How to access an applications ELF program header and ELF section header at runtime
Bharath Ramesh
bramesh@vt.edu
Wed Jan 6 17:17:00 GMT 2010
On Tue, Jan 05, 2010 at 06:27:51PM -0500, Mike Frysinger wrote:
> On Tuesday 05 January 2010 17:51:24 Bharath Ramesh wrote:
> > I am trying to understand the format of /proc/self/maps. From looking at
> > the map and the section headers from objdump of the application I have
> > some understanding. It would be great if I someone can correct me if I
> > am wrong.
> >
> > 00400000-00401000 r-xp 00000000 08:02
> > 5669441 /home/bharath/Research/code/test/globals/maps 00600000-00601000
> > r--p 00000000 08:02 5669441 /home/bharath/Research/code/test/globals/maps
> > 00601000-00602000 rw-p 00001000 08:02
> > 5669441 /home/bharath/Research/code/test/globals/maps 01e66000-01e88000
> > rw-p 00000000 00:00 0 [heap]
> > <snip>
> >
> > My understanding is as follows:
> >
> > 1) Line 1 would be the mapping for the .text section of the application
> > since it is read-only and executable.
> > 2) Line 2 would be something to .got and other sections as it is
> > read-only.
> > 3) Line 3 corresponds to .data & .bss.
>
> maps are created based on ELF PHDRs, not sections. look at the LOAD lines in
> `readelf -l` on your binary.
Thanks for this information. I am trying to understand how the maps are
created based on the load lines.
readelf -l ./maps:
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040 0x00000000000001f8 0x00000000000001f8 R E 8
INTERP 0x0000000000000238 0x0000000000400238 0x0000000000400238 0x000000000000001c 0x000000000000001c R 1
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000 0x0000000000000904 0x0000000000000904 R E 200000
LOAD 0x0000000000000df8 0x0000000000600df8 0x0000000000600df8 0x000000000000022c 0x0000000000000248 RW 200000
DYNAMIC 0x0000000000000e20 0x0000000000600e20 0x0000000000600e20 0x00000000000001c0 0x00000000000001c0 RW 8
maps:
00400000-00401000 r-xp 00000000 08:02 5669206 /home/bharath/Research/code/test/globals/maps
00600000-00601000 r--p 00000000 08:02 5669206 /home/bharath/Research/code/test/globals/maps
00601000-00602000 rw-p 00001000 08:02 5669206 /home/bharath/Research/code/test/globals/maps
01818000-0183a000 rw-p 00000000 00:00 0 [heap]
From the above I can understand that line 1 of maps comes from the first
load line. But I am not able to understand how lines 2 and 3 of maps are
generated from the second load line. Any help on understanding this is
appreciated.
Regards,
Bharath
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2245 bytes
Desc: not available
URL: <http://sourceware.org/pipermail/libc-help/attachments/20100106/dbad4c3f/attachment.bin>
More information about the Libc-help
mailing list