extract ELF load address with binutils?
Radouch, Zdenek
zradouch@irobot.com
Tue Mar 18 17:02:00 GMT 2014
I am writing a firmware updater that takes an ELF executable and needs to extract the RAM data
and the address to where the data should be loaded. I create the data chunk with objcopy -O binary,
and need the address of the first section that went into that chunk. I'd like to do that
from a shell script invoking binutils (rather than writing my own version of a binutil),
but can't figure out how. My first intuitive solution "readelf -l" does not work at all.
Here is an example file (b2.axf) I get from my vendor.
[the file represents a RAM image with 3032 bytes @ 0x15f000]
$ file b2.axf
b2.axf: ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, not stripped
$ arm-none-eabi-size b2.axf
text data bss dec hex filename
3028 4 2052 5084 13dc b2.axf
$ arm-none-eabi-objcopy -O binary b2.axf xxx
$ wc -c xxx
3032 xxx
$
So far, all is well. I got my 3032-byte chunk of data and confirmed
its size (3028 text + 4 data). The question is where is this chunk loaded?
$ arm-none-eabi-readelf -l b2.axf
Elf file type is EXEC (Executable file)
Entry point 0x15f001
There are 2 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x00158000 0x00158000 0x07bd8 0x07bd8 RWE 0x8000
LOAD 0x00f000 0x2001f000 0x2001f000 0x00000 0x00804 RW 0x8000
Section to Segment mapping:
Segment Sections...
00 .text .data
01 .bss .main_stack
$
I don't understand the purpose of this output; it appears (certainly from the loading
perspective) wrong, as the second segment should not be loaded at all, and the first
one includes some 28k of alignment-related padding loaded at addresses that may not
even exist (0x158000) within the hardware.
Clearly, the ELF file has what I need: the Addr field of the .text section ([1])
is the load address. See below
$
$ arm-none-eabi-readelf -S b2.axf
There are 18 section headers, starting at offset 0x246a4:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 0015f000 007000 000bd4 00 AX 0 0 4
[ 2] .data PROGBITS 0015fbd4 007bd4 000004 00 WA 0 0 4
[ 3] .bss NOBITS 2001f000 00f000 000004 00 WA 0 0 4
[ 4] .main_stack NOBITS 2001f004 00f000 000800 00 WA 0 0 1
[ 5] .debug_info PROGBITS 00000000 007bd8 00e4e3 00 0 0 1
[ 6] .debug_abbrev PROGBITS 00000000 0160bb 001a2a 00 0 0 1
[ 7] .debug_loc PROGBITS 00000000 017ae5 002e67 00 0 0 1
[ 8] .debug_aranges PROGBITS 00000000 01a94c 000690 00 0 0 1
[ 9] .debug_ranges PROGBITS 00000000 01afdc 000688 00 0 0 1
[10] .debug_line PROGBITS 00000000 01b664 0025eb 00 0 0 1
[11] .debug_str PROGBITS 00000000 01dc4f 005aeb 01 MS 0 0 1
[12] .comment PROGBITS 00000000 02373a 000030 01 MS 0 0 1
[13] .ARM.attributes ARM_ATTRIBUTES 00000000 02376a 000033 00 0 0 1
[14] .debug_frame PROGBITS 00000000 0237a0 000e4c 00 0 0 4
[15] .shstrtab STRTAB 00000000 0245ec 0000b7 00 0 0 1
[16] .symtab SYMTAB 00000000 024974 000bf0 10 17 142 4
[17] .strtab STRTAB 00000000 025564 0003aa 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
$
The question is can I somehow convince one of the binutils to give me the load address alone,
so that I don't have to invent an algorithm extracting the address from the section dump?
Thanks,
-Z
More information about the Binutils
mailing list