Problem with elf header

Nick Clifton nickc@redhat.com
Mon Feb 20 14:21:00 GMT 2006 

Hi Sandeep,

>>> I am trying to access the header with this piece of code,
>>> Its working fine for most of the executables but for the few above
>>> mentioned application, its returning zero.
>>>
>>>   Elf32_Ehdr* self = (Elf32_Ehdr *)0x8048000;
>>>     ptr=(int *)self->e_entry;
>> Why are you assuming that the header will always be at address
>> 0x80480000 ?  Perhaps for the applications you mention it is at some
>> other address ?

> But sir this address varies from application to application, how can
> we find a general way to get the program load address, is it present
> somewhere in the elf header ?

(I assume that you mean the "e_entry" field in the ELF header, not the 
program's load address.  The load address is rarely the same as the 
e_entry address, and given the possibility of overlays, dynamically 
relocated code and so on, the load address can be quite hard to compute).

This is a little bit tricky.  I assume that we are talking from the 
point of view of a piece of executing code that wants to discover its 
own e_entry address ?  (If we are talking about a piece of code that 
wants to discover the e_entry address for another program then all that 
it needs to do is read the ELF header from the start of that program's 
executable file).

If the code can find out the name of the executable file that created it 
then it may be able to read this file off disk and so find the ELF 
header that way.  Note however that it is not guaranteed that the code 
will be able to read the file.  The program may have changed its access 
privileges before getting to the self discovery code.  A good place to 
look for the name of the executable is in argv[0] if that is available.

If the code cannot find or access the file on disk, then it is probably 
thwarted.  Possibly the operating system may provide a system call that 
will allow access to this information.  It might also be possible to 
scan through the program's memory space looking for the magic bytes that 
make up the start of an ELF header.  The header *might* have been loaded 
into memory and it *might* be accessible.

Cheers
   Nick

More information about the Binutils mailing list