Index
0对应的section header table 表项保存着以下的信息。
Figure 1-11: Section Header Table Entry: Index 0
Name Value Note
==== ===== ====
sh_name 0 No name
sh_type SHT_NULL Inactive
sh_flags 0 No flags
sh_addr 0 No address
sh_offset 0 No file offset
sh_size 0 No size
sh_link SHN_UNDEF No link information
sh_info 0 No auxiliary information
sh_addralign 0 No alignment
sh_entsize 0 No entries
A
section header’s sh_flags member holds 1-bit flags that describe the
section’s attributes. Defined values appear below; other values are
reserved.
(section头的sh_flags成员保存着1位标记,用来描述section的属性。以下是定义的值;其他的值保留。)
Figure 1-12: Section Attribute Flags, sh_flags
Name Value
==== =====
SHF_WRITE 0x1
SHF_ALLOC 0x2
SHF_EXECINSTR 0x4
SHF_MASKPROC 0xf0000000
If
a flag bit is set in sh_flags, the attribute is ‘‘on’’ for the section.
Otherwise, the attribute is ‘‘off’’ or does not apply. Undefined
attributes are set to zero.
(假如设置了在sh_flags中的某个标志位,该section相应的属性就被打开了。否则,该属性就是关闭的。未定义的属性设为0。)
SHF_WRITE: The section contains data that should be writable during process execution.
(sh_flags=SHF_WRITE 表明该section包含的数据在进程执行过程中应该可写。)
SHF_ALLOC:
The section occupies memory during process execution. Some control
sections do not reside in the memory image of an object file; this
attribute is off for those sections.
(sh_flags=SHF_ALLOC 表明该section在进程执行过程中占据着内存。但有一些控制section没有驻留在目标文件的内存映象中;这些sections的SHF_ALLOC属性是关闭的。)
SHF_EXECINSTR: The section contains executable machine instructions(可执行的机器指令).
(sh_flags=SHF_EXECINSTR 表明该section包含了可执行的机器指令。)
SHF_MASKPROC: All bits included in this mask are reserved for processor-specific semantics.
(sh_flags=SHF_MASKPROC这个掩码中包括的所有的位是为特定处理器语意保留的。)
Two members in the section header, sh_link and sh_info, hold special information, depending on section type.
(对section头中的成员sh_link和sh_info的解释要依赖于该section的类型:sh_type。)
Figure 1-13: sh_link and sh_info Interpretation
(The
section header index of the symbol table to which the hash table
applies. 大意是:hash table应用到的symble table section所对应的section头表中的索引值) (
section header table是section header结构的数组,section
头表索引是section头数组的下标值,section header数组是从0开始计数,例如:.dynsym
section所对应的section header在section header table中是第6项,那么.dynsym 的section
header index =5;可以用readelf -a test 实际查看一下.dynsym section 所对应的sh_link
sh_info的值)
Special Sections
Various sections hold program and
control information. Sections in the list below are used by the system
and have the indicated(表明的) types and attributes.
Figure 1-14: Special Sections
Name Type Attributes
==== ==== ==========
.bss SHT_NOBITS SHF_ALLOC+SHF_WRITE
.comment SHT_PROGBITS none
.data SHT_PROGBITS SHF_ALLOC+SHF_WRITE
.data1 SHT_PROGBITS SHF_ALLOC+SHF_WRITE
.debug SHT_PROGBITS none
.dynamic SHT_DYNAMIC see below
.dynstr SHT_STRTAB SHF_ALLOC
.dynsym SHT_DYNSYM SHF_ALLOC
.fini SHT_PROGBITS SHF_ALLOC+SHF_EXECINSTR
.got SHT_PROGBITS see below
.hash SHT_HASH SHF_ALLOC
.init SHT_PROGBITS SHF_ALLOC+SHF_EXECINSTR
.interp SHT_PROGBITS see below
.line SHT_PROGBITS none
.note SHT_NOTE none
.plt SHT_PROGBITS see below
.relname SHT_REL see below
.relaname SHT_RELA see below
.rodata SHT_PROGBITS SHF_ALLOC
.rodata1 SHT_PROGBITS SHF_ALLOC
.shstrtab SHT_STRTAB none
.strtab SHT_STRTAB see below
.symtab SHT_SYMTAB see below
.text SHT_PROGBITS SHF_ALLOC+SHF_EXECINSTR
.bss:
This section holds uninitialized data(未初始化数据) that contribute to the
program’s memory image. By definition(根据定义), the system initializes the
data with zeros when the program begins to run. The section occupies no
(object) file space, as(因为) indicated by the section type, SHT_NOBITS.
(该section保存着创建程序内存映象时未初始化的数据。定义bss后,当程序开始运行时,系统初始化bss数据为0。该section不占文件空间,正如它的section类型sh_type=SHT_NOBITS指示的一样。)
.comment: This section holds version control information.
(该section保存着版本控制信息。)
.data and .data1:These sections hold initialized data(初始化数据) that contribute to the program’s memory image.
(该section保存着创建程序内存映象时已经初始化的数据。)
.debug: This section holds information for symbolic debugging. The contents are unspecified.
(该section保存着用于符号调试的信息。其内容是未指明的。)
.dynamic:
This section holds dynamic linking information. The section’s
attributes will include the SHF_ALLOC bit. Whether the SHF_WRITE bit
is set is processor specific. See Part 2 for more information.
(该section保存着动态连接的信息。该section的属性(sh_flags)将包括SHF_ALLOC位。是否需要设置SHF_WRITE属性位跟特定处理器有关。第二部分有更详细的说明。)
.dynstr:
This section holds strings needed for dynamic linking, most commonly
the strings that represent the names associated with symbol table
entries. See Part 2 for more information.
(该section保存着动态连接时需要的字符串,一般情况下,表示名字的“字符串”关联着符号表表项。第二部分有更详细的说明。)
.dynsym This section holds the dynamic linking symbol table, as ‘‘Symbol Table’’ describes. See Part 2 for more information.
(该section保存着动态符号表,如“Symbol Table”的描述。第二部分有更详细的说明。)
.fini (fini -> finish): This
section holds executable instructions that contribute to the process
termination
code. That is, when a program exits normally, the
system arranges to execute the code in this section.
(该section保存着可执行指令,它构成了进程中的终止代码部分。从程序连接角度讲,进程地址空间是由相关object
files的若干sections拼装起来的.该section保存着可执行指令,它构成了进程的终止代码。也就是说,当一个程序正常退出时,系统安排执行这个section的中的代码。)
.got(got -> global offset table): This
section holds the global offset table. See ‘‘Special Sections’’ in Part
1 and ‘‘Global Offset Table’’ in Part 2 for more information.
(该section保存着1张全局偏移量表。看第一部分的“Special Sections”(图1-8)和第二部分的“Global Offset Table”获得更多的信息。)
.hash: This section holds a symbol hash table. See ‘‘Hash Table’’ in Part 2 for more information.
(该section保存着1张符号哈希表。看第二部分的“Hash Table”获得更多的信息。)
.init:
This section holds executable instructions that contribute to the
process initialization
code. That is, when a program starts to run, the
system arranges to execute the code in this section before calling the
main program entry point (called main for C programs).
(该section保存着可执行指令,它构成了进程中的初始化代码部分。从程序连接角度讲,进程地址空间是由相关object
files的若干sections拼装起来的.因此,当一个程序开始运行时,在主程序entry point被调用之前(c语言称为main),系统安排执行这个section的中的代码。)
.interp: (interp -> interpreter): This
section holds the path name of a program interpreter(程序解释器). If the
object file has a loadable segment that includes the section, the
section’s attributes will include the SHF_ALLOC bit; otherwise, that
bit will be off. See Part 2 for more information.
(该section保存了程序的解释程序的路径。假如文件中有一个可装载段包含了.interp section,那么该section的sh_flags的SHF_ALLOC位将被设置;否则,SHF_ALLOC位被关闭。看第二部分获得更多的信息。)
.line: This section holds line number(行号) information for symbolic debugging,
which describes the correspondence between the source program and the
machine code. The contents are unspecified.
(该section包含用于符号调试的行号信息, 行号信息描述源程序与机器代码之间的对应关系。该section内容未指明。)
.note: This section holds information in the format that ‘‘Note Section’’ in Part 2 describes.
(该section保存一些信息,使用“Note Section”(在第二部分说明)中提到的格式。)
.plt: (plt -> procedure linkage table): This
section holds the procedure linkage table. See ‘‘Special Sections’’ in
Part 1 and ‘‘Procedure Linkage Table’’ in Part 2 for more information.
(该section保存着过程连接表(Procedure Linkage Table)。看第一部分的“Special Sections”和第二部分的“Procedure Linkage Table”。)
.relname and .relaname: (rel -> relocation): These
sections hold relocation information, as ‘‘Relocation’’ below
describes. If the file has a loadable segment that includes relocation
section, the sections’ attributes will include the SHF_ALLOC bit;
otherwise, that bit will be off. Conventionally, (.relname’s) name is
supplied by the section to which the relocations apply. Thus a
relocation section for .text normally would have the name .rel.text or
.rela.text.
(这些section保存着重定位的信息,看下面的“Relocation”描述。假如文件有一个可加载段包括了重定位
section(例如:.rel.plt),那么该section的sh_flags的SHF_ALLOC属性位将被设置;否则,SHF_ALLOC位被
关闭。按照惯例,.relname
中的name部分由应用重定位的section来提供。因此,假设应用重定位的section是:.plt,如果一个relocation
section是为.plt section保留重定位信息,那么这个relocation
section的名字就是.rel.plt或者是.rela.plt。(可以用 readelf -a test 实际查看))
.rodata and .rodata1: (ro -> read only): These
sections hold read-only data that typically contribute to a
non-writable segment in the process image. See ‘‘Program Header’’ in
Part 2 for more information.
(这些section保存着只读数据,在进程映象中构造不可写的段。看第二部分的“Program Header”获得更多的资料。)
.shstrtab: This section holds section names.
(该section保存着section名字。)
.strtab:
This section holds strings, most commonly the strings that represent
the names associated with symbol table entries. If the file has a
loadable segment that includes the string table, the section’s
attributes will include the SHF_ALLOC bit; otherwise, that bit will be
off.
(该section保存着字符串表,一般地,表示名字的字符串和符号表表项相关联。假如文件有一个可装载的段包括.strtab section,那么该section的sh_flags成员的SHF_ALLOC属性位将被设置;否则SHF_ALLOC属性位是关闭的。
)
.symtab:
This section holds a symbol table, as ‘‘Symbol Table’’ in this section
describes. If the file has a loadable segment that includes the symbol
table, the section’s attributes will include the SHF_ALLOC bit;
otherwise, that bit will be off.
(该section保存着一张符号表。假如文件有一个可装载的段包括.symtab section,那么section的sh_flags成员的SHF_ALLOC属性位将被设置;否则SHF_ALLOC属性位是关闭的。)
.text: This section holds the ‘‘text,’’ or executable instructions, of a program.
(该section保存着程序的正文或者说是可执行指令。)
Section
names with a dot (.) prefix are reserved for the system, although
applications may use these sections if their existing meanings are
satisfactory. Applications may use names without the prefix to avoid
conflicts with system sections. The object file format lets one define
sections not in the list above. An object file may have more than one
section with the same name.
(前缀是.的section名字是为系统保留的,虽然应用程序在当前语意满足(即不产生语意冲突)的情况下可以用这些保留的section名。应用程序尽量使用不带dot前缀的section名字以避免和系统的sections名字冲突。
object文件格式允许自定义上述列表以外的section。一个object文件可以有多个相同名字的section。)
Section
names reserved for a processor architecture are formed by placing an
abbreviation of the architecture name ahead of the section name. The
name should be taken from the architecture names used for e_machine.
For instance .FOO.psect is the psect section defined by the FOO
architecture. Existing extensions are called by their historical names.
(通
过把体系结构名字的缩写放在section名字的前面形成了为处理器体系结构保留的“section名”。
该缩写名字应该取自于ELF头的e_machine成员所使用的体系名。例如,.Foo.psect就是在spect section
在FOO体系结构上定义的名字。现存的(处理器体系)扩展名是历史遗留下来的。)
Pre-existing Extensions
========= =====
.sdata .tdesc
.sbss .lit4
.lit8 .reginfo
.gptab .liblist
.conflict
string:字符串,一组字符------一组连续的字符在计算机中被作为单一物体
symbol:符号, 记号, 标号, 象征, 符号用来代表某一操作、要素、数量、质量或某种联系,如在数学或音乐中
String
table sections hold null-terminated character sequences(以NULL终止的字符序列),
commonly called strings. The object file uses these strings to
represent symbol and section names. One references a string as an index
into the string table section??. The first byte, which is index zero,
is defined to hold a null character. Likewise(同样的), a string table’s
last byte is defined to hold a null character, ensuring
null-termination for all strings. A string whose index is zero
specifies either no name or a null name, depending on the context. An
empty string table section is permitted; its section header’s sh_size
member would contain zero. Non-zero indexes are invalid for an empty
string table.
(String table sections
保存着NULL结尾的字符序列,一般我们称为字符串。object文件使用这些字符串来表示“符号”和“section名字”
(所有sh_type=SHT_STRTAB的sections 都包含了一个string table,都是string table
section)。一个string table
section的索引值可以用来引用字符串??。第一个字节,即索引0,被定义保存着一个NULL字符。同样的,string
table的最后一个字节也保存着一个NULL字符,以确保string table中间所有的字符串都是以NULL结尾的。index 为0
的字符串 可以指示 no name或者 null name,如何解释取决于上下文。string table
section允许是空的,这样它的section头结构的sh_size成员值为0。对空的string table来说,非0的索引值是无效的。)
A
section header’s sh_name member holds an index into the section header
string table section(即:.shstrtab section), as designated by the
e_shstrndx member of the ELF header. The following figures show a
string table with 25 bytes and the strings associated with various
indexes.
(section 头的 sh_name 成员的值是setion 头字符串表的索引,就象ELF头的 e_shstrndx
成员所指出的那样(e_shstrndx=27 对应着section header table中的.shstrtab
的索引号;可以用readelf -a test 实际看一下)。下表列出了一个有 25 字节的字符串表,这些字符串和不同的索引值相关联)
As
the example shows, a string table index may refer to any byte in the
section. A string may appear more than once; references to substrings
may exist; and a single string may be referenced multiple
times.Unreferenced strings also are allowed.
(如上例所示,一个字符串表索引值可能指
向.strtab section 中的任意字节。一个字符串可能被引用不止一次(例如:11 "able" ;16
"able");引用(字符串的)子串(例如:11
"able")的情况是可能存在的;一个字符串可以被引用多次;而不被引用的字符串也是允许存在的(例如: "xx")。)
An
object file’s symbol table holds information needed to locate and
relocate a program’s symbolic definitions and references. A symbol
table index is a subscript into this array. Index 0 both designates the
first entry in the table and serves as the undefined symbol index. The
contents of the initial entry(index 0) are specified later in this
section.??
(一个object文件的符号表保存了在定位和重定位一个程序的符号定义和引用时需要的信息。符号表索引值是数组的下标。0表项特指该表的第一个表项,是一个未定义的符号索引。初始表项的内容(index 0)在这个section中会在以后指定。??)
Name Value
==== =====
STN_UNDEF 0
Figure 1-16: Symbol Table Entry
typedef struct {
Elf32_Word st_name;
Elf32_Addr st_value;
Elf32_Word st_size;
unsigned char st_info;
unsigned char st_other;
Elf32_Half st_shndx;
} Elf32_Sym;
st_name:
This member holds an index into the object file’s symbol string
table??, which holds the character representations of the symbol names.
If the value is non-zero, it represents a string table index that gives
the symbol name. Otherwise, the symbol table entry has no name.
(st_name成员的值是字符串表的索引,该字符串表保存着object文件中各符号的名字的字符表示串。 如果st_name值不为 0 ,则它表示了字符串表索引,该索引给出符号名字。否则,表示该符号表项没有名字。
NOTE: External C symbols have the same names in C and object files’ symbol tables.
(外部C符号在C中和在目标文件的symbol table中拥有相同的名字)
st_value:
This member gives the value of the associated symbol. Depending on the
context, this may be an absolute value, an address, etc.; details
appear below.
(该成员给出了相应的符号值,它可能是绝对值或地址等等,取决于上下文;细节如下所述。)
st_size:
Many symbols have associated sizes. For example, a data object’s size
is the number of bytes contained in the object. This member holds 0 if
the symbol has no size or an unknown size.
(许多符号都有相关的尺寸。比如,一个数据对象的大小是该对象所包含的字节数目。如果该符号没有大小或大小未知则st_size成员值为 0 。)
st_info:
This member specifies the symbol’s type and binding attributes. A list
of the values and meanings appears below. The following code shows how
to manipulate(操作) the values.
(st_info成员指出了符号的类型和约束属性。相应的列表如下所示。下面的代码说明了如何操作该值。)
#define ELF32_ST_BIND(i) ((i)>>4)
#define ELF32_ST_TYPE(i) ((i)&0xf)
#define ELF32_ST_INFO(b, t) (((b)<<4)+((t)&0xf)) (b ---bind, t --- type)
st_other: This member currently holds 0 and has no defined meaning.
st_shndx
Every symbol table entry is ‘‘defined’’ in relation to some section;
this member holds the relevant section header table index. As Figure
1-7 and the related text describe, some section indexes indicate
special meanings.
(每一个符号表的表项都(被定义为)和某些 section 相关;符号表表项的st_shndx成员保存了相关联的“section头索引”。(section头索引 在Figure 1-7有相关的描述,某些 section头索引表示了特殊的含义。)
A
symbol’s binding determines the linkage visibility and
behavior.(st_info This member specifies the symbol’s type and binding
attributes.)
(一个符号的约束属性决定了:linkage可见性和行为。)
Figure 1-17: Symbol Binding, ELF32_ST_BIND
Name Value
==== =====
STB_LOCAL 0
STB_GLOBAL 1
STB_WEAK 2
STB_LOPROC 13
STB_HIPROC 15
STB_LOCAL:
Local symbols are not visible outside the object file containing their
definition. Local symbols of the same name may exist in multiple files
without interfering with each other.
(局部符号在包含它们的定义的object文件之外是不可见的;不同object文件中的具有相同名字的局部符号相互并不会妨碍。)
STB_GLOBAL:
Global symbols are visible to all object files being combined. One
file’s definition of a global symbol will satisfy another file’s
undefined reference to the same global symbol.
(全局符号对所有参与联合的object文件都是可见的。一个object文件中的全局符号的定义可以在另一个object文件中对该全局符号不用定义而直接引用。)
STB_WEAK: Weak symbols resemble global symbols, but their definitions have lower precedence.
(弱符号类似于全局符号,但是弱符号的定义的优先级比较低一些。)
STB_LOPROC through STB_HIPROC: Values in this inclusive range are reserved for processor-specific semantics.
(这个范围中其所包含的值为特定处理器相关的语义保留)
Global and weak symbols differ in two major ways:
(全局符号和弱符号的区别主要在两个方面。)
(1) When
the link editor combines several relocatable object files, it does not
allow multiple definitions of STB_GLOBAL symbols with the same name. On
the other hand, if a defined global symbol exists, the appearance of a
weak symbol with the same name will not cause an error. The link editor
honors the global definition and ignores the weak ones. Similarly, if a
common symbol exists (i.e., a symbol whose st_shndx field holds
SHN_COMMON), the appearance of a weak symbol with the same name will
not cause an error. The link editor honors the common definition and
ignores the weak ones.
(*
当链接器链接几个可重定位的目标文件时,它不允许具有STB_GLOBAL属性的符号以相同名字进行重复定义。另一方面,如果一个已定义的全局符号存在,
则即便另一个具有相同名字的弱符号存在也不会引起错误。链接器将认可全局符号的定义而忽略弱符号的定义。与此相似,如果有一个普通符号(比如,一个符号的
st_shndx 成员的值为SHN_COMMON),则一个同名的弱符号也不会引起错误。链接器同样认可普通符号的定义而忽略弱符号。)
(2) When
the link editor searches archive libraries, it extracts archive members
that contain definitions of undefined global symbols. The member’s
definition may be either a global or a weak symbol. The link editor
does not extract archive members to resolve undefined weak symbols.
Unresolved weak symbols have a zero value.
(* 当链接器搜索档案库的时候,它提取出存档库成员,该成员包含未被定义全局符号的定义。该成员(所包含)的定义:或者是全局的或者是一个弱符号。但链接器不会为了解析一个未定义的弱符号去提取存档库成员。未定义的弱符号具有 0 值。)
In
each symbol table, all symbols with STB_LOCAL binding precede the weak
and global symbols. As ‘‘Sections’’ above describes, a symbol table
section’s sh_info section header member holds the symbol table index
for the first non-local symbol.
(在每一个符号表中,所有具有 STB_LOCAL
约束属性的符号优先于弱符号和全局符号。前面 "sections" 中描述过(参P21页),一个symbol table
section(即:.symtab section)对应的section头中的sh_info成员保留了第一个非局部符号的符号表索引。可以用
readelf -a test 查看section header table 中, .symtab section 的 sh_info=3b,
3b是16进制数,对应着.symtab 符号表里面的第59项: 59: 0804e6dc 0 OBJECT GLOBAL DEFAULT 20
_DYNAMIC 符号_DYNAMIC的约束属性为:STB_ GLOBAL;.dynsym section 的 sh_info=1,
对应着.dynsym 符号表里面的第1项: 1: 0804830c 129 FUNC WEAK DEFAULT UND
__register_frame_info@GLIBC_2.0 (2) 符号__register_frame_info@GLIBC_2.0
(2)的约束属性为:STB_WEAK )
A symbol’s type provides a general
classification for the associated entity. (st_info This member
specifies the symbol’s type and binding attributes.)
(符号的类型提供了一个为符号的普遍分类。)
Figure 1-18: Symbol Types, ELF32_ST_TYPE
Name Value
==== =====
STT_NOTYPE 0
STT_OBJECT 1
STT_FUNC 2
STT_SECTION 3
STT_FILE 4
STT_LOPROC 13
STT_HIPROC 15
STT_NOTYPE: The symbol’s type is not specified.
(STT_NOTYPE 表示该符号的类型没有指定。)
STT_OBJECT: The symbol is associated with a data object, such as a variable, an array, etc.
(STT_OBJECT 表示该符号和一个数据对象相关,比如一个变量、一个数组等。)
STT_FUNC: The symbol is associated with a function or other executable code.
(STT_FUNC 表示该符号和一个函数或其他可执行代码相关。)
STT_SECTION:
The symbol is associated with a section. Symbol table entries of this
type exist primarily for relocation and normally have STB_LOCAL binding.
(STB_LOCAL表示该符号和一个 section 相关。STT_SECTION类型的symbol table表项的存在主要是为了重定向,一般具有 STB_LOCAL 约束属性。)
STT_FILE:
Conventionally, the symbol’s name gives the name of the source file
associated with the object file. A file symbol (those with type
STT_FILE) has STB_LOCAL binding, its section index is SHN_ABS, and it
precedes the other STB_LOCAL symbols for the file, if it is present.
(按惯例而言,该符号给出了和目标文件相关联的源文件的名字。STT_FILE类型符号具有ST_LOCAL约束属性,它的section头索引为
SHN_ABS(即:该符号的st_shndx=SHN_ABS),并且它优先于当前用于该文件的其他 STB_LOCAL 符号。)
STT_LOPROC through STT_HIPROC: Values in this inclusive range are reserved for processor-specific semantics.
(该范围中的值是为特定处理器语义保留的。)
Function
symbols (those with type STT_FUNC) in shared object files have special
significance(意义). When another object file references a function from a
shared object, the link editor automatically creates a procedure
linkage table entry for the referenced (function’s) symbol. Shared
object symbols with types other than(除了) STT_FUNC(symbol) will not be
referenced automatically through the procedure linkage table.
(共享目标文件中的函数符号(即:STT_FUNC
类型的符号)有着特殊的意义。当其他的目标文件引用一个共享目标文件中的一个函数时,链接编辑器自动的为被引用的函数符号创建一个过程链接表表项。共享
object文件中的非STT_FUNC类型的符号之将不会通过过程链接表自动的被引用。)
If a symbol’s
value(st_value) refers to a specific location within a section, its
section index member, st_shndx, holds an index into the section header
table. As the section moves during relocation, the symbol’s value
changes as well, and references to the symbol continue to ‘‘point’’ to
the same location in the program.??
Some special section index(Figure 1-8: Special Section Indexes) values give other semantics.
(
如果一个符号的值st_value指向一个 section 内的特定位置,则符号表表项的st_shndx成员的值就是该
section对应的section头表的索引。当该 section
在重定位过程中移动时,该符号的值st_value也相应变化,使该符号继续保持指向程序中同样的位置??。)
(一些特殊的 section索引(Figure 1-8: Special Section Indexes)值有其他的语义,解释如下:)
SHN_ABS: The symbol has an absolute value that will not change because of relocation.
((如果st_shndx=SHN_ABS)该符号的有一个不会随重定位变化的绝对值(st_value)。可以用 readelf -a test 查看符号表的st_shndx和st_value的值)
SHN_COMMON:
The symbol labels a common block that has not yet been allocated. The
symbol’s value gives alignment constraints, similar to a section’s
sh_addralign member. That is, the link editor will allocate the storage
for the symbol at an address that is a multiple(倍数) of st_value. The
symbol’s size tells how many bytes are required.
((如果
st_shndx=SHN_COMMON) 该符号标识了一个没有被分配的普通块。该符号的值(st_value)给出强制对齐值,其作用类似于
section 的 sh_addralign 成员。也就是说,链接编辑器给该符号分配的内存块时,起始地址的值必须是 st_value
的倍数。该符号的大小(st_size)指出了(内存块)需要的字节数。)
SHN_UNDEF: This section table
index means the symbol is undefined. When the link editor combines this
object file with another that defines the indicated symbol, this file’s
references to the symbol will be linked to the actual definition.
((如
果st_shndx=SHN_UNDEF)
表明该符号是未定义的。当链接器将一个包含该未定义符号的object文件和另一个已经定义了该符号的object文件联合装配在一起的时候,这个目标文
件内对该未定义符号的引用将被链接到(另一个目标文件中的)实际的定义上。)
As mentioned above, the symbol table entry for index 0 (STN_UNDEF) is reserved; it holds the following.
(如上所述,符号表的 0 索引(STN_UNDEF)是保留的,它包含了如下内容:)
Symbol Values
Symbol table entries for different object file types have slightly different interpretations for the st_value member.
(对于不同类型的目标文件而言,符号表表项的st_value 成员有一些不同的解释。)
In relocatable files, st_value holds alignment constraints for a symbol whose section index is SHN_COMMON.
(* 在可重定位文件中,如果一个符号的st_shndx=SHN_COMMON则该符号的st_value 保存着强制对齐值。)
In
relocatable files, st_value holds a section offset for a defined
symbol. That is, st_value is an offset from the beginning of the
section that st_shndx identifies.
(* 在可重定位文件中, st_value 保存了一个已定义符号的 section 偏移。也就是说,符号的st_value值就是从 st_shndx 指定的 section 的开头算起的偏移量。)
In
executable and shared object files, st_value holds a virtual address.
To make these files’ symbols more useful for the dynamic linker, the
section offset (file interpretation) gives way to a virtual address
(memory interpretation) for which the section number is irrelevant.
(*
在可执行的和可共享的目标文件中,st_value 保存一个虚拟地址,目的是为了使文件中的符号对于动态链接器更加有用,因此文件层面上的
section 偏移让位于内存层面上的虚拟地址,因为虚拟地址是section 编号无关的。(而可重定位文件中的符号的st_value值是从
st_shndx 指定的 section 的开头算起的偏移量,也就是说是和section编号相关的相对的地址。))
Although
the symbol table values have similar meanings for different object
files, the data allow efficient access by the appropriate programs.??
(尽管符号表值对于不同的目标文件有相似的含义,相应的程序还是可以有效地访问数据。??)
Relocation
Relocation
is the process of connecting symbolic references with symbolic
definitions. For example, when a program calls a function, the
associated call instruction must transfer control to the proper
destination address at execution(即:比如调用函数printf() 符号引用就是:“printf”
符号的定义就是:printf()的具体代码,printf代码通常包含在输入输出c库里). In other words,
relocatable files must have information that describes how to modify
their section contents, thus allowing executable and shared object
files to hold the right information for a process’s program image.
Relocation entries are these data.
(重定位是把符号引用与符号定义连接的过程。比如,当一个程序调用一个函
数的时候,在执行时相关联的调用指令必须把控制传送到正确的目标地址。换句话说,重定位文件必须包含专门的信息来描述如何修改他们的 section
内容,从而允许可执行和共享object文件保存正确的信息为一个进程的程序映像。重定位表项就是这样的数据。)
Figure 1-20: Relocation Entries
typedef struct {
Elf32_Addr r_offset;
Elf32_Word r_info;
} Elf32_Rel;
typedef struct {
Elf32_Addr r_offset;
Elf32_Word r_info;
Elf32_Sword r_addend;
} Elf32_Rela;
r_offset
This member gives the location at which to apply the relocation action.
For a relocatable file, the value is the byte offset from the beginning
of the section to the storage unit affected by the relocation. For an
executable file or a shared object, the value is the virtual address of
the storage unit affected by the relocation.
(该成员给出了重定位动作所应用到的位置。对于一个重定位文件而言,r_offset值是从该section开头到受重定位影响的存储单元之间的字节偏移量。对一个可执行文件或一个共享object文件而言,r_offset值是受重定位影响的存储单元的虚拟地址。(比如:可以用
readelf -a test 查看一个test可执行文件的.rel.plt section的r_offset地址值都是位于.got
section中的地址。.rel.plt 参考P23 ))
r_info This member gives both the
symbol table index with respect to(关于) which the relocation must be
made, and the type of relocation to apply. For example, a call
instruction’s relocation entry would hold the symbol table index of the
function being called. If the (symbol table) index is STN_UNDEF, the
undefined symbol index, the relocation uses 0 as the ‘‘symbol value.’’
Relocation types are processor-specific. When the text refers to a
relocation entry’s relocation type or symbol table index, it means the
result of applying ELF32_R_TYPE or ELF32_R_SYM, respectively, to the
entry’s r_info member??.
(r_info成员既给出重定位关系到的符号表索引又给出重定位应用的类型。比如,一个调用指
令的重定位表项应当包含被调用函数所对应的符号表索引。如果符号表项的st_shndx=SHN_UNDEF,表明该符号是未定义的。重定位将使用 0
作为该符号的值(st_value)。重定位类型是和处理器相关的。当(程序的)正文(text)提及
一个重定位表项的重定位类型或符号表索引,它的意思是将 ELF32_R_TYPE或 ELF32_R_SYM 分别应用到重定位表项的 r_info
成员的结果。)
#define ELF32_R_SYM(i) ((i)>>8)
#define ELF32_R_TYPE(i) ((unsigned char)(i))
#define ELF32_R_INFO(s, t) ((s)<<8+(unsigned char)(t))
r_addend This member specifies a constant addend used to compute the value to be stored into the relocatable field.
As
shown above, only Elf32_Rela (type) entries contain an explicit addend.
Entries of type Elf32_Rel store an implicit addend in the location to
be modified. Depending on the processor architecture, one form or the
other might be necessary or more convenient. Consequently, an
implementation for a particular machine may use one form exclusively or
either form? depending on context.
(如上所述,只有 Elf32_Rela
类型的重定位表项包含一个明确的加数。Elf32_Rel
类型的表项在被修改的位置处存储一个隐含的加数。根据处理器体系结构,一种形式或另一种形式也许是必要的或更为方便的。因此,特定机器的实现可以专门使用
一种形式或依赖于上下文的另一种形式。)
A relocation section references two other
sections: a symbol table and a section to modify. The section header’s
sh_info and sh_link members, described in ‘‘Sections’’ above, specify
these relationships. Relocation entries for different object files have
slightly different interpretations for the r_offset member.
(一个重定位
section(例如:.rel.plt section)会引用两个其他的section:一个符号表section和一个被修改的section
。该重定位section头的 sh_info 和 sh_link成员(参考P21页)描述了这种关系 (比如:可以用 readelf -a
test 查看一个test可执行文件的.rel.plt section的sh_info指向.plt
section;sh_link指向.dynsym section。.rel.plt 参考P23 )。对于不同种类的目标文件,重定位表项的成员
r_offset解释有少许差异。)
In relocatable files, r_offset holds a section
offset. That is, the relocation section itself describes how to modify
another section in the file; relocation offsets designate a storage
unit within the second section.
(* 在可重定位文件中,r_offset成员包含一个 section 偏移。也就是说,重定位section自己描述了如何修改文件中的另一个section; 重定位偏移量指定了一个在第二个section中的存储单元(距离section开头的偏移量)。)
In
executable and shared object files, r_offset holds a virtual address.
To make these files’ relocation entries more useful for the dynamic
linker, the section offset (file interpretation) gives way to a virtual
address (memory interpretation).
(* 在可执行和共享的目标文件中,r_offset 表示一个虚拟地址,目的是为了使得这些文件中的重定位表项对于动态链接器更为有用,所以section 偏移(文件解释)让位于一个虚拟地址(内存中解释)。)
Although
the interpretation of r_offset changes for different object files to
allow efficient access by the relevant programs, the relocation types’
meanings stay the same.??
(尽管为了允许相关的程序更为有效的访问,而令r_offset 的解释对于不同的目标文件有所不同,重定位类型的含义是相同的。)
Relocation Types
Relocation
entries describe how to alter the following instruction and data fields
(bit numbers appear in the lower box corners).
(重定位表项描述了怎样变更下面的指令和数据域(位数在表框下面的两边角显示)。)
word32
This specifies a 32-bit field occupying 4 bytes with arbitrary byte
alignment. These values use the same byte order as other word values??
in the 32-bit Intel Architecture.
(word32 指定一个以任意字节对齐方式占用 4 字节的 32 位域。这些值使用与 32 位 Intel体系相同的字节顺序。)
Calculations
below assume the actions are transforming a relocatable file into
either an executable or(或。。。或。。。) a shared object file. Conceptually,
the link editor merges one or more relocatable files to form the
output. It first decides how to combine and locate the input files,
then updates the symbol values, and finally performs the relocation.
Relocations applied to executable or shared object files are similar
and accomplish the same result. Descriptions below use the following
notation.
(下面的计算假设正在将一个可重定位文件转换为一个可执行或共享的目标文件。从概念上来说,链接编辑器合并一个或多个可重定位文件来组成输出。它首先决定怎样联合、定位输入文件,然后更新符号值(st_value),最后进行重定位。对于可执行文件和共享目标文件,重定位过程是
相似的并达到相同的结果。下面的描述使用如下的约定符号。)
A This means the addend used to compute the value of the relocatable field(Figure 1-21).
( 表示加数 用于计算可重定位域的值。)
B
This means the base address at which a shared object has been loaded
into memory during execution. Generally, a shared object file is built
with a 0 base virtual address, but the execution address will be
different.
(表示了在执行过程中一个共享目标被加载到内存时的基地址。一般情况下,一个共享object文件创建时的基虚地址为0,但是共享object文件在执行
时基地址就有所不同了。)
G This means the offset into the global offset table at
which the address of the relocation entry’s symbol will reside during
execution.?? See ‘‘Global Offset Table’’ in Part 2 for more information.
(表
示了在执行过程中重定位表项(相关)的符号的地址驻留在全局偏移表中的偏移?? (比如:可以用 readelf -a test
查看一个test可执行文件的.rel.plt section的r_offset地址值都是位于.got section中的地址。.rel.plt
参考P23 )。请参阅第二部分中的“Global Offset Table”获得更多的信息。)
GOT This means the address of the global offset table. See ‘‘Global Offset Table’’ in Part 2 for more information.
(表示了全局偏移表的地址。请参阅第二部分中的“Global Offset Table”获得更多的信息。)
L
This means the place (section offset or address) of the procedure
linkage table entry for a symbol (表示一个符号(比如一个调用函数的名字prinf)的过程链接表表项的位置(
section 偏移或地址)。) . A procedure linkage table entry redirects a function
call to the proper destination(一个过程链接表表项用于把一个函数调用重定向到正确的目的地。). The link
editor builds the initial procedure linkage table, and the dynamic
linker modifies the procedure linkage table entries during execution.
See ‘‘Procedure Linkage Table’’ in Part 2 for more information.
(表示一个
符号(比如一个被调用函数的名字prinf)的过程链接表表项的位置(section偏移或地址)。一个过程链接表表项把一个函数调用重定向到正确的目的
地。链接编辑器创建初始的过程链接表,而动态链接器在执行中修改过程链接表表项。请参阅第二部分中的“Procedure Linkage
Table”获得更多的信息)
P This means the place (section offset or address) of the storage unit being relocated (computed using r_offset).
(表示被重定位的存储单元的位置(section 偏移或地址)。(重定位使用 r_offset 计算))
S
This means the value of the symbol whose index resides in the
relocation entry. A relocation entry’s r_offset value designates the
offset or virtual address of the first byte of the affected storage
unit. The relocation type specifies which bits to change and how to
calculate their values.
(表示符号值,该符号值的索引驻留在重定位表项中。一个重定位表项的 r_offset 值指定了受影响存储单元的首字节的偏移或虚拟地址。重定位类型指定了哪一位(bit)将要改变,以及怎样计算它们的值。)
The
SYSTEM V architecture uses only Elf32_Rel relocation entries, the field
to be relocated holds the addend. In all cases, the addend and the
computed result use the same byte order.
(在 SYSTEM V 体系中仅仅使用 Elf32_Rel 重定位表项,要被重定位的域中保留了加数。在所有的情况下,加数和计算结果使用相同字节顺序。)
Some relocation types have semantics beyond simple calculation.
R_386_GOT32
This relocation type computes the distance from the base of the global
offset table to the symbol’s global offset table entry. It additionally
instructs the link editor to build a global offset table.
( 这种重定位类型计算全局偏移表基地址到 一个符号(比如:调用函数的名字printf)所对应的全局偏移表表项 之间的距离。另外它指示link editor建立一个全局偏移表。)
R_386_PLT32
This relocation type computes the address of the symbol’s procedure
linkage table entry and additionally instructs the link editor to build
a procedure linkage table.
(这种重定位类型 计算 符号的过程链接表表项的地址,另外它指示 link editor建立一个过程链接表。)
R_386_COPY
The link editor creates this relocation type for dynamic linking. Its
offset member refers to a location in a writable segment. The symbol
table index specifies a symbol that should exist both in the current
object file and in a shared object. During execution, the dynamic
linker copies data associated with the shared object’s symbol to the
location specified by the offset.
(链接器创建这种重定位类型表项是为了用于
动态链接。(R_386_COPY
类型重定位表项的)成员r_offset??指向一个可写段中的某个位置,符号表索引指定一个符号(如:printf)既存在于当前 object
file 也存在于一个shared object file中。在执行过程中,动态链接器把 shared object
file中与该符号(如:printf)相关的数据拷贝到该偏移所指定的位置。)
R_386_GLOB_DAT This
relocation type is used to set a global offset table entry to the
address of the specified symbol. The special relocation type allows one
to determine the correspondence(符合,对应) between symbols and global
offset table entries.
(这种重定位类型表项用于设置全局偏移表的某一个表项为某个指定符号的地址。该特定的重定位类型允许你决定符号和全局偏移表表项之间的对应。)
R_3862_JMP_SLOT
The link editor creates this relocation type for dynamic linking. Its
offset member gives the location of a procedure linkage table entry.
The dynamic linker modifies the procedure linkage table entry to
transfer control to the designated symbol’s address [see ‘‘Procedure
Linkage Table’’ in Part 2].
(链接器创建这种重定位类型表项是为了用于动态链接。(R_3862_JMP_SLOT
类型重定位表项的)成员r_offset??给出了一个过程链接表表项的位置。动态链接器修改这个过程链接表表项以便把控制传递到指定的符号地址(比如符
号printf()的地址)。[参阅第二部分中的 "Procedure Linkage Table(过程链接表)"])
R_386_RELATIVE
The link editor creates this relocation type for dynamic linking. Its
offset member gives a location within a shared object that contains a
value representing a relative address??. The dynamic linker computes
the corresponding virtual address by adding the virtual address at
which the shared object was loaded to the relative address. Relocation
entries for this type must specify 0 for the symbol table index??.
(链
接器创建这种重定位类型表项是为了用于动态链接。(R_386_RELATIVE 类型重定位表项的)成员r_offset??给出了共享object
文件中的位置,该位置包含了一个表示相对地址的值??。动态链接器计算相应的虚拟地址(把该shared object
装载的虚拟地址和前述相对地址相加的结果)。为了符号表索引,这种重定位类型的重定位表项必须指定为 0??。)
R_386_GOTOFF
This relocation type computes the difference between a symbol’s value
and the address of the global offset table. It additionally instructs
the link editor to build the global offset table.
(这种重定位类型计算符号的值和全局偏移表地址之间的差异。另外还指示链接器建立全局偏移表。)
R_386_GOTPC
This relocation type resembles R_386_PC32, except it uses the address
of the global offset table in its calculation. The symbol referenced in
this relocation normally is _GLOBAL_OFFSET_TABLE_, which additionally
instructs the link editor to build the global offset table.
(这种重定位类型类似于 R_386_PC32 ,不同的是它在计算中使用全局偏移表。这种重定位中引用的符号通常是 _GLOBAL_OFFSET_TABLE_ ,另外该符号也指示链接器建立全局偏移表。)
Introduction 2-1
Program Header 2-2
Base Address 2-4
Note Section 2-4
Program Loading 2-7
Dynamic Linking 2-10
Program Interpreter 2-10
Dynamic Linker 2-10
Dynamic Section 2-11
Shared Object Dependencies 2-15
Global Offset Table 2-16
Procedure Linkage Table 2-17
Hash Table 2-19
Initialization and Termination Functions 2-20
Part 2 describes the object file information and system actions that create running programs. Some information
here applies to all systems; other information is processor-specific.
(第二部分描述了 object 文件信息和创建运行程序时的系统动作行为。一部分信息适合所有的系统,其余的信息是和特定处理器相关的。)
Executable
and shared object files statically represent programs. To execute such
programs, the system uses the files to create dynamic program
representations(动态程序描绘), or process images. A process image has
segments that hold its text, data, stack, and so on. The major sections
in this part discuss the following.
(可执行和共享的 object 文件本身只是静态的描绘了程序。为了执行这样的程序,系统用这些文件创建动态的程序表现,或曰进程映像。一个进程映像包含多个段用于保存进程的代码、数据、堆栈等等。这部分主要讨论如下的内容:)
Program
header. This section complements(补充) Part 1, describing object file
structures that relate directly to program execution. A program header
table(the primary data structure) locates segment images within the
object file and contains other information necessary to create the
memory image for the program.
(* 程序头(Program header)。本段内容补充Part 1,描述和程序运行直接相关的object file 数据结构。一个程序头表(即文件中基本的数据结构)可定位object文件中的段映像,也包含了为该程序创建内存映像所需要的其他信息。)
Program loading. Given an object file, the system must load it into memory for the program to run.
(* 载入程序(Program loading)。给出一个 object file 时,系统必须将它载入内存以便让它运行。)
Dynamic
linking. After the system loads the program, it must complete the
process image by resolving symbolic references among the object files
that compose the process.
(* 动态链接(Dynamic linking)。系统载入了程序之后,系统必须在组成该进程的object 文件之间解析符号引用,来完成进程映像(的创作)。)
NOTE:There
are naming conventions for ELF constants that have specified processor
ranges. Names such as DT_, PT_, for processor-specific extensions,
incorporate the name of the processor:DT_M32_SPECIAL, for example.
Pre–existing processor extensions not using this convention will be
supported.
(注意:具有指定处理器范围的 ELF 常量是有命名约定的。比如名字DT_ , PT_ ,用于特定处理器扩展名,组合了处理器的名称:如 DT_M32_SPECIAL。没有使用这种命名惯例但是预先已经存在的处理器扩展名是允许的。)
Pre-existing Extensions
=======================
DT_JMP_REL
An
executable or shared object file’s program header table is an array of
structures, each describing a segment or other information the system
needs to prepare the program for execution. An object file’s segment
contains one or more sections, as ‘‘Segment Contents’’ describes below.
Program headers are meaningful only for executable and shared object
files. A file specifies its own program header size with the ELF
header’s e_phentsize and e_phnum members [see ‘‘ELF Header’’ in Part 1].
(一
个可执行的或共享的 object
文件的程序头表是一个数据结构(即:程序头)的数组,每一个数组元素描述一个“段”或系统预备执行该程序所需要的其他信息。一个 object
文件的“段”包含一个或多个section(就象下面的“Segment Contents”所描述的那样)。程序头仅仅对于可执行或共享的
object 文件有意义。一个文件使用 ELF 头的 e_phentsize和 e_phnum 成员来指定该文件的程序头大小。[参阅
第一部分中的 "ELF 头"])
Figure 2-1: Program Header
typedef struct {
Elf32_Word p_type;
Elf32_Off p_offset;
Elf32_Addr p_vaddr;
Elf32_Addr p_paddr;
Elf32_Word p_filesz;
Elf32_Word p_memsz;
Elf32_Word p_flags;
Elf32_Word p_align;
} Elf32_Phdr;
p_type
This member tells what kind of segment (which) this array element
describes or how to interpret the array element’s information. Type
values and their meanings appear below.
(p_type成员指出了程序头表项描述了什么类型的段,或怎样解释该程序头表项的信息。类型值和含义如下所述。)
p_offset This member gives the offset from the beginning of the object file at which the first byte of the segment resides.
(p_offset 成员给出了该段的驻留位置相对于该object文件开始处的偏移。)
p_vaddr This member gives the virtual address at which the first byte of the segment resides in memory.
(p_vaddr 成员给出了该段的首字节驻留在内存中的虚拟地址。)
p_paddr
On systems for which physical addressing(寻址) is relevant, this member
is reserved for the segment’s physical address. Because System V
ignores physical addressing for application programs, this member has
unspecified contents for executable files and shared objects.
(在和物理寻址有关的操作系统上,p_paddr成员是为该段的物理地址而保留的。由于System V 忽略应用程序的物理寻址,可执行文件和共享object文件中该成员未指定内容。)
p_filesz This member gives the number of bytes of the segment in the file image??; it may be zero.
(p_filesz 成员给出了在文件映像中该段的字节数;它可能是 0 。)
p_memsz This member gives the number of bytes of the segment in the memory image; it may be zero.
(p_memsz 成员给出了在内存映像中该段的字节数;它可能是 0 。)
p_flags This member gives flags relevant to(有关) the segment. Defined flag values appear below.
(p_flags 成员给出了和该段相关的标志。定义的标志值如下所述。)
p_align
As ‘‘Program Loading’’ later in this part describes, loadable process
segments must have congruent(全等的) values for p_vaddr and p_offset,
modulo(取模) the page size. This member gives the value to which the
segments are aligned(定位 对准 对齐) in memory and in the file. Values 0 and
1 mean no alignment is required. Otherwise, p_align should be a
positive, integral power of 2, and p_vaddr should equal p_offset,
modulo p_align.
(就象在后面“Program
Loading”部分中所说的那样,可载入的进程段的p_vaddr和p_offset分别以页面尺寸取模计算的结果值必须相等。P_align成员给出了该段在内存和文件中的对齐值。 0 和 1 表示不需要对齐。否则,p_align 必须为2的正整数次幂,并且p_vaddr和p_offset分别以p_align取模计算的结果值应该相等。)
Some entries
describe process segments; others give supplementary(补充) information
and do not contribute to the process image. Segment entries may appear
in any order, except as explicitly noted below. Defined type values
follow; other values are reserved for future use.
(一些程序头表表项描述了进程段;其他的程序头表表项则提供补充信息并且无帮助于进程映像。段表项可以以任何顺序出现,除非是下面明确声明的。下面是定义的段类型值;其他的值保留以便将来用于其他用途。)
Figure 2-2: Segment Types, p_type
Name Value
==== =====
PT_NULL 0
PT_LOAD 1
PT_DYNAMIC 2
PT_INTERP 3
PT_NOTE 4
PT_SHLIB 5
PT_PHDR 6
PT_LOPROC 0x70000000
PT_HIPROC 0x7fffffff
PT_NULL
The array element is unused; other members’ values are undefined. This
type lets the program header table have ignored (whole) entries.
(pt_type=PT_NULL 该类型程序头表表项未使用;该表项其他的成员值都是未定义的。这种类型让程序头表忽略程序头表项。)
PT_LOAD
The array element specifies a loadable segment, described by p_filesz
and p_memsz. The bytes from the file are mapped to the beginning of the
memory segment??. If the segment’s memory size (p_memsz) is larger than
the file size (p_filesz), the ‘‘extra’’ bytes are defined to hold the
value 0 and to follow the segment’s initialized area. The file size may
not be larger than the memory size. Loadable segment entries in the
program header table appear in ascending order, sorted on the p_vaddr
member.
(pt_type=PT_LOAD该类型程序头表表项指定一个可载入的段,由 p_filesz 和 p_memsz
描述。文件中的字节被映射到内存段的开始处。如果该段的内存大小( p_memsz )比文件大小( p_filesz
)要大,则多出的字节被定义保持为 0 并且跟随段初始化区域??。文件的大小不会比内存大小值大。在程序头表中,可载入段的表项是按照
p_vaddr 的升序排列的。)
PT_DYNAMIC The array element specifies dynamic linking information. See ‘‘Dynamic Section’’ below for more information.
(pt_type=PT_DYNAMIC 该类型程序头表表项指定动态链接信息。参阅 后面的“Dynamic Section”以获得更多信息。)
PT_INTERP
The array element specifies the location and size of a null-terminated
path name to invoke(恳求) as an interpreter. This segment type is
meaningful only for executable files(though(虽然) it may occur(出现存在) for
shared objects); it may not occur more than once in a file. If it is
present, it must precede(先于…) any loadable segment entry. See ‘‘Program
Interpreter’’ below for further information.
(pt_type=PT_INTERP
该类型程序头表表项指定一个以null结尾的路径名字的位置和大小(此路径名字作为解释程序使用)。
这种段类型仅仅对可执行文件有意义(尽管它可能出现用在一个共享 object
上);它在一个文件中只能出现一次。如果PT_INTERP类型段出现,它必须先于任何一个“可载入类型段对应的程序头表项”。参阅后面的“程序解释器”(Program Interpreter)以获得更多的信息。)
PT_NOTE The array element
specifies the location and size of auxiliary(辅助的附属的) information. See
‘‘Note Section’’ below for details.
(pt_type=PT_NOTE 该类型程序头表表项辅助信息的位置和大小。参阅后面的“注意部分”以获得细节。)
PT_SHLIB
This segment type is reserved but has unspecified semantics. Programs
that contain an array element of this type do not conform(遵守一致) to the
ABI.
(pt_type=PT_SHLIB该类型程序头表表项保留且具有未指定的语义。具有这种类型程序头表项的程序并不遵守ABI。)
PT_PHDR
The array element, if present, specifies the location and size of the
program header table itself, both in the file and in the memory image
of the program. This segment type may not occur more than once in a
file. Moreover(此外), it may occur only if the program header table is
part of the memory image of the program. If it is present, it must
precede any loadable segment entry. See ‘‘Program Interpreter’’ below
for further information.
(pt_type=PT_PHDR
该类型程序头表表项(如果出现),指定了程序头表本身(既在文件中又在该程序的内存映像中)的位置和大小。该类型程序头表表项在一个文件中只能出现一次。
更进一步来说,它仅仅在该程序头表是程序内存映像的一部分时才出现。如果PT_PHDR类型段出现,它必须先于任何一个“可载入段对应的程序头表项”。参阅后面的“程序解释器”(Program Interpreter)以获得更多的信息。)
PT_LOPROC through PT_HIPROC Values in this inclusive range are reserved for processor-specific semantics.
(该范围中的pt_type值保留用于特定处理器的语义。)
NOTE:Unless
specifically required elsewhere, all program header segment types are
optional. That is, a file’s program header table may contain only those
elements relevant to its contents.
(注意:除非在别处的特殊要求,所有的程序头的段类型是可选的。也就是说,一个文件的程序头表可以仅包含和其内容相关的程序头表元素。)
Executable
and shared object files have a base address, which is the lowest
virtual address associated with the memory image of the program’s
object file. One use of the base address is to relocate the memory
image of the program during dynamic linking.
(可执行和共享的 object 文件有一个“基地址”,该基地址是和程序的object文件的内存中映像相关联的最低虚拟地址。基地址的用途之一是在动态链接过程中重定位该程序的内存映像。)
An
executable or shared object file’s base address is calculated during
execution from three values: the memory load address, the maximum page
size, and the lowest virtual address of a program’s loadable segment.
As ‘‘Program Loading’’ in this chapter describes, the virtual addresses
in the program headers might not represent the actual virtual addresses
of the program’s memory image. To compute the base address, one
determines the memory address associated with the lowest p_vaddr value
for a PT_LOAD segment; One then obtains the base address by truncating
the memory address to the nearest multiple of the maximum page size.
Depending on the kind of file being loaded into memory, the memory
address might or might not match the p_vaddr values.
(一个可执行的 object
file 或 一个共享的 object file 的“基地址”是在执行的时候从三个值计算而来的:1.内存载入地址 2.页面尺寸最大值
3.一个程序的(所有)可载入段的最低虚拟地址。就象在本章“程序载入”中所描述的那样,程序头中记载的虚拟地址也许并不表示程序的内存映像的实际的虚拟
地址。为了计算基地址,第1步必须查明内存地址,它和所有PT_LOAD类型的段中的p_vaddr最小值相关联;第2步
获得基地址的方法是将内存地址截成 与最大页面尺寸最接近的整数倍。取决于载入内存中的文件类型,该内存地址和 p_vaddr
值可能匹配也可能不匹配。)
As ‘‘Sections’’ in Part 1 describes, the .bss section
has the type SHT_NOBITS. Although it occupies no space in the file, it
contributes to the segment’s memory image. Normally, these
uninitialized data reside at the end of the segment, thereby making
p_memsz larger than p_filesz in the associated program header element.
(就象在第一部分中 "Section" 中描述的那样, .bss section 具有
SHT_NOBITS的section类型。尽管在文件中不占用空间,它却对段的内存映像有所贡献。通常,这些没有初始化的数据驻留在段的尾部,因此使得
在相关的程序头中的元素 p_memsz 比 p_filesz 大。)
Sometimes
a vendor or system builder needs to mark an object file with special
information that other programs will check for conformance,
compatibility, etc. Sections of type SHT_NOTE and program header
elements of type PT_NOTE can be used for this purpose. The note
information in SHT_NOTE type sections and program header PT_NOTE type
elements holds any number of (许多)entries, each of which is an array of
4-byte words in(符合) the format of the target processor. Labels appear
below to help explain note information organization, but they are not
part of the specification.
(有的时候供应商或系统设计者需要用特殊的信息标志一个object
file,以便其他程序检查其一致性,兼容性等等。 SHT_NOTE 类型的section 和PT_NOTE类型的程序头表表项
都可以被用于此目的。SHT_NOTE 类型的section
和PT_NOTE类型的程序头表表项中的注解信息包含了许多表项,每一个表项都是符合目标处理器格式的
4-byte“字”的数组。下面的标签有助于解释“注释信息”的组织形式,但是这些标签不是规范说明的一部分。)
namesz and name:The
first namesz bytes in name contain a null-terminated character
representation of the entry’s owner or originator. There is no formal
mechanism for avoiding name conflicts. By convention, vendors use their
own name, such as ‘‘XYZ Computer Company,’’ as the identifier. If no
name is present, namesz contains 0. Padding is present, if necessary,
to ensure 4-byte alignment for the descriptor. Such padding is not
included in namesz.
(名字中的第一个字节: namesz包含了一个 null-terminated
字符描述,表达了该表项的所有者或创作者。没有正式的机制来避免名字冲突。从惯例来说,供应商使用他们自己的名称,比如 "XYZ Computer
Company",作为标识符。如果没有提供名字, namesz 值为 0 。
如果有必要,提供padding(填充信息)以确保描述符4-字节对齐。 这种填充信息并不包括在namesz 中。)
descsz and desc:The
first descsz bytes in desc hold(保存) the note descriptor(描述符). The ABI
places no constraints(约束) on a descriptor’s contents. If no descriptor
is present, descsz contains 0. Padding is present, if necessary, to
ensure 4-byte alignment for the next note entry. Such padding is not
included in descsz.
( desc 中的首字节: descsz保存了注解描述符。ABI 没有对一个描述符的内容予以约束。如果没有描述符,descsz 将包含0 。必要的话,提供padding(填充信息)以确保下一个注解表项4-字节对齐。 这种填充信息并不包括在descsz中。)
type:
This word gives the interpretation of the descriptor. Each originator
controls its own types; multiple interpretations of a single type value
may exist. Thus, a program must recognize both the name and the type to
‘‘understand’’ a descriptor. Types currently must be nonnegative.The
ABI does not define what descriptors mean.
(这个“字”给出了描述符的解释。每一个创作者管理着自己的类型;一个单一类型值的多种解释是可能存在的。因此,一个程序为了理解一个描述符必须既认识其名字也认识其类型。类型目前必须是非负的。ABI 没有定义描述符的含义。)
To illustrate, the following note segment holds two entries.
NOTE:The
system reserves note information with no name (namesz= =0) and with a
zero-length name (name[0]= =’’) but currently defines no types. All
other names must have at least one non-null character.
(注意:系统保留的注解信息没有名字 (namesz==0) ,有一个零长度的名字 (name[0]=='') 当前没有为其定义类型。除此以外其它所有的名字必须至少有一个非空的字符。)
NOTE
Note
information is optional. The presence of note information does not
affect a program’s ABI conformance, provided(以。。。为条件) the information
does not affect the program’s execution behavior. Otherwise, the
program does not conform to the ABI and has undefined behavior.
(注意:注解信息是可选的。注解信息的存在不影响一个程序的 ABI 一致性,前提是该信息不影响程序的执行行为。否则,该程序将不符合 ABI 并带有未定义的行为。)
Program Loading
As
the system creates or augments(增加) a process image, it logically copies
a file’s segment to a virtual memory segment. When—and if—the system
physically reads the file depends on the program’s execution behavior,
system load, etc. A process does not require a physical page unless it
references the logical page during execution, and processes commonly
leave many pages unreferenced. Therefore delaying physical reads
frequently obviates(消除避免) them, improving system performance(性能). To
obtain this efficiency in practice, executable and shared object files
must have segment images whose file offsets and virtual addresses are
congruent, modulo the page size.
(当系统创建或增加一个“进程映像”的时候,它(只是先)逻辑地拷贝一个文件
的段到一个虚拟的内存段。系统什么时候物理地读取文件依赖于程序的执行行为,系统载入等等。一个进程执行时仅当需要引用逻辑页面的时候才需要一个物理页
面,而进程一般会留下许多未引用的页面。因此推迟物理上的读操作常常可以避免(引用)这些逻辑页面,从而改善系统的性能。为了实际中达到这种效果,可执行
的和共享object 文件具有的段映像们必须满足条件:段映像的文件偏移和段映像的虚拟地址以页面尺寸为模是相等的。)
Virtual
addresses and file offsets for the SYSTEM V architecture segments are
congruent modulo 4 KB (0x1000) or larger powers of 2. Because 4 KB is
the maximum page size, the files will be suitable for paging(页面调度内存分页)
regardless of physical page size.
(SYSTEM V 体系结构的 段虚拟地址和段文件偏移 以4KB(0x1000)或较大的2的n次幂 取模是同余的。
由于 4KB 是最大的页面尺寸,不管物理页面尺寸如何,文件将是适内存分页的。)
Figure 2-5: Executable File
File Offset File Virtual Address
=========== ==== ===============
0 ELF header
Program header table
Other information
0x100 Text segment 0x8048100
...
0x2be00 bytes 0x8073eff
0x2bf00 Data segment 0x8074f00
...
0x4e00 bytes 0x8079cff
0x30d00 Other information
...
(图不好 参看45页)
Figure 2-6: Program Header Segments
Member Text Segment Data Segment
====== ========== ==========
p_type PT_LOAD PT_LOAD
p_offset 0x100 0x2bf00 (对应Figure 2-5中的两个段的文件偏移)
p_vaddr 0x8048100 0x8074f00 (对应Figure 2-5中的两个段的虚拟地址)
p_paddr unspecified unspecified
p_filesz 0x2be00 0x4e00
p_memsz 0x2be00 0x5e24
p_flags PF_R+PF_X PF_R+PF_W+PF_X
p_align 0x1000 0x1000
Although
the example’s file offsets and virtual addresses are congruent modulo 4
KB for both text and data, up up to(一直到,等于??) four file pages hold
impure text or data (depending on page size and file system block size).
(尽管示例中的文本段和数据段的文件偏移和虚拟地址以4KB为模是同余的,但是有4 个文件页面存放着非纯粹的混合的正文和数据(依赖于页面尺寸和文件系统块尺寸))(正文段通常存放纯代码,但在正文段与数据段的交界处的正文页面和数据页面可能会存放着混合的数据)
The first text page contains the ELF header, the program header table, and other information.
(* 正文段第一个页面包含了 ELF 头、程序头表和其它信息。参看Figure 2-5)
The last text page holds a copy of the beginning of data.
(* 正文段最后一个页面包含了一个数据段开头的拷贝。)
The first data page has a copy of the end of text.
(* 数据段第一个页面包含了一个正文段末端的拷贝。)
The last data page may contain file information not relevant to the running process.
(* 数据段最后一个页面也许会包含与正在运行的进程无关的文件信息。)
Logically,
the system enforces(实施,强制) the memory permissions as if(像。。。一样) each
segment were complete and separate; segments’ addresses are adjusted to
ensure each logical page in the address space has a single set of
permissions.
(逻辑上,系统执行内存权限时认为每个段是完整的、相互隔离的;段的地址被调整以确保地址空间里的每个逻辑页面有单一的一套权限)
In
the example above, the region of the file holding the end of text and
the beginning of data will be mapped twice: at one virtual address for
text and at a different virtual address for data.
(在上面的示例中,包含文本段结束和数据段开头的文件的(页面)区域将被映射两次:为文本(段的一部分映射)在一个虚拟地址上,为数据(段的一部分映射)在另一个虚拟地址上。)
The
end of the data segment requires special handling for uninitialized
data, which the system defines to begin with zero values. Thus if a
file’s last data page includes information not in the logical memory
page, the extraneous data must be set to zero, not the unknown contents
of the executable file. ‘‘Impurities’’ in the other three pages are not
logically part of the process image; whether the system expunges them
is unspecified(未指明的,未详细说明的). The memory image for this program follows,
assuming 4 KB (0x1000) pages.
(数据段的结束处需要对未初始化的数据进行特殊处理(系统定义未初始化的数据以0值
开始)。因此如果一个文件的最后一个数据段页面包括的信息不在逻辑内存页面中,则无关的数据应当被置为 0
,而非可执行文件的未知的内容)。在其他三个页面中的不纯洁内容
理论上并不是进程映像的一部分;系统是否擦除它们并未指明。下面程序的内存映像假定是4KB 的页面。)
Figure 2-7: Process Image Segments
Virtual Address Contents Segment
=============== ======== =======
0x8048000 Header padding Text
0x100 bytes
0x8048100 Text segment
...
0x2be00 bytes
0x8073f00 Data padding (这里估计是text段和data段交汇的地方)
0x100 bytes
0x8074000 Text padding Data
0xf00 bytes
0x8074f00 Data segment
...
0x4e00 bytes
0x8079d00 Uninitialized data
0x1024 zero bytes
0x807ad24 Page padding
0x2dc zero bytes
One
aspect(方面) of segment loading differs between executable files and
shared objects. Executable file segments typically contain absolute
code(机器(代)码绝对(代)码). To let the process execute correctly, the
executable file segments must reside at the virtual addresses used
to(惯常,惯于) build the executable file??. Thus the system uses the p_vaddr
values unchanged as virtual addresses.
(可执行文件和共享文件在段装载方面有所不同。典型地,可执行文件的段包含绝对代码。为了让进程正确执行,这些可执行文件段必须驻留在可执行文件建立时(所确定)的虚拟地址处??。因此系统使用未改变的 p_vaddr 作为虚拟地址。)
On
the other hand, shared object segments typically contain
position-independent code. This lets a segment’s virtual address change
from one process to another, without invalidating execution behavior.
Though
the system chooses virtual addresses for individual processes, it
maintains the segments’ relative positions. Because
position-independent code uses relative addressing(相对寻址) between
segments, the difference between virtual addresses in memory must match
the difference between virtual addresses in the file.
The following
table shows possible shared object virtual address assignments for
several processes, illustrating constant relative positioning(相对位置).
The table also illustrates the base address computations.
(另一方面,共享文件段
典型地包含着位置无关代码。这就使得一个段的虚拟地址在不同进程也各不相同,且执行行为不会无效。虽然系统为单独进程选择虚拟地址,它维护各个段的相对位
置。因为位置无关的代码在段间使用相对寻址,内存中的虚拟地址的差异必须匹配文件中虚拟地址的差异。下表给出了几个进程中共享对象可能分配的虚拟地址,举
例说明了不变的相对位置。该表同时阐明了基地址计算。)
Figure 2-8: Example Shared Object Segment Addresses
Sourc Text Data Base Address
===== ==== ==== ============
File 0x200 0x2a400 0x0 (相差0x2a200)
Process 1 0x80000200 0x8002a400 0x80000000 (相差0x2a200)
Process 2 0x80081200 0x800ab400 0x80081000 (相差0x2a200)
Process 3 0x900c0200 0x900ea400 0x900c0000 (相差0x2a200)
Process 4 0x900c6200 0x900f0400 0x900c6000 (相差0x2a200)
Dynamic Linking
Program Interpreter (程序解释程序)
An
executable file may have one PT_INTERP(segment type) program header
element. During exec(BA_OS), the system retrieves(重新得到) a path
name(路径名) from the PT_INTERP type segment and creates the initial
process image from the interpreter file’s segments. That is, instead
of(代替,而不是) using the original(原始的最初的) executable file’s segment images,
the system composes a memory image for the interpreter. It then is the
interpreter’s responsibility to receive control from the system and
provide an environment for the application program.
(一个可执行文件可能有一个
PT_INTERP类型的程序头表表项(如果PT_INTERP类型段出现,它必须优先于任何一个“可载入类型的段表项”。)。在
exec(BA_OS) 的时候,系统从 PT_INTERP类型段
中取回一个路径名(例如:/lib/ld-linux.so.2.so),并用解释程序文件(/lib/ld-linux.so.2.so)中的段创建初
始的进程映像。也就是说,系统为解释程序组成了一个内存映像,而不是使用最初的可执行文件中的段映像。此时该解释器程序就负责接收系统传来的控制并且为应
用程序提供一个环境。)
The interpreter receives control in one of two ways.
First, it may receive a file descriptor to read the executable file,
positioned(安置,决定...的位置) at the beginning??. It can use this file
descriptor to read and/or map the executable file’s segments into
memory. Second, depending on the executable file format, the system may
load the executable file into memory instead of giving the interpreter
an open file descriptor. With(由于) the possible exception of the file
descriptor??, the interpreter’s initial process state matches what the
executable file would have received. The interpreter itself may not
require a second interpreter. An interpreter may be either a shared
object file or an executable file.
(解释程序使用两种方法中的一种来接收系统来的控制。第一种,解释程序会
接收一个文件描述符来读取可执行文件,安置在开头??。解释程序可以使用这个文件描述符来读取
并且(或者)映射该可执行文件中的段到内存中。第二种,依赖于该可执行文件格式,系统(自己)可以装载这个可执行文件到内存中而不是传送给解释程序一个打
开的文件描述符。由于文件描述符可能的例外(即:系统可能不传送文件描述符给解释程序),解释程序的初始的进程状态匹配将接收的可执行文件类型。解释程序
本身并不需要第二个解释程序。解释器程序可以是一个共享目标文件(/lib/ld-linux.so.2.so)也可以是一个可执行文件(/bin
/sh??)。)
A shared object (the normal case) is loaded as
position-independent, with addresses that may vary from one process to
another; the system creates its segments in the dynamic segment area
used by mmap(KE_OS) and related services??. Consequently, a shared
object interpreter typically will not conflict with the original
executable file’s original segment addresses.
(*
一个共享目标文件(正常的情形)在被载入的时候是位置无关的,在各个进程中的(载入)地址可能各不相同;系统把共享目标文件中的段创建在动态的段区域中
(动态段区域为mmap(KE_OS)
和相关服务例程所用)。因而,即使解释程序是一个共享目标文件,(解释程序的加载地址)也将不会和最初的可执行文件的原始段地址相冲突。)
An
executable file is loaded at fixed addresses; the system creates its
segments using the virtual addresses from the program header table.
Consequently, an executable file interpreter’s virtual addresses may
collide with the first executable file; the interpreter is responsible
for resolving conflicts.
(* 一个可执行文件被载入到固定地址;系统使用程序头表中记录的虚拟地址
为一个可执行文件创建(内存)段(映像)。因而,解释器程序如果是一个可执行文件(/bin/sh),(解释程序的)载入虚拟地址可能和第一个可执行文件
(的载入地址)相冲突;解释器程序会负责解决这种冲突。)
Dynamic Linker
When building an
executable file that uses dynamic linking, the link editor adds a
program header element of type PT_INTERP to an executable file, telling
the system to invoke the dynamic linker(目标代码连接器) as the program
interpreter.
(当使用动态链接方式建立一个可执行文件时,链接编辑器把一个 PT_INTERP 类型的程序段 添加到可执行文件中,告知系统调用动态链接器当作程序解释器。
当使用动态链接方式建立一个可执行文件时,链接器把一个 PT_INTERP 类型
的程序段 加到可执行文件中,告诉系统把动态链接器做为该程序的解释器。
(如果PT_INTERP类型段出现,它必须先于任何一个“可载入段入口表项”。)
注意:由系统提供的动态链接器是和特定处理器相关的。)
NOTE
The locations of the system provided dynamic linkers are processor–specific.
(注意:系统提供的动态链接器的位置是与特定处理器相关的。)
Exec(BA_OS)
and the dynamic linker cooperate to create the process image for the
program, which entails(使必须,使承担) the following actions:
Adding the executable file’s memory segments to the process image;
Adding shared object memory segments to the process image;
Performing(执行) relocations for the executable file and its shared objects;
Closing the file descriptor that was used to read the executable file, if one was given to the dynamic linker;
Transferring control to the program, making it look as if the program had received control directlyfrom exec(BA_OS).
(Exec(BA_OS) 和动态链接器协作一起为程序创建进程映像,必须有如下的动作:
* 将可执行文件的内存段加入进程映像中;
* 将共享对象的内存段加入进程映像中;
* 为可执行文件和它的共享object执行重定位;
* 如果曾传递给了动态链接器一个文件描述符(用于读取可执行文件),(使用完毕后要)关闭这个文件描述符。
* 将控制传递给程序,使它看起来就象该程序直接从 exec(BA_OS) 接收到了控制一样。)
The
link editor also constructs various data that assist the dynamic linker
for executable and shared object files. As shown above in ‘‘Program
Header,’’ these data reside in loadable segments, making them available
during execution. (Once again, recall the exact segment contents are
processor-specific??. See the processor supplement for complete
information.)
(链接编辑器也为可执行文件和共享对象文件
构造各种数据以帮助动态链接器。就象在上面“程序头”中说的那样,这些数据驻留在可载入类型段中,使得在执行期间这些数据是可用的。(再一次
的,recall正确的段内容是和特定处理器相关的??。可以参阅处理器的补充说明来获得详尽的信息。))
A .dynamic
section with type SHT_DYNAMIC holds various data. The structure
residing at the beginning of the section holds the addresses of other
dynamic linking information.
The .hash section with type SHT_HASH holds a symbol hash table.
The
.got and .plt sections with type SHT_PROGBITS hold two separate tables:
the global offset table and the procedure linkage table. Sections below
explain how the dynamic linker uses and changes the (two) tables to
create memory images for object files.
(* 一个 SHT_DYNAMIC 类型的section:.dynamic 包含各种数据,在该section 开头的结构里面包含了其他动态链接信息的地址。
* SHT_HASH 类型的section:.hash 包含了一个 symbol hash table.
* SHT_PROGBITS 类型的section:.got .plt 包含了两个独立的表:全局偏移表和过程链接表。下面的 section 演示了动态链接器使用和改变这些表来为 object file 创建内存映像。)
Because
every ABI-conforming program imports the basic system services
(functions) from a shared object library, the dynamic linker
participates in every ABI-conforming program execution.
(由于每一个遵循 ABI 的程序都需要从一个共享object文件库中输入基本的系统服务函数,因此动态链接器参与每一个遵循 ABI 的程序的执行过程。)
As
‘‘Program Loading’’ explains in the processor supplement, shared
objects may occupy virtual memory addresses that are different from the
addresses recorded in the file’s program header table. The dynamic
linker relocates the (share object) memory image, updating absolute
addresses before the application gains control. Although the absolute
address values would be correct if the library were loaded at the
addresses specified in the program header table, this normally is not
the case.
(在处理器补充说明的“程序载入”部分曾经说过,共享objects占用的虚拟内存地址可能会和
记录在共享目标文件的“程序头表项”中的地址不同。“动态链接器”重定位(共享objects的)内存映像,在应用程序获得控制权之前更新绝对地址。尽管
如果库文件被载入到程序头表所指定的地址处,绝对地址(也)将会是正确的,情况通常却不是这样。)
If the process
environment [see exec(BA_OS)] contains a variable named LD_BIND_NOW
with a non-null value, the dynamic linker processes all relocation
before transferring control to the program. For example, all the
following environment entries would specify this behavior.
(如果进程环境 [see exec(BA_OS)] 包含了一个名为LD_BIND_NOW的环境变量的值非零,动态链接器在把控制权传递给程序之前处理所有的重定位。举例而言,所有下面的环境表项将指定这种行为。)
LD_BIND_NOW=1
LD_BIND_NOW=on
LD_BIND_NOW=off
Otherwise,
LD_BIND_NOW either does not occur in the environment or has a null
value. The dynamic linker is permitted to evaluate procedure linkage
table entries lazily, thus avoiding symbol resolution and relocation
overhead for functions that are not called. See ‘‘Procedure Linkage
Table’’ in this part for more information.
(否则,如果LD_BIND_NOW为空值或者没有出现在环境中。则允许动态链接器延缓估算过程链接表表项,从而可以避免对没有调用的函数进行符号解析和重定位工作。参阅"Procedure Linkage Table"获取更多的信息。)
Dynamic Section
If
an object file participates in dynamic linking, its program header
table will have an element of type PT_DYNAMIC. This ‘‘segment’’
contains the .dynamic section. A special symbol, _DYNAMIC, labels the
section, which contains an array of the following structures.
(假如一个
object文件参与动态连接,它的程序头表将有一个PT_DYNAMIC类型的程序头表表项。这个PT_DYNAMIC类型的“段”包含了一个
SHT_DYNAMIC类型的section:.dynamic 。.dynamic
section用一个特殊的符号:_DYNAMIC来标记,.dynamic
section包含了一个Elf32_Dyn结构的数组:_DYNAMIC[] 以下称为:动态连接数组)
Figure 2-9: Dynamic Structure
typedef struct {
Elf32_Sword d_tag;
union {
Elf32_Sword d_val;
Elf32_Addr d_ptr;
} d_un;
} Elf32_Dyn;
extern Elf32_Dyn _DYNAMIC[];
For each object with this type(Elf32_Dyn), d_tag controls the interpretation of d_un.
(对于每一个Elf32_Dyn类型的数据结构对象(动态连接数组项),d_tag成员控制着 对d_un的解释。)
d_val These Elf32_Word objects represent integer values with various interpretations.
(*d_val 这些Elf32_Word 类型“数据对象”描述了具有多种不同解释的整数值们。)
d_ptr
These Elf32_Addr objects represent program virtual addresses. As
mentioned previously, a file’s virtual addresses might not match the
memory virtual addresses during execution. When interpreting addresses
contained in the dynamic structure, the dynamic linker computes actual
addresses(有效地址,实地址), based on the original file value and the memory
base address. For consistency, files do not contain relocation entries
to ‘‘correct’’ addresses in the dynamic structure.
(*d_ptr这些
Elf32_Addr类型“数据对象”描述了程序虚拟地址。就象前面提到的,在执行时,文件的(程序头表中记载的)虚拟地址可能和内存虚拟地址不匹配。当
解释包含在动态数据结构(Elf32_Dyn)中的地址时,动态连接器根据原始文件的相关值和内存的基地址来计算实际的地址。为了一致性,文件不包含重定
位表项去纠正动态数据结构中的地址。)
The following table summarizes the tag
requirements for executable and shared object files. If a tag is marked
‘‘mandatory,’’ then the dynamic linking array(_DYNAMIC[]) for an
ABI-conforming file must have an entry of that type. Likewise,
‘‘optional’’ means an entry for the tag may appear but is not required.
(下
表总结了用于可执行文件和共享object文件的d_tag要求。d_tag表示动态连接数组项的类型,在符合ABI的文件的_DYNAMIC数组里,标
为”mandatory”的d_tag表示这种数组项是不可缺少的。标为”optional”的 d_tag 表示这种数组项是可有可无的。)
Figure 2-10: Dynamic Array Tags, d_tag
Name Value d_un Executable Shared Object
==== ===== ==== ========== =============
DT_NULL 0 ignored mandatory mandatory
DT_NEEDED 1 d_val optional optional
DT_PLTRELSZ 2 d_val optional optional
DT_PLTGOT 3 d_ptr optional optional
DT_HASH 4 d_ptr mandatory mandatory
DT_STRTAB 5 d_ptr mandatory mandatory
DT_SYMTAB 6 d_ptr mandatory mandatory
DT_RELA 7 d_ptr mandatory optional
DT_RELASZ 8 d_val mandatory optional
DT_RELAENT 9 d_val mandatory optional
DT_STRSZ 10 d_val mandatory mandatory
DT_SYMENT 11 d_val mandatory mandatory
DT_INIT 12 d_ptr optional optional
DT_FINI 13 d_ptr optional optional
DT_SONAME 14 d_val ignored optional
DT_RPATH 15 d_val optional ignored
DT_SYMBOLIC 16 ignored ignored optional
DT_REL 17 d_ptr mandatory optional
DT_RELSZ 18 d_val mandatory optional
DT_RELENT 19 d_val mandatory optional
DT_PLTREL 20 d_val optional optional
DT_DEBUG 21 d_ptr optional ignored
DT_TEXTREL 22 ignored optional optional
DT_JMPREL 23 d_ptr optional optional
DT_LOPROC 0x70000000 unspecified unspecified unspecified
DT_HIPROC 0x7fffffff unspecified unspecified unspecified
DT_NULL An entry with a DT_NULL tag marks the end of the _DYNAMIC array.
(DT_NULL类型的数组项表示 _DYNAMIC数组的结束。)
DT_NEEDED
This element holds the string table offset of a null-terminated string,
giving the name of a needed library. The offset is an index into the
table recorded in the DT_STRTAB entry. See ‘‘Shared Object
Dependencies’’ for more information about these names. The dynamic
array may contain multiple entries with this type. These entries’
relative order is significant, though their relation to entries of
other types is not (significant).
(DT_NEEDED
类型的数组项保存着一个以NULL结尾的字符串在字符串表中的偏移量,这个字符串是所需“库”的名字(例如:libc.so.6)。该偏移量是:在
DT_STRTAB类型数组项中记录的字符串表的索引值。参看“Shared Object
Dependencies”关于这些名字的更多信息。动态连接数组中可以包含多个这种类型的数组项。这些(同类)数组项之间的相互顺序是重要的,但是它们
跟其他类型数组项的关系是不重要的。)
DT_PLTRELSZ This element holds the total size, in
bytes, of the relocation entries associated with the procedure linkage
table. If an entry of type DT_JMPREL is present, a DT_PLTRELSZ must
accompany it.
(DT_PLTRELSZ 类型的数组项保存着跟PLT关联的重定位表表项的总体字节大小。假如_DYNAMIC数组中有一个DT_JMPREL类型的数组项存在,那么一个DT_PLTRELSZ类型的数组项也必须伴随存在。)
DT_PLTGOT This element holds an address associated with the procedure linkage table and/or the
global offset table. See this section in the processor supplement for details.
(DT_PLTGOT 类型的数组项保存着一个跟PLT和/或者GOT相关的地址(例如:.got section 首地址)。具体细节看处理器补充部分。)
DT_HASH
This element holds the address of the symbol hash table, described in
‘‘Hash Table.’’ This hash table refers to the symbol table referenced
by the DT_SYMTAB element.
(DT_HASH 类型的数组项保存着符号哈希表的地址(例如:.hash section 首地址),在“哈希表”有描述。这个符号哈希表指向被DT_SYMTAB数组项引用的符号表。)
DT_STRTAB
This element holds the address of the string table, described in Part
1. Symbol names, library names, and other strings reside in this table.
(DT_STRTAB 类型的数组项保存着“字符串表”地址(例如:.dynstr section 首地址),字符串表在第一部分有描述,包含了符号名,库名,和其他的字符串。)
DT_SYMTAB
This element holds the address of the symbol table, described in Part
1, with Elf32_Sym entries for the 32-bit class of files.
(DT_SYMTAB 类型的数组项保存着“符号表”的地址(例如:.dynsym section 首地址),符号表在第一部分有描述,32-bit类型的文件具有Elf32_Sym数据结构的符号表项。)
DT_RELA
This element holds the address of a relocation table, described in Part
1. Entries in the table have explicit addends, such as Elf32_Rela for
the 32-bit file class. An object file may have multiple relocation
sections. When building the relocation table for an executable or
shared object file, the link editor catenates those sections to form a
single table. Although the sections remain independent in the object
file, the dynamic linker sees a single table. When the dynamic linker
creates the process image for an executable file or adds a shared
object to the process image, it reads the relocation table and performs
the associated actions. If this element is present, the dynamic
structure must also have DT_RELASZ and DT_RELAENT elements. When
relocation is ‘‘mandatory’’ for a file??, either DT_RELA or DT_REL may
occur (both are permitted but not required).
(DT_RELA
类型的数组项保存着“重定位表”的地址,重定位表在第一部分有描述。Rela类型重定位表中的表项会有一个明确的加数,比如32-bit类型的文件具有的
Elf32_Rela数据结构的重定位表项。一个object文件可以具有多个重定位section(例如:.rel.plt seciton
.rel.got
section)。当为一个可执行或共享文件建立“重定位表”的时候,连接编辑器把这些重定位section连接起来(逻辑上)组成一个单一的表。尽管在
object文件中sections是保持相互独立的,动态连接器却把它们看成单一的表。当动态连接器为一个可执行文件创建一个进程映象或者是加载一个共
享object到进程映象中,它去读“重定位表”和执行相关的动作。假如动态连接数组中出现DT_RELA类型数组项,动态连接数组中必须也要有
DT_RELASZ和DT_RELAENT类型的数组项。当文件的重定位是mandatory(是指数组项的d_tag是重定位的??),DT_RELA
或者 DT_REL都可能出现(同时出现也是允许的,但是不必要的)。)
DT_RELASZ This element holds the total size, in bytes, of the DT_RELA relocation table.
(DT_RELASZ 类型的数组项保存着DT_RELA类型的数组项中重定位表总的字节大小。)
DT_RELAENT This element holds the size, in bytes, of the DT_RELA relocation entry.
(DT_RELAENT 类型的数组项保存着DT_RELA类型的数组项中重定位表每个表项的字节大小。)
DT_STRSZ This element holds the size, in bytes, of the string table.
(DT_STRSZ 类型的数组项保存着字符串表的字节大小。)
DT_SYMENT This element holds the size, in bytes, of a symbol table entry.
(DT_SYNENT 类型的数组项保存着符号表每个表项的字节大小。)
DT_INIT
This element holds the address of the initialization function,
discussed in ‘‘Initialization and Termination Functions’’ below.
(DT_INIT 类型的数组项保存着初始化函数的地址(例如:.init section 首地址),在下面“初始化和终止函数”中讨论。)
DT_FINI
This element holds the address of the termination function, discussed
in ‘‘Initialization and Termination Functions’’ below.
(DT_FINI 类型的数组项保存着终止函数的地址(例如:.fini section 首地址),在下面“初始化和终止函数”中讨论。)
DT_SONAME
This element holds the string table offset of a null-terminated string,
giving the name of the shared object. The offset is an index into the
table recorded in the DT_STRTAB entry. See ‘‘Shared Object
Dependencies’’ below for more information about these names.
(DT_SONAME
类型的数组项保存着一个以NULL结尾的字符串在字符串表中的偏移量,这个字符串是共享object的名字。该偏移量是:在DT_STRTAB类型数组项
中记录的字符串表的索引值。参看“Shared Object Dependencies”关于这些名字的更多信息。)
DT_RPATH
This element holds the string table offset of a null-terminated search
library search path string??, discussed in ‘‘Shared Object
Dependencies.’’ The offset is an index into the table recorded in the
DT_STRTAB entry.
(DT_RPATH
类型的数组项保存着一个以NULL结尾的字符串在字符串表中的偏移量,这个字符串是库(文件)搜索路径。在”Shared Object
Dependencies”中有相关讨论。该偏移量是:在DT_STRTAB类型数组项中记录的字符串表的索引值。)
DT_SYMBOLIC
This element’s presence in a shared object library alters the dynamic
linker’s symbol resolution algorithm(运算法则) for references within the
library. Instead of starting a symbol search with the executable file,
the dynamic linker starts from the shared object (library) itself. If
the shared object (library) fails to supply the referenced(引用的) symbol,
the dynamic linker then searches the executable file and other shared
objects as usual.
(DT_SYMBOLIC
类型的数组项出现在一个共享object库中,改变了动态连接器对于库中的(符号的)引用进行的符号解析算法。动态连接器将首先从共享object库自身
中的符号开始搜索,而不是先在可执行文件中的符号开始搜索,如果该共享object库无法提供所引用的符号,那么动态连接器再照常搜索可执行文件和其他的
共享object。)
DT_REL This element is similar to DT_RELA, except its
table has implicit addends, such as Elf32_Rel for the 32-bit file
class. If this element is present, the dynamic structure must also have
DT_RELSZ and DT_RELENT elements.
(DT_REL
类型的数组项类似于DT_RELA类型的数组项(例如:.rel.got section
首地址),只是Rel类型重定位表中的表项会有一个隐含的加数,比如32-bit类型的文件具有的Elf32_Rel数据结构的重定位表项。假如动态连接
数组中出现DT_REL类型数组项,动态连接数组中必须也要有DT_RELSZ和DT_RELENT类型的数组项。)
DT_RELSZ This element holds the total size, in bytes, of the DT_REL relocation table.
(DT_RELSZ 类型的数组项保存着DT_REL类型数的组项中的重定位表总的字节大小。)
DT_RELENT This element holds the size, in bytes, of the DT_REL relocation entry.
(DT_RELENT 类型的数组项保存着DT_REL类型的数组项中重定位表每个表项的字节大小。)
DT_PLTREL
This member specifies the type of relocation entry to which the
procedure linkage table refers. The d_val member holds DT_REL or
DT_RELA, as appropriate. All relocations in a procedure linkage table
must use the same relocation.
(DT_PLTREL
类型的数组项指定PLT指向的重定位表表项的类型(例如:REL类型或RELA类型)。DT_PLTREL数组项的d_val成员适当保存着
DT_REL或DT_RELA(数组项的值??)。在一个PLT中的所有重定位必须使用相同(类型:DT_PLTREL)的重定位(表项)。)
DT_DEBUG
This member is used for debugging. Its contents are not specified for
the ABI; programs that access this entry are not ABI-conforming.
(DT_DEBUG 类型的数组项用于调试。它的内容没有为ABI指定;访问DT_PLTREL 类型的数组项的程序是不符合ABI的。)
DT_TEXTREL
This member’s absence signifies that no relocation entry should cause a
modification to a non-writable segment, as specified by the segment
permissions in the program header table. If this member is present, one
or more relocation entries might request modifications to a
non-writable segment, and the dynamic linker can prepare accordingly.
(假
如DT_TEXTREL
类型的数组项不存在,表示没有重定位表表项会引起对非可写段的修改,象在程序头表中的(非可写)段权限所指定的那样。假如DT_TEXTREL
类型的数组项存在,表示一个或多个重定位表表项可能请求对一个非可写段进行修改,动态连接器能因此而做相应准备。)
DT_JMPREL If
present, this entries’s d_ptr member holds the address of relocation
entries associated solely with the procedure linkage table. Separating
these relocation entries lets the dynamic linker ignore them during
process initialization, if lazy binding is enabled. If this entry is
present, the related entries of types DT_PLTRELSZ and DT_PLTREL must
also be present.
(假如DT_JMPREL
类型的数组项存在,DT_JMPREL数组项的d_ptr成员保存着和PLT单独关联的重定位表表项的地址(例如:.rel.plt section
首地址)。假如lazy binding
激活,那么分离这些重定位表表项让动态连接器在进程初始化时忽略它们。假如DT_JMPREL类型数组项存在,相关联的DT_PLTRELSZ类型数组项
和DT_PLTREL类型数组项一定要在动态连接数组中存在。)
DT_LOPROC through DT_HIPROC
Values in this inclusive range are reserved for processor-specific semantics.
(在DT_LOPROC – DT_HIPROC 范围内的值为特定处理器语义保留。)
Except
for the DT_NULL element at the end of the array, and the relative order
of DT_NEEDED elements, entries may appear in any order. Tag values not
appearing in the table are reserved.
(除了DT_NULL类型数组项位于动态连接数组的末尾,和DT_NEEDED类型数组项的相对次序外,动态连接数组中的其他数组项可以任何次序出现。在上表中没有出现的d_Tag值是保留的。)
Shared Object Dependencies
When
the link editor processes an archive library, it extracts library
members and copies them into the output object file. These statically
linked services are available during execution without involving(包括)
the dynamic linker. Shared objects also provide services, and the
dynamic linker must attach the proper shared object files to the
process image for execution. Thus executable and shared object files
describe their specific dependencies.
(当连接编辑器处理一个文档库时,它取出库成员并且把它们拷贝到输
出object文件中。当运行时没有包括动态连接器的时候,这些静态连接的服务函数是可用的。共享object也提供了服务函数,动态连接器必须把适当的
共享object文件连接到要进程映象中以便执行。因而,可执行文件和共享object文件描述了他们明确的依赖关系。)
When the
dynamic linker creates the memory segments for an object file, the
dependencies (recorded in DT_NEEDED entries of the dynamic structure)
tell what shared objects are needed to supply the program’s services.
By repeatedly connecting referenced shared objects and their
dependencies, the dynamic linker builds a complete process image. When
resolving symbolic references, the dynamic linker examines the symbol
tables with a breadth-first search. That is, it first looks at the
symbol table of the executable program itself, then at the symbol
tables of the DT_NEEDED entries (in order), then at the second level
DT_NEEDED entries, and so on. Shared object files must be readable by
the process; other permissions are not required.
(当动态连接器为一个object文件创建
内存段时,依赖关系(记录在动态连接数组中的DT_NEEDED类型数组项们中)说明需要哪些共享object来为程序提供服务函数。通过多次连接
这些被引用的共享object和他们的依赖关系,动态连接器建立一个完整的进程映象。当解析符号引用的时候,动态连接器以宽度优先搜索(算法)来检查符号
表,也即,动态连接器先查看可执行程序自身的符号表,然后在DT_NEEDED类型数组项记录的”库”的符号表中搜索(按顺序),再接下来是在第二级
DT_NEEDED类型数组项记录的”库”的符号表中搜索,依次类推。共享object文件必须对进程是可读的;其他权限则不是必需的。)
NOTE
Even
when a shared object is referenced multiple times in the dependency
list, the dynamic linker will connect the object only once to the
process.
(注意:即使在依赖关系列表中一个共享object被引用多次,动态连接器只把它连接到进程中一次。)
Names
in the dependency list are copies either of the DT_SONAME strings or
the path names of the shared objects used to build the object file??.
For example, if the link editor builds an executable file using one
shared object with a DT_SONAME entry of lib1 and another shared object
library with the path name /usr/lib/lib2, the executable file will
contain lib1 and /usr/lib/lib2 in its dependency list.
(依赖关系列表中的名字或
者是 DT_SONAME类型数组项中的字符串的拷贝,或者是用来建立object文件的共享objects的路径名字们
的拷贝。例如,动态连接器建立一个可执行文件时,使用1个共享object 对应的DT_SONAME数组项的值为“lib1”,使用的另1个共享
object库:路径名为/usr/lib/lib2,那么可执行文件在它的依赖关系列表中将会包含lib1和/usr/lib/lib2。)
If
a shared object name has one or more slash (/) characters anywhere in
the name, such as /usr/lib/lib2 above or directory/file, the dynamic
linker uses that string directly as the path name. If the name has no
slashes, such as lib1 above, three facilities specify shared object
path searching, with the following precedence.
(假如一个共享object文件的名字中任何位
置包含一个或多个的反斜杠字符(/),例如上面的/usr/lib/lib2文件或类似directory/file的格式,动态连接器直接使用那个字符
串做为路径名。假如名字中没有包含反斜杠字符(/),例如上面的lib1,则有三种方法指定共享object文件路径搜索,按照如下优先级:)
First,
the dynamic array tag DT_RPATH may give a string that holds a list of
directories, separated by colons (:). For example, the string
/home/dir/lib:/home/dir2/lib: tells the dynamic linker to search first
the directory /home/dir/lib, then /home/dir2/lib, and then the current
directory to find dependencies.
(*
第一,动态连接数组中DT_RPATH类型的数组项给出一个包含以冒号分隔的目录列表的字符串。例如,字符串
/home/dir/lib:/home/dir2/lib:
告诉动态连接器先搜索/home/dir/lib,再搜索/home/dir2/lib,再搜索当前目录以找到依赖关系。)
Second, a
variable called LD_LIBRARY_PATH in the process environment [see
exec(BA_OS)] may hold a list of directories as above, optionally
followed by a semicolon (;) and another directory list.
The following values would be equivalent to the previous example:
(* 第二,在进程环境中(参见 exec(BA_OS)),有一个环境变量称为LD_LIBRARY_PATH可以保存象前面一样的目录列表(随意地跟随一个分号(;)和其他目录列表)。
下面的值等价于前面的例子:)
LD_LIBRARY_PATH=/home/dir/lib:/home/dir2/lib:
LD_LIBRARY_PATH=/home/dir/lib;/home/dir2/lib:
LD_LIBRARY_PATH=/home/dir/lib:/home/dir2/lib:;
All
LD_LIBRARY_PATH directories are searched after those from DT_RPATH.
Although some programs (such as the link editor) treat the lists before
and after the semicolon differently, the dynamic linker does not.
Nevertheless, the dynamic linker accepts the semicolon notation, with
the semantics described above.
(在搜索了DT_RPATH类型数组项指定的目录之后,接着搜索所有的LD_LIBRARY_PATH目录。尽管有一些程序(例如连接编辑器)处理分号前和分号后的(目录)列表会有所不同,但是动态连接器不会这样。不过,动态连接器接受分号符号,语意如上面描述。)
Third, if the other two groups of directories fail to locate the desired library, the dynamic linker searches /usr/lib.
(* 第三,如果在前面的两组目录中查找库文件名失败,那么动态连接器搜索/usr/lib.)
NOTE
For
security, the dynamic linker ignores environmental search
specifications (such as LD_LIBRARY_PATH) for set-user and set-group ID
programs. It does, however, search DT_RPATH directories and /usr/lib.
(注意:出于安全考虑,动态连接器忽略set-user ID和set-group ID程序的环境搜索设定(例如:LD_LIBRARY_PATH)。但它会搜索DT_RPATH类型数组项指定的目录和/usr/lib。)
Global Offset Table
Position-independent
code cannot, in general, contain absolute virtual addresses. Global
offset tables hold absolute addresses in private data, thus making the
addresses available without compromising the position-independence and
sharability of a program’s text. A program references its global offset
table using position-independent addressing(寻址) and extracts absolute
values, thus redirecting position-independent references to absolute
locations.
(一般情况下,位置无关的“代码”中不能包含绝对虚拟地址。全局偏移量表在私有的“数据”中存放绝对地址(不在“代码”中而
是在“数据”中存放GOT表,在GOT表中保存绝对地址,就不会影响“代码”的位置无关性),从而使绝对地址可用,无需折中程序正文的位置无关性和可共享
能力。一个程序使用位置无关寻址来引用它的GOT表(内容) 并从GOT表中取出绝对地址值,从而把位置无关引用重定向到绝对地址。)
Initially,
the global offset table holds information as required by its relocation
entries [see ‘‘Relocation’’ in Part 1]. After the system creates memory
segments for a loadable object file, the dynamic linker processes the
relocation entries, some of which will be type
R_386_GLOB_DAT(Relocation Types) referring to the global offset table.
The dynamic linker determines the associated symbol values, calculates
their absolute addresses, and sets the appropriate memory table entries
to the proper values. Although the absolute addresses are unknown when
the link editor builds an object file, the dynamic linker knows the
addresses of all memory segments and can thus calculate the absolute
addresses of the symbols contained therein??.
(最初,GOT里面保存着GOT对应的重定位表项
所必需的信息[参看第一部分的“Relocation”] (GOT对应的重定位表项保存在 .rel.got
section里面)。在系统为一个可加载的object 文件创建内存段们以后,动态连接器处理重定位表项们(包括.rel.got
section和.rel.plt
section中包含的重定位表项),其中有一些重定向类型为R_386_GLOB_DAT的重定位表项指向全局偏移量表(可以用 readelf
-a test 看到R_386_GLOB_DAT类型的重定位表项位于.rel.got
section中)。动态连接器确定相关的符号值,(根据GOT)计算符号值的绝对地址,并且把适当的内存表表项设置为正确的值。虽然当连接编辑器建立
object文件的时候 绝对地址是不知道的,但是动态连接器会知道所有内存段的地址并且能够计算出它们包含的符号的绝对地址。)
If a
program requires direct access to the absolute address of a symbol,
that symbol will have a global offset table entry. Because the
executable file and shared objects have separate global offset tables,
a symbol’s address may appear in several tables. The dynamic linker
processes all the global offset table relocations before giving control
to any code in the process image, thus ensuring the absolute addresses
are available during execution.
(假如程序需要直接访问
一个符号的绝对地址,那么这个符号在GOT(全局偏移量表)中将拥有一个表项。因为可执行文件和共享文件有相互独立的GOT,一个符号的地址可能出现在几
个GOT表中。在将控制权交给进程映象任何代码之前,动态连接器处理所有的全局偏移量表(相关的)重定位(表表项),这样就可以保证在执行期间绝对地址都
是可用的。)
The table’s entry zero is reserved to hold the address of the
dynamic structure(_DYNAMIC[]), referenced with the symbol _DYNAMIC.
This allows a program, such as the dynamic linker, to find its own
dynamic structure without having yet processed its relocation
entries.?? This is especially important for the dynamic linker, because
it must initialize itself without relying on other programs to relocate
its memory image. On the 32-bit Intel Architecture, entries one and two
in the global offset table also are reserved. ‘‘Procedure Linkage
Table’’ below describes them.
(GOT表的表项0被保留用于保存动态连接数组(_DYNAMIC[])的地址,动
态连接数组由符号 _DYNAMIC
来引用。这允许一个程序,例如动态连接程序,在它的重定位表项还没有处理时就可找到它自己的动态连接数组。这对于动态连接程序是尤其重要的,因为动态连接
程序必需初始化自身而不依赖其他程序来重定位它的内存映象。在32位Intel系统结构中,在GOT中的表项1和2也是保留的,下面的过程连接表
(Procedure LinkageTable)将给予描述。)
The system may choose different
memory segment addresses for the same shared object in different
programs; it may even choose different library addresses for different
executions of the same program. Nonetheless, memory segments do not
change addresses once the process image is established. As long as a
process exists, its memory segments reside at fixed virtual addresses.
(系
统可以为同一个共享object(比如:库文件)在不同的程序中
选择不同的内存段地址;它甚至可以为同一个程序不同的执行(副本)选择不同的库地址。虽然如此,一旦进程映象被建立以后,内存段不会再改变它们的地址。只
要一个进程还继续存在着,它的内存段们将驻留在固定的虚拟地址处。)
A global offset table’s format and
interpretation are processor-specific. For the 32-bit Intel
Architecture, the symbol _GLOBAL_OFFSET_TABLE_ may be used to access
the table.
(GOT表的格式和解释是特定处理器相关的。在32位Intel体系结构下,符号 _GLOBAL_OFFSET_TABLE_ 可用于访问GOT表。)
Figure 2-11: Global Offset Table
extern Elf32_Addr _GLOBAL_OFFSET_TABLE_[];
The
symbol _GLOBAL_OFFSET_TABLE_ may reside in the middle of the .got
section, allowing both negative and non-negative ‘‘subscripts’’ into
the array of addresses??.
(符号_GLOBAL_OFFSET_TABLE_可能驻留在.got section的中间,允许负的和非负的地址的数组下标??。)
Procedure Linkage Table
Much
as the global offset table redirects position-independent address
calculations to absolute locations,the procedure linkage table
redirects position-independent function calls to absolute locations.
The link editor cannot resolve execution transfers (such as function
calls) from one executable or shared object to another. Consequently,
the link editor arranges to have the program transfer control to
entries in the procedure linkage table. On the SYSTEM V architecture,
procedure linkage tables reside in shared text, but they use addresses
in the private global offset table. The dynamic linker determines the
destinations’ absolute addresses and modifies the global offset table’s
memory image accordingly. The dynamic linker thus can redirect the
entries without compromising the position-independence and sharability
of the program’s text. Executable files and shared object files have
separate procedure linkage tables.
(和 全局偏移表(GOT)用于
把位置无关的地址计算重定向到绝对位置
几乎一样,过程连接表(PLT)用于把位置无关的函数调用重定向到绝对位置。连接编辑器不能解决从一个可执行文件或者共享object文件到另一个
object file的执行(控制权的)传输(例如函数调用),因此,连接编辑器安排程序把控制权传递给PLT中的某个表项。在SYSTEM
V体系结构上,PLT驻留在共享正文(代码部分)中,但是PLT表项使用私有(数据中)的GOT中的(绝对)地址。动态连接器确定目的地的绝对地址并且修
改(对应的)GOT的内存映象。因此,“动态连接器”能够重定向这些PLT表项,无需折中程序正文的位置无关性和可共享能力。可执行文件和共享
object文件拥有相互独立的PLT。)
Figure 2-12: Absolute Procedure Linkage Table (绝对的过程联接表)
.PLT0:pushl got_plus_4
jmp *got_plus_8
nop; nop
nop; nop
.PLT1:jmp *name1_in_GOT
pushl $offset
jmp .PLT0@PC
.PLT2:jmp *name2_in_GOT
pushl $offset
jmp .PLT0@PC
...
Figure 2-13: Position-Independent Procedure Linkage Table (位置无关的过程联接表)
.PLT0:pushl 4(%ebx) (使用的都是相对地址)
jmp *8(%ebx)
nop; nop
nop; nop
.PLT1:jmp *name1@GOT(%ebx)
pushl $offset
jmp .PLT0@PC
.PLT2:jmp *name2@GOT(%ebx)
pushl $offset
jmp .PLT0@PC
...
NOTE
As
the figures show, the procedure linkage table instructions use
different operand addressing modes for absolute code and for
position-independent code. Nonetheless, their interfaces to the dynamic
linker are the same.
(注意:如上图所示,PLT中的指令 对于绝对代码和位置无关的代码 使用不同的操作数寻址方式。虽然如此,他们的界面对动态连接器而言是相同的。)
Following
the steps below, the dynamic linker and the program ‘‘cooperate’’ to
resolve symbolic references through the procedure linkage table and the
global offset table.
(按照以下的步骤,动态连接器和程序合作通过PLT和GOT来解析符号引用。)
1 .
When first creating the memory image of the program, the dynamic linker
sets the second and the third entries in the global offset table to
special values. Steps below explain more about these values.
(1. 当第一次创建程序的内存映象时,动态连接器把GOT表的第2个和第3个表项(即:GOT[1]和GOT[2] 参见P53)设置为特殊的值。下面的步骤更为详细地解释这些值。)
2
. If the procedure linkage table is position-independent, the address
of the global offset table must reside in %ebx. Each shared object file
in the process image has its own procedure linkage table, and control
transfers to a procedure linkage table entry only from within(从...的内部)
the same object file. Consequently, the calling function is responsible
for setting the global offset table base register(基址[变址]寄存器) before
calling the procedure linkage table entry.
(2.
假如PLT是位置无关的,那么GOT的地址必须驻留在%ebx寄存器中。每个在进程映象中的共享object文件都有它自己的PLT,并且仅仅从同一个
object文件的内部
控制传输到PLT中的某个表项。因此,在调用PLT表项(中的指令)之前,调用函数要负责设置GOT的基址寄存器(GOT的基址寄存器就是%ebx寄存
器,因为每个object文件也有各自独立的GOT(参见P53),因此被调用的函数如果属于不同的object文件,那么就要使用相应的object文
件中的GOT)。
3 . For illustration, assume the program calls name1, which transfers control to the label .PLT1.
(3. 举例说明,参见Figure 2-12 假定程序调用(函数)name1,它将控制权传递到PLT中的表项:.PLT1处执行)
4
. The first instruction jumps to the address in the global offset table
entry for name1. Initially, the global offset table holds the address
of the following pushl instruction, not the real address of name1.
(.PLT1
中的第一条指令(jmp
*name1_in_GOT)跳转到name1对应的GOT表项中保存的地址处,最初,name1对应的GOT表项中暂时保存的是
.PLT1中的第2条指令(pushl $offset)的地址,而不是真正的name1的地址。(于是接下来执行指令:pushl $offset))
5
. Consequently, the program pushes a relocation offset (offset) on the
stack. The relocation offset is a 32-bit, non-negative byte offset into
the relocation table. The designated relocation entry will have type
R_386_JMP_SLOT, and its offset will specify the global offset table
entry used in the previous jmp instruction. The relocation entry also
contains a symbol table index, thus telling the dynamic linker what
symbol is being referenced, name1 in this case.
(5. 因此
(接下来执行指令:pushl $offset)
,程序在堆栈中压入一个重定位偏移量。重定位偏移量是在重定位表中的一个32位、非负的字节偏移量(PLT对应的重定位表在.rel.plt
section中)。(重定位偏移量)指定的重定位表表项的类型是:R_386_JMP_SLOT类型,该重定位表表项的偏移量成员将指向(前面的
.PLT1中的第1条指令jmp *name1_in_GOT 所用到的)GOT表项(例如:用readelf –a test 可以看到
.rel.plt section中包含的重定位表表项的偏移量值都指向 .got section)。该重定位表表项也包含一个符号表索引(=
符号的名字:name1),从而告诉动态连接器哪个“符号”正在被引用,在这里正在被引用符号就是name1。)
6 . After
pushing the relocation offset, the program then jumps to .PLT0, the
first entry in the procedure linkage table. The pushl instruction
places the value of the second global offset table entry (got_plus_4 or
4(%ebx)) on the stack, thus giving the dynamic linker one word of
identifying information(辨识信息). The program then jumps to the address in
the third global offset table entry (got_plus_8 or 8(%ebx)), which
transfers control to the dynamic linker.
(6.
在压入重定位偏移量后,程序跳转到PLT中的第一个表项:.PLT0处执行。.PLT0中的第1条指令:pushl
got_plus_4把第二个GOT表项(got_plus_4 或
4(%ebx))中包含的值压入在堆栈中,目的是给动态连接器一个辨识信息“字”。然后程序跳转到第三个GOT表项 (got_plus_8 或
8(%ebx))中包含的地址处,传递控制权到动态连接器。)
7 . When the dynamic linker receives
control, it unwinds the stack, looks at the designated relocation
entry, finds the symbol’s value, stores the ‘‘real’’ address for name1
in its global offset table entry, and transfers control to the desired
destination.
(7.
当动态连接器接到控制权,它展开堆栈,查看在步骤5中(压入堆栈的重定位偏移量)指定的重定位表表项,找到重定位表表项中包含的符号的值(=
name1真实的地址),然后把name1 真实的地址保存到name1对应的GOT表项中,然后传递控制权到想要目的地(name1真实的地址处)。)
8
. Subsequent executions of the procedure linkage table entry will
transfer directly to name1, without calling the dynamic linker a second
time. That is, the jmp instruction at .PLT1 will transfer to name1,
instead of ‘‘falling through’’ to the pushl instruction.
(以后的.PLT1表项
(中的指令)的执行将直接传输控制给name1,而不用第二次调用动态连接器了(因为这时已经得到name1真实的地址了)。也就是说,在.PLT1中的
指令jmp *name1_in_GOT将会传输控制给name1,而不用再象前面那样跳转到.PLT1的pushl $offset指令。)
The
LD_BIND_NOW environment variable can change dynamic linking behavior.
If its value is non-null, the dynamic linker evaluates procedure
linkage table entries before transferring control to the program. That
is, the dynamic linker processes relocation entries of type
R_386_JMP_SLOT during process initialization. Otherwise, the dynamic
linker evaluates procedure linkage table entries lazily, delaying
symbol resolution and relocation until the first execution of a table
entry.
(LD_BIND_NOW环境变量能改变动态连接器的行为。假如这个变量为非空,动态连接器在传输控制到程序之前就评估PLT表项。
也就是说,在进程初始化时,动态连接器会处理重定位类型为R_386_JMP_SLOT的重定位表项。否则,动态连接器评估PLT表项是懒惰的,它会将符
号解析和重定位工作推迟到一个PLT表项(中指令)的第一次执行时。)
NOTE
Lazy binding generally
improves overall application performance, because unused symbols do not
incur the dynamic linking overhead. Nevertheless, two situations make
lazy binding undesirable for some applications.
First, the initial
reference to a shared object function takes longer than subsequent
calls, because the dynamic linker intercepts the call to resolve the
symbol. Some applications cannot tolerate this unpredictability.
Second,
if an error occurs and the dynamic linker cannot resolve the symbol,
the dynamic linker will terminate the program. Under lazy binding, this
might occur at arbitrary times. Once again, some applications cannot
tolerate this unpredictability. By turning off lazy binding, the
dynamic linker forces the failure to occur during process
initialization, before the application receives control.
(注意:一般来说,lazy binding通常能提升全面的应用程序性能。因为不使用的符号就不会招致动态连接器做无用功。然而,对于一些应用程序有两种情形会使得lazy binding方式不受欢迎。
第1 初次引用一个共享object中的函数 所花的时间肯定比后来再次调用要花的时间长,因为第1次调用时动态连接器先要拦截调用来解析符号。一些应用程序不能容忍这种不可预知性。
第
2 如果一个错误发生并且动态连接器不能解析该符号,动态连接器将终止整个程序。在lazy
binding方式下,前述情况可能发生在程序运行当中的任何时候。一些应用程序也是不能容忍这种不可预知性的。通过关掉lazy
binding方式,动态连接器在应用程序接到控制权之前,迫使程序失败发生在进程初始化期间。(即:尽量在初始阶段就发现错误,不要到运行时才出乱
子))
Hash Table
A hash table of Elf32_Word objects supports
symbol table access. Labels appear below to help explain the hash table
organization, but they are not part of the specification.
(一个包含Elf32_Word 对象的哈希表支持对符号表的访问。下面的标记帮助解释哈希表的组织结构,但是它们不是规范的一部分。)
Figure 2-14: Symbol Hash Table
nbucket
nchain
bucket[0]
...
bucket[nbucket - 1]
chain[0]
...
chain[nchain - 1]
The
bucket array contains nbucket entries, and the chain array contains
nchain entries; indexes start at 0. Both bucket and chain hold symbol
table indexes. Chain table entries parallel the symbol table. The
number of symbol table entries should equal nchain; so symbol table
indexes also select chain table entries.
(bucket数组包含了nbucket个条
目,chain数组包含了nchain个条目;索引从0开始。bucket和chain都保存着符号表的索引。Chain表条目平行于符号表。符号表表项
的数目应该等于nchain;所以用符号表的索引也可选取chain表表项。)
A hashing function (shown
below) accepts a symbol name and returns a value that may be used to
compute a bucket index. Consequently, if the hashing function returns
the value x for some name, bucket[x%nbucket] gives an index, y, into
both the symbol table and the chain table. If the symbol table entry is
not the one desired, chain[y] gives the next symbol table entry with
the same hash value. One can follow the chain links until either the
selected symbol table entry holds the desired name or the chain entry
contains the value STN_UNDEF.
(一个哈希函数elf_hash()接受一个符号名然后返回一个值,该值可以用于计
算bucket数组索引。因此,假如elf_hash()函数接受一些符号名字后返回值为x,那么bucket数组元
素:bucket[x%nbucket]可给出一个索引y(索引y既是符号表也是chain表的索引)。假如符号表表项不是期望的,chain
数组元素:chain[y]给出下一个符号表表项(这些符号表表项具有相同的哈希值)。可以沿着chain链
一直到选取到的符号表表项包含了所期望的名字或者是碰到的chain数组元素中包含值为:STN_UNDEF。)
Figure 2-15: Hashing Function
unsigned long
elf_hash(const unsigned char *name)
{
unsigned long h = 0, g;
while (*name) {
h = (h << 4) + *name++;
if (g = h & 0xf0000000)
h ^= g >> 24;
h &= ~g;
}
return h;
}
Initialization and Termination Functions
After
the dynamic linker has built the process image and performed the
relocations, each shared object gets the opportunity to execute some
initialization code. These initialization functions are called in no
specified order, but all shared object initializations happen before
the executable file gains control.
(在动态连接器建立进程映象和执行重定位以后,每一个共享object将会得到机会来执行一些初始化代码。这些初始化函数被调用并没有特别的顺序,但是所有的共享object初始化都发生在执行文件获得控制之前。)
Similarly,
shared objects may have termination functions, which are executed with
the atexit(BA_OS) mechanism after the base process begins its
termination sequence??. Once again, the order in which the dynamic
linker calls termination functions is unspecified.
(类似地,共享的object可以具有终止函数,在基础进程开始它的终止系列(过程)之后,终止函数以atexit(BA_OS)的机制被执行。动态连接器调用终止函数的顺序也是不定的。)
Shared
objects designate their initialization and termination functions
through the DT_INIT and DT_FINI entries in the dynamic structure,
described in ‘‘Dynamic Section’’ above. Typically, the code for these
functions resides in the .init and .fini sections, mentioned in
‘‘Sections’’ of Part 1.
(共享object通过在动态数组中的DT_INIT和DT_FINI类型的数组项指定它们的初
始化和终止函数,如前面Dynamic Section部分描述的。典型的,这些函数的代码保存在section:.init和.fini
中,在第一部分的“section”已经提到过。)
NOTE
Although the atexit(BA_OS)
termination processing normally will be done, it is not guaranteed to
have executed upon process death. In particular, the process will not
execute the termination processing if it calls _exit [see exit(BA_OS)]
or if the process dies because it received a signal that it neither
caught nor ignored.
(注意:尽管atexit(BA_OS)的终止处理一般可以正常完成,但是不保证在僵死进程上被执行。特别的,假如进程调用了_exit(见exit(BA_OS))或者假如进程因为接收到一个既不能捕获也不能忽略的信号而死掉,那么进程是不执行终止处理的。)
3 C LIBRARY
C Library 3-1
Global Data Symbols 3-2
C Library
The
C library, libc, contains all of the symbols contained in libsys, and,
in addition, contains the routines listed in the following two tables.
The first table lists routines from the ANSI C standard.
(C库:libc 包含了在libsys中包含的所有的符号,另外,libc包含了在下面两个表中列出的常规函数。第一个表中的常规函数来自于ANSI C标准。)
Figure 3-1: libc Contents, Names without Synonyms(同义字)
abort fputc isprint putc strncmp
abs fputs ispunct putchar strncpy
asctime fread isspace puts strpbrk
atof freopen isupper qsort strrchr
atoi frexp isxdigit raise strspn
atol fscanf labs rand strstr
bsearch fseek ldexp rewind strtod
clearerr fsetpos ldiv scanf strtok
clock ftell localtime setbuf strtol
ctime fwrite longjmp setjmp strtoul
difftime getc mblen setvbuf tmpfile
div getchar mbstowcs sprintf tmpnam
fclose getenv mbtowc srand tolower
feof gets memchr sscanf toupper
ferror gmtime memcmp strcat ungetc
fflush isalnum memcpy strchr vfprintf
fgetc isalpha memmove strcmp vprintf
fgetpos iscntrl memset strcpy vsprintf
fgets isdigit mktime strcspn wcstombs
fopen isgraph perror strlen wctomb
fprintf islower printf strncat
Additionally,libc holds the following services.
(另外, libc 保存着以下的服务函数。)
Figure 3-2: libc Contents, Names with Synonyms (同义字)
__assert getdate lockf ** sleep tell **
cfgetispeed getopt lsearch strdup tempnam
cfgetospeed getpass memccpy swab tfind
cfsetispeed getsubopt mkfifo tcdrain toascii
cfsetospeed getw mktemp tcflow _tolower
ctermid hcreate monitor tcflush tsearch
cuserid hdestroy nftw tcgetattr _toupper
dup2 hsearch nl_langinfo tcgetpgrp twalk
fdopen isascii pclose tcgetsid tzset
__filbuf isatty popen tcsendbreak _xftw
fileno isnan putenv tcsetattr
__flsbuf isnand ** putw tcsetpgrp
fmtmsg ** lfind setlabel tdelete
** = Function is at Level 2 in the SVID Issue 3 and therefore at Level 2 in the ABI.
Besides
the symbols listed in the With Synonyms table above, synonyms of the
form _name exist for name entries that are not listed with a leading
underscore prepended to their name. Thus libc contains both getopt and
_getopt, for example.
(除了Figure 3-2表中列出的符号名字外,对于name表项的已经存在的同意形式_name(带一个下划线前缀,上面没有列出来)优先权高于它们的名字。所以,例如,libc中同时包含了getopt和_getopt。)
Of the routines listed above, the following are not defined elsewhere.
(在上面所列的常规函数中,以下几个在其他地方没有被定义。)
int __filbuf(FILE *f);
This function returns the next input character for f, filling
its buffer as appropriate. It returns EOF if an error occurs.
int __flsbuf(int x, FILE *f);
This function flushes the output characters for f as if
putc(x, f) had been called and then appends the value of x to
the resulting output stream. It returns EOF if an error occurs
and x otherwise.
int _xftw(int, char *, int (*)(char *, struct stat *, int), int);
Calls to the ftw(BA_LIB) function are mapped to this function
when applications are compiled. This function is identical to
ftw(BA_LIB), except that _xftw() takes an interposed first
argument, which must have the value 2.
See this chapter’s other library sections for more SVID, ANSI C, and POSIX facilities. See ‘‘System Data
Interfaces’’ later in this chapter for more information.
(要了解更多的关于SVID,ANSI C,POSIX的知识,可看该章节其他的有关库的部分。
该节“System Data Interfaces”后有更多的描述。
Global Data Symbols
The
libc library requires that some global external data symbols be defined
for its routines to work properly. All the data symbols required for
the libsys library must be provided by libc, as well as the data
symbols listed in the table below.
(libc库为了它自己的常规函数能够正常工作 要求一些全局的外部数据符号应该是被定义的。
Libc必须提供 libsys库所必需的所有数据符号,也包括下表所列的数据符号。)
For
formal declarations of the data objects represented by these symbols,
see the System V Interface Definition, Third Edition or the ‘‘Data
Definitions’’ section of Chapter 6 in the appropriate processor
supplement to the System V ABI.
(这些符号描述的数据对象的正式声明,参见System V接口定义,第三版本或者第6章节的数据定义部分(Data Definitions)(在适当的处理器补充System V ABI)。)
For
entries in the following table that are in name - _name form, both
symbols in each pair represent the same data. The underscore synonyms
are provided to satisfy the ANSI C standard.
(下表中的表项具有:name-_name的形式。每一对的两个符号代表了同一数据。带下划线的同义词假设满足ANSI C标准。)
Figure 3-3: l i b c Contents, Global External Data Symbols
getdate_err optarg
_getdate_err opterr
__iob optind
optopt
附:elf文件实际例子
$ more test.c
/* test.c */
#include
int main(int argc, char *argv[])
{
printf("Hello, world
");
return 0;
}
$ gcc -o test test.c
$ ./test
Hello, world
$ readelf -a test
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32 ; e_ident[EI_CLASS]=1
Data: 2's complement, little endian ; e_ident[EI_DATA]=1
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file) ; e_type=2
Machine: Intel 80386 ; e_machine=3
Version: 0x1 ; e_version
Entry point address: 0x8048360 ; e_entry(对应:.text section)
Start of program headers: 52 (bytes into file) ; e_phoff
Start of section headers: 31572 (bytes into file) ; e_shoff
Flags: 0x0 ; e_flags
Size of this header: 52 (bytes) ; e_ehsize
Size of program headers: 32 (bytes) ; e_phentsize
Number of program headers: 6 ; e_phnum
Size of section headers: 40 (bytes) ; e_shentsize
Number of section headers: 30 ; e_shnum
Section header string table index: 27 ; e_shstrndx=27 对应着section header table中的.shstrtab
;
section header table是section header结构的数组,section
头表索引是section头数组的下标值,例如:.dynsym section所对应的section header在section header
table中是第6项,那么.dynsym section的section header index =5 (section
header数组是从0开始计数))
Section Headers:
; sh_name sh_type sh_addr sh_offset sh_size sh_entsize sh_flags sh_link sh_info sh_addralign
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .interp PROGBITS 080480f4 0000f4 000013 00 A 0 0 1
[ 2] .note.ABI-tag NOTE 08048108 000108 000020 00 A 0 0 4
[ 3] .hash HASH 08048128 000128 000034 04 A 4 0 4
[ 4] .dynsym DYNSYM 0804815c 00015c 000080 10 A 5 1 4
[ 5] .dynstr STRTAB 080481dc 0001dc 000095 00 A 0 0 1
[ 6] .gnu.version VERSYM 08048272 000272 000010 02 A 4 0 2
[ 7] .gnu.version_r VERNEED 08048284 000284 000030 00 A 5 1 4
[
8] .rel.got REL 080482b4 0002b4 000008 08 A 4 13 4 (sh_link=4
表示相关的符号表是.dynsym section; sh_info=13是16进制,即10进制的19,对应了.got section)
[
9] .rel.plt REL 080482bc 0002bc 000028 08 A 4 b 4 (sh_link=4
表示相关的符号表是.dynsym section; sh_info=b 是16进制,即10进制的11,对应了.plt section)
[10] .init PROGBITS 080482e4 0002e4 000018 00 AX 0 0 4
[11] .plt PROGBITS 080482fc 0002fc 000060 04 AX 0 0 4
[12] .text PROGBITS 08048360 000360 0002e0 00 AX 0 0 16
[13] .fini PROGBITS 08048640 000640 00001e 00 AX 0 0 4
[14] .rodata PROGBITS 08048660 000660 00001e 00 A 0 0 4
[15] .data PROGBITS 08049680 000680 005024 00 WA 0 0 4
[16] .eh_frame PROGBITS 0804e6a4 0056a4 000004 00 WA 0 0 4
[17] .ctors PROGBITS 0804e6a8 0056a8 000008 00 WA 0 0 4
[18] .dtors PROGBITS 0804e6b0 0056b0 000008 00 WA 0 0 4
[19] .got PROGBITS 0804e6b8 0056b8 000024 04 WA 0 0 4
[20] .dynamic DYNAMIC 0804e6dc 0056dc 0000a0 08 WA 5 0 4
[21] .sbss PROGBITS 0804e77c 00577c 000000 00 W 0 0 1
[22] .bss NOBITS 0804e77c 00577c 000018 00 WA 0 0 4
[23] .stab PROGBITS 00000000 00577c 0007a4 0c 24 0 4
[24] .stabstr STRTAB 00000000 005f20 001985 00 0 0 1
[25] .comment PROGBITS 00000000 0078a5 00014d 00 0 0 1
[26] .note NOTE 00000000 0079f2 000078 00 0 0 1
[27] .shstrtab STRTAB 00000000 007a6a 0000e9 00 0 0 1
[28] .symtab SYMTAB 00000000 008004 000500 10 29 3b 4
[29] .strtab STRTAB 00000000 008504 000238 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
Program Headers: ;对可执行文件,共有六个"程序段"
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x08048034 0x08048034 0x000c0 0x000c0 R E 0x4 ; "PHDR类型程序段"指向程序头表自身
INTERP
0x0000f4 0x080480f4 0x080480f4 0x00013 0x00013 R 0x1 ;
"INTERP类型程序段"只包含了一个 .interp secion,.interp
secion同时也属于"正文程序段",是包含在"正文程序段"中一起被装入内存的,所以"INTERP程序段"的基地址是和"正文程序段"的基地址相等
的:0x08048000。)
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD
0x000000 0x08048000 0x08048000 0x0067e 0x0067e R E 0x1000 ;
"LOAD类型正文程序段"
(LOAD:表示运行之前此程序段需要被载入内存;VirtAddr=0x08048000表示此程序段所包含的所有sections从虚拟地址
0x08048000为起点陆续载入内存;LOAD类型程序段的基地址必须是0x1000的倍数而且是和载入地址最接近的值,所以"正文程序段"的基地址
是0x08048000;Offset=0 表示"载入地址"相对于"基地址"的偏移为0)
LOAD 0x000680 0x08049680
0x08049680 0x050fc 0x05114 RW 0x1000 ; "LOAD类型数据程序段"
(LOAD:表示运行之前此程序段需要被载入内存;VirtAddr=0x08049680表示此程序段所包含的所有sections从虚拟地址
0x08049680为起点陆续载入内存;LOAD类型程序段的基地址必须是0x1000的倍数而且是和载入地址最接近的值,所以"数据程序段"的基地址
是0x08049000;Offset=0x000680 表示"载入地址"相对于"基地址"的偏移为0x000680)
DYNAMIC
0x0056dc 0x0804e6dc 0x0804e6dc 0x000a0 0x000a0 RW 0x4 ; "DYNAMIC类型程序段":
给出动态连接信息 (DYNAMIC segment 中只包含了一个 .dynamic section,.dynamic
secion同时也属于"数据程序段",是包含在"数据程序段"中一起被装入内存的,所以"DYNAMIC程序段"的基地址是和"数据程序段"的基地址相
等的:0x08049000。)
NOTE 0x000108 0x08048108 0x08048108 0x00020 0x00020
R 0x4 ; "NOTE类型程序段": 给出辅助信息 (NOTE segment 中只包含了一个 .note.ABI-tag
section,.note.ABI-tag
section同时也属于"正文程序段",是包含在"正文程序段"中一起被装入内存的,所以"NOTE程序段"的基地址是和"正文程序段"的基地址相等
的:0x08048000。)
Section to Segment mapping: ;下表描述每个"程序段"里面包含的sections
Segment Sections...
00 ("PHDR类型程序段"指向程序头表自身,没有相对应的section)
01 .interp ("INTERP类型程序段"中只包含了一个 .interp section)
02
.interp .note.ABI-tag .hash .dynsym .dynstr .gnu.version .gnu.version_r
.rel.got .rel.plt .init .plt .text .fini .rodata
("正文程序段"中包含:.interp等14个sections)
03 .data .eh_frame .ctors .dtors .got .dynamic .bss ("数据程序段"中包含:.data 等7个 sections)
04 .dynamic ("DYNAMIC类型程序段"中只包含了一个 .dynamic section)
05 .note.ABI-tag ("NOTE类型程序段"中只包含了一个 .note.ABI-tag section)
Dynamic segment at offset 0x56dc contains 20 entries: (DYNAMIC segment 中只包含了一个 .dynamic section)
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000c (INIT) 0x80482e4
0x0000000d (FINI) 0x8048640
0x00000004 (HASH) 0x8048128
0x00000005 (STRTAB) 0x80481dc
0x00000006 (SYMTAB) 0x804815c
0x0000000a (STRSZ) 127 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000015 (DEBUG) 0x0
0x00000003 (PLTGOT) 0x804e6b8
0x00000002 (PLTRELSZ) 40 (bytes)
0x00000014 (PLTREL) REL
0x00000017 (JMPREL) 0x80482bc
0x00000011 (REL) 0x80482b4
0x00000012 (RELSZ) 8 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x6ffffffe (VERNEED) 0x8048284
0x6fffffff (VERNEEDNUM) 1
0x6ffffff0 (VERSYM) 0x8048272
0x00000000 (NULL) 0x0
Relocation section '.rel.got' at offset 0x2b4 contains 1 entries:
Offset Info Type Symbol's Value Symbol's Name
0804e6d8 00706 R_386_GLOB_DAT 00000000 __gmon_start__
Relocation section '.rel.plt' at offset 0x2bc contains 5 entries:
Offset Info Type Symbol's Value Symbol's Name
0804e6c4 00107 R_386_JUMP_SLOT 0804830c __register_frame_info
0804e6c8 00207 R_386_JUMP_SLOT 0804831c __deregister_frame_info
0804e6cc 00307 R_386_JUMP_SLOT 0804832c __libc_start_main
0804e6d0 00407 R_386_JUMP_SLOT 0804833c printf
0804e6d4 00507 R_386_JUMP_SLOT 0804834c __cxa_finalize
There are no unwind sections in this file.
Symbol table '.dynsym' contains 8 entries:
; st_value st_size ELF32_ST_TYPE ELF32_ST_BIND st_info st_shndx st_name
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 0804830c 129 FUNC WEAK DEFAULT UND __register_frame_info@GLIBC_2.0 (2)
2: 0804831c 172 FUNC WEAK DEFAULT UND __deregister_frame_info@GLIBC_2.0 (2)
3: 0804832c 198 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.0 (2)
4: 0804833c 46 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.0 (2)
5: 0804834c 129 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.1.3 (3)
6: 08048664 4 OBJECT GLOBAL DEFAULT 14 _IO_stdin_used
7: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
Symbol table '.symtab' contains 80 entries:
; st_value st_size ELF32_ST_TYPE ELF32_ST_BIND st_info st_shndx st_name
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 080480f4 0 SECTION LOCAL DEFAULT 1 (系统符号表中 1-29项是29个sections的对应符号值)
2: 08048108 0 SECTION LOCAL DEFAULT 2
3: 08048128 0 SECTION LOCAL DEFAULT 3
4: 0804815c 0 SECTION LOCAL DEFAULT 4
5: 080481dc 0 SECTION LOCAL DEFAULT 5
6: 08048272 0 SECTION LOCAL DEFAULT 6
7: 08048284 0 SECTION LOCAL DEFAULT 7
8: 080482b4 0 SECTION LOCAL DEFAULT 8
9: 080482bc 0 SECTION LOCAL DEFAULT 9
10: 080482e4 0 SECTION LOCAL DEFAULT 10
11: 080482fc 0 SECTION LOCAL DEFAULT 11
12: 08048360 0 SECTION LOCAL DEFAULT 12
13: 08048640 0 SECTION LOCAL DEFAULT 13
14: 08048660 0 SECTION LOCAL DEFAULT 14
15: 08049680 0 SECTION LOCAL DEFAULT 15
16: 0804e6a4 0 SECTION LOCAL DEFAULT 16
17: 0804e6a8 0 SECTION LOCAL DEFAULT 17
18: 0804e6b0 0 SECTION LOCAL DEFAULT 18
19: 0804e6b8 0 SECTION LOCAL DEFAULT 19
20: 0804e6dc 0 SECTION LOCAL DEFAULT 20
21: 0804e77c 0 SECTION LOCAL DEFAULT 21
22: 0804e77c 0 SECTION LOCAL DEFAULT 22
23: 00000000 0 SECTION LOCAL DEFAULT 23
24: 00000000 0 SECTION LOCAL DEFAULT 24
25: 00000000 0 SECTION LOCAL DEFAULT 25
26: 00000000 0 SECTION LOCAL DEFAULT 26
27: 00000000 0 SECTION LOCAL DEFAULT 27
28: 00000000 0 SECTION LOCAL DEFAULT 28
29: 00000000 0 SECTION LOCAL DEFAULT 29
30: 00000000 0 FILE LOCAL DEFAULT ABS initfini.c
31: 08048384 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
32: 08048384 0 FUNC LOCAL DEFAULT 12 call_gmon_start
33: 00000000 0 FILE LOCAL DEFAULT ABS init.c
34: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
35: 080483b0 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
36: 08049688 0 OBJECT LOCAL DEFAULT 15 p.0
37: 0804e6b0 0 OBJECT LOCAL DEFAULT 18 __DTOR_LIST__
38: 0804968c 0 OBJECT LOCAL DEFAULT 15 completed.1
39: 080483b0 0 FUNC LOCAL DEFAULT 12 __do_global_dtors_aux
40: 0804e6a4 0 OBJECT LOCAL DEFAULT 16 __EH_FRAME_BEGIN__
41: 08048410 0 FUNC LOCAL DEFAULT 12 fini_dummy
42: 0804e77c 24 OBJECT LOCAL DEFAULT 22 object.2
43: 08048420 0 FUNC LOCAL DEFAULT 12 frame_dummy
44: 08048450 0 FUNC LOCAL DEFAULT 12 init_dummy
45: 08049690 0 OBJECT LOCAL DEFAULT 15 force_to_data
46: 0804e6a8 0 OBJECT LOCAL DEFAULT 17 __CTOR_LIST__
47: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
48: 08048600 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
49: 08048600 0 FUNC LOCAL DEFAULT 12 __do_global_ctors_aux
50: 0804e6ac 0 OBJECT LOCAL DEFAULT 17 __CTOR_END__
51: 08048630 0 FUNC LOCAL DEFAULT 12 init_dummy
52: 0804e6a4 0 OBJECT LOCAL DEFAULT 15 force_to_data
53: 0804e6b4 0 OBJECT LOCAL DEFAULT 18 __DTOR_END__
54: 0804e6a4 0 OBJECT LOCAL DEFAULT 16 __FRAME_END__
55: 00000000 0 FILE LOCAL DEFAULT ABS initfini.c
56: 08048640 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
57: 00000000 0 FILE LOCAL DEFAULT ABS debug1.c
58: 08048460 0 NOTYPE LOCAL DEFAULT 12 gcc2_compiled.
59: 0804e6dc 0 OBJECT GLOBAL DEFAULT 20 _DYNAMIC
60: 0804830c 129 FUNC WEAK DEFAULT UND __register_frame_info@@GLIBC_2.0
61: 08048660 4 NOTYPE GLOBAL DEFAULT 14 _fp_hw
62: 080482e4 0 FUNC GLOBAL DEFAULT 10 _init
63: 0804831c 172 FUNC WEAK DEFAULT UND __deregister_frame_info@@GLIBC_2.0
64: 08048460 303 FUNC GLOBAL DEFAULT 12 sort
65: 08048360 0 FUNC GLOBAL DEFAULT 12 _start
66: 0804e77c 0 OBJECT GLOBAL DEFAULT ABS __bss_start
67: 08048590 110 FUNC GLOBAL DEFAULT 12 main
68: 0804832c 198 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.0
69: 08049680 0 NOTYPE WEAK DEFAULT 15 data_start
70: 0804833c 46 FUNC GLOBAL DEFAULT UND printf@@GLIBC_2.0
71: 08048640 0 FUNC GLOBAL DEFAULT 13 _fini
72: 0804834c 129 FUNC WEAK DEFAULT UND __cxa_finalize@@GLIBC_2.1.3
73: 08049690 20500 OBJECT GLOBAL DEFAULT 15 array
74: 0804e77c 0 OBJECT GLOBAL DEFAULT ABS _edata
75: 0804e6b8 0 OBJECT GLOBAL DEFAULT 19 _GLOBAL_OFFSET_TABLE_
76: 0804e794 0 OBJECT GLOBAL DEFAULT ABS _end
77: 08048664 4 OBJECT GLOBAL DEFAULT 14 _IO_stdin_used
78: 08049680 0 NOTYPE GLOBAL DEFAULT 15 __data_start
79: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
Histogram for bucket list length (total of 3 buckets):
Length Number % of total Coverage
0 0 ( 0.0%)
1 1 ( 33.3%) 14.3%
2 0 ( 0.0%) 14.3%
3 2 ( 66.7%) 100.0%
Version symbols section '.gnu.version' contains 8 entries:
Addr: 0000000008048272 Offset: 0x000272 Link: 4 (.dynsym)
000: 0 (*local*) 2 (GLIBC_2.0) 2 (GLIBC_2.0) 2 (GLIBC_2.0)
004: 2 (GLIBC_2.0) 3 (GLIBC_2.1.3) 1 (*global*) 0 (*local*)
Version needs section '.gnu.version_r' contains 1 entries:
Addr: 0x0000000008048284 Offset: 0x000284 Link to section: 5 (.dynstr)
000000: Version: 1 File: libc.so.6 Cnt: 2
0x0010: Name: GLIBC_2.1.3 Flags: none Version: 3
0x0020: Name: GLIBC_2.0 Flags: none Version: 2
说明:在此感谢alert7,辛辛等高手,我是参照他们的中文翻译继续工作的。另外alert7的另一篇文章《elf动态解析符号过程》也对学习elf很有帮助,有兴趣的可以看看。
文
档中红色的表示:重点注意的或有疑问的内容。兰色是一些英文标准翻译。有些意义搞不懂的地方,在末尾加了??。本文档可任意传播修改,但请本着认真的态度
修改,以利广大网友学习。因水平有限,也花了不少精力,但目前暂时没有时间继续下去,希望广大爱好者继续完善它。也衷心希望网络上有更多更精的技术文档,
为我们的自由软件技术多尽一份力。 :)
