Hosted by the courtesy of  
Free Website Hosting 
The stars ASAP english francais spanish arab
Durée du voyage intersidéral francais
Résolutions de l'ONU en HTML francais
Bussard Ramjet english francais
DWARF : dwarf2xml english
ELF : libelf examples english
Code presentation : ctoohtml english

Author : Emmanuel Azencot
Création : Fri Nov 16 16:38:21 CET 2007
Last update : Sun Nov 22 20:39:05 CET 2009

Libelf sample programs

At the time I have writen a simple object relocation program (elf_obj_loc.c), I have found very few code dealing with Elf format with libelf and gelf. One of them was the excelent libelf by Example writen by Joseph Koshy. I hope these two libelf code example will help.

The first source example is a demo that copies an elf to an new one. The result it produce from a running executable is an non-running Elf executable.

elf_copy.c (source file) (build : gcc -o elf_copy -lelf elf_copy.c)
The second also produce non-running Elf executable, but this time the result is more usefull. The only Elf type it accepts is relocatable object from which it produces a new Elf that can be used with a disassembler, like objdump. As a trivial link pass have been done on the result, objdump is fed with adresses synchronized with symbol table and can thus produce a far better output.
elf_obj_loc.c (souce file) (build : gcc -o elf_obj_loc -lelf elf_obj_loc.c)
Example :
Compile the file sample.c (source file) (build : gcc -c -o sample.o sample.c)

And have a look on objdump disassembly output :

shell$ > objdump -d sample.o

sample.o: file format elf32-i386

Disassembly of section .text:

00000000 <whois>:
0: 55 push %ebp
1: 89 e5 mov %esp,%ebp

3: a1 00 00 00 00 mov 0x0,%eax
variable "who"
8: 5d pop %ebp
9: c3 ret

0000000a <what>:
a: 55 push %ebp
b: 89 e5 mov %esp,%ebp

d: a1 00 00 00 00 mov 0x0,%eax
variable "hello"
12: 5d pop %ebp
13: c3 ret

00000014 <main>:
14: 8d 4c 24 04 lea 0x4(%esp),%ecx
18: 83 e4 f0 and $0xfffffff0,%esp
1b: ff 71 fc pushl 0xfffffffc(%ecx)
1e: 55 push %ebp
1f: 89 e5 mov %esp,%ebp
21: 53 push %ebx
22: 51 push %ecx
23: 83 ec 10 sub $0x10,%esp

26: e8 fc ff ff ff call 27 <main+0x13>
defined function (whois)
2b: 89 c3 mov %eax,%ebx

2d: e8 fc ff ff ff call 2e <main+0x1a>
defined function (what)
32: 89 5c 24 08 mov %ebx,0x8(%esp)
36: 89 44 24 04 mov %eax,0x4(%esp)
3a: c7 04 24 0c 00 00 00 movl $0xc,(%esp)

41: e8 fc ff ff ff call 42 <main+0x2e>
undefine function (printf)
46: b8 00 00 00 00 mov $0x0,%eax
4b: 83 c4 10 add $0x10,%esp
4e: 59 pop %ecx
4f: 5b pop %ebx
50: 5d pop %ebp
51: 8d 61 fc lea 0xfffffffc(%ecx),%esp
54: c3 ret


All adresses, including variables and functions, are left unchanged from the binary relocatable object which does not contain an address at all (value is set to 0 for variables and 0xFFFFFFFC for functions).

elf_obj_loc applies .rel sections to the corresponding sections as whould do a linker. In addition, it maps undefined symbols to adress 0x2500000 incrementing by 0x10 at each symbol. The output of objdump clearly shows that it is happier than it was with the raw object.

shell$ > ./elf_obj_loc sample.o sample.reloc
shell$ > objdump -d sample.reloc
sample.reloc: file format elf32-i386

Disassembly of section .text:

08048000 <whois>:
8048000: 55 push %ebp
8048001: 89 e5 mov %esp,%ebp

8048003: a1 5c 80 04 08 mov 0x804805c,%eax
variable who
8048008: 5d pop %ebp
8048009: c3 ret

0804800a <what>:
804800a: 55 push %ebp
804800b: 89 e5 mov %esp,%ebp

804800d: a1 58 80 04 08 mov 0x8048058,%eax
variable hello
8048012: 5d pop %ebp
8048013: c3 ret

08048014 <main>:
8048014: 8d 4c 24 04 lea 0x4(%esp),%ecx
8048018: 83 e4 f0 and $0xfffffff0,%esp
804801b: ff 71 fc pushl 0xfffffffc(%ecx)
804801e: 55 push %ebp
804801f: 89 e5 mov %esp,%ebp
8048021: 53 push %ebx
8048022: 51 push %ecx
8048023: 83 ec 10 sub $0x10,%esp

8048026: e8 d5 ff ff ff call 8048000 <whois>
defined function
804802b: 89 c3 mov %eax,%ebx

804802d: e8 d8 ff ff ff call 804800a <what>
defined function
8048032: 89 5c 24 08 mov %ebx,0x8(%esp)
8048036: 89 44 24 04 mov %eax,0x4(%esp)

804803a: c7 04 24 60 80 04 08 movl $0x8048060,(%esp)

8048041: e8 ca 7f 4b fa call 2500010 <printf>
undefined function
8048046: b8 00 00 00 00 mov $0x0,%eax
804804b: 83 c4 10 add $0x10,%esp
804804e: 59 pop %ecx
804804f: 5b pop %ebx
8048050: 5d pop %ebp
8048051: 8d 61 fc lea 0xfffffffc(%ecx),%esp
8048054: c3 ret



web design : machinman.net all right reserved, update Fri Dec 5 15:56:29 CET 2014

Hosted by the courtesy of  
Free Website Hosting 
The stars ASAP english francais spanish
Durée du voyage intersidéral francais
Résolutions de l'ONU en HTML francais
Bussard Ramjet english francais
DWARF : dwarf2xml english
ELF : libelf examples english
Code presentation : ctoohtml english

































www.000webhost.com