The information about a function size is stored in the ELF Attributes for the corresponding symbol (name). C example code how to parse this programmatically is at the bottom of the Solaris manpage forgelf_getsym(3ELF) (libelf does exist in Linux, *BSD and MacOS as well, you need to look for the st_size field of the GElf_Sym … Read more
This optimization has since been implemented in GCC. It can be enabled with the -fno-plt option and the noplt function attribute: Do not use the PLT for external function calls in position-independent code. Instead, load the callee address at call sites from the GOT and branch to it. This leads to more efficient code by … Read more
If you don’t mind changing your source file just once, add something like this: const volatile static char version[] = VERSION; and compile with: gcc -c -DVERSION='”1.2.3″‘ The volatile keeps gcc from removing the string at higher optimization levels. As written, this won’t compile if you forget the -D option, which may be either good … Read more
What is a DSO? A DSO is a Dynamic Shared Object, or less formally a shared library. What is a hidden symbol? A hidden symbol is a symbol (i.e. name of function or data object) that has been compiled with hidden linkage, e.g. as per the (GCC specific) declaration: int x __attribute__ ((visibility (“hidden”))); If … Read more
Here are some projects you might find useful: Statifier (basically does what you want) ERESI (might do what you want, also allows for analysis of ELF targets) NOTE: I’ve not used either application myself.
Why objdump -s does not shows these sections ? Objdump is based on libbfd, which abstracts away many complexities of ELF, and was written when objects tended to only have three sections. As such, objdump is quite deficient. In addition to not showing you (some) existing sections, it may also “synthesize” sections that don’t exist … Read more
Should I cast my shstrab into a Elf64_Sym so that I can use the st_name? No. Here is the loop you want: Elf64_Sym *sym = (Elf64_Sym*) (data + symtab->sh_offset); str = (char*) (data + strtab->sh_offset); for (size_t i = 0; i < symtab->sh_size / sizeof(Elf64_Sym); i++) { printf(“%s\n”, str + sym[i].st_name); }
// file a.c // file-scope int a = 0; // goes into BSS after compilation of a.c into object file a.o, a symbol goes into BSS section. // file b.c // file-scope int b; // goes into COMMON section after compilation of b.c into object file b.o, b symbol goes into COMMON section. After linking … Read more
In the general sense, mprotect is the perferred choice (on POSIX conforming systems) under sys/mman.h (check http://linux.die.net/man/2/mprotect). Simply get the address and system page count of the executable section of your process and call mprotect to request permission permissions; write to it; then, call mprotect again to release write permission. However, if this is meant … Read more
The start address is usually set by a linker script. For example, on GNU/Linux, looking at /usr/lib/ldscripts/elf_x86_64.x we see: … PROVIDE (__executable_start = SEGMENT_START(“text-segment”, 0x400000)); \ . = SEGMENT_START(“text-segment”, 0x400000) + SIZEOF_HEADERS; The value 0x400000 is the default value for the SEGMENT_START() function on this platform. You can find out more about linker scripts by … Read more