5

simple C file:

#include <stdio.h>
int main(){
    printf("Hello World");
    return 0;
}

after compile the code, using readelf -a a.out, elf info is follow:

elf program headers, segment info

Questions:

  1. several sections appear in different segments, like interp section both in 2nd and 3rd segment. how can a section appear in more than one segments?
  2. the 2nd segment's address is from 0x8048134 but 3rd LOAD segment starts from 0x8048000 with 0x004d0 memsize. then the two segment overlap? How can two segments overlap in memory?
  3. why the program header's offset and viraddr must be congurent modulo the page size?
Employed Russian
  • 199,314
  • 34
  • 295
  • 362
bluesea
  • 429
  • 4
  • 9

2 Answers2

6

You may have garbage in the section table or it may be missing completely. All that matters to the dynamic loader is the segment table (program headers), and even then, only the PT_LOAD segments should not overlap*. The other kinds of segments (INTERP, DYNAMIC etc) provide additional info for the loader and usually refer to some parts of the LOAD segments.

*Here's what the spec says:

PT_LOAD The array element specifies a loadable segment, described by p_filesz and p_memsz. The bytes from the file are mapped to the beginning of the memory segment. If the segment's memory size (p_memsz) is larger than the file size (p_filesz), the "extra" bytes are defined to hold the value 0 and to follow the segment's initialized area. The file size may not be larger than the memory size. Loadable segment entries in the program header table appear in ascending order, sorted on the p_vaddr member.

As you can see, there's no mention of overlapping, so it does not seem to be forbidden, although I don't think I've seen any files with overlapping PT_LOAD segments.

Igor Skochinsky
  • 24,629
  • 2
  • 72
  • 109
  • The spec only says that segments must appear in `p_vaddr` order. In my understanding, this doesn't mean that they can't overlap, but it means that higher segments take precedence over earlier ones if they do. – zneak Jan 09 '15 at 20:18
  • Yes, that's what I said in my last paragraph. – Igor Skochinsky Jan 09 '15 at 21:40
-3
  1. several sections appear in different segments, like interp section both in 2nd and 3rd segment.

So?

how can a section appear in more than one segments?

Why not?

A section will not appear in more than one PT_LOAD segment, but there is nothing wrong with .interp appearing in both a PT_LOAD and a PT_INTERP.

  1. How can two segments overlap in memory?

Again, why not?

  1. why the program header's offset and viraddr must be congurent modulo the page size?

Because otherwise it would be impossible to mmap the segment and have it appear at virtaddr.

Employed Russian
  • 199,314
  • 34
  • 295
  • 362
  • 24
    Is it still an answer when it contains *more* question marks than the question? – Hans Passant Jun 03 '12 at 21:19
  • 16
    There's an expectation that things that are obvious to *you* should be easy to explain to somebody who *doesn't* have the same insight. You didn't particularly succeed at that. In fact, it sounds like you don't actually know the answer. Surely you can post a better answer if you do? At least explain how segments and sections are correlated. – Hans Passant Jun 03 '12 at 21:57
  • @HansPassant I don't know how to answer better because I can't guess which of many possible misconceptions OP has, and so don't know which one(s) to dispell. "How segments and sections are correlated" -- a section may appear in 0, 1 or more segments. A loadable section will appear in exactly 1 `PT_LOAD` segment (but may appear in other segments). Did this help? (I don't expect it did, but I really don't understand what question about segments and sections you are asking.) – Employed Russian Jun 03 '12 at 22:25
  • @HansPassant Oh, and a segment may contain 0, 1, or more sections. A `PT_LOAD` segment will contain at least 1 section. – Employed Russian Jun 03 '12 at 22:27
  • So the segment just tells the loader where to find the corresponding info in the memory and file. Is that right? By the way, could recommend any resources on this area? – bluesea Jun 04 '12 at 02:48
  • But the INTERP segment's flag is R, and the text LOAD segment's flag is RE. Each single page in memory should not have content of different flags. How to explain the contradiction?(I get this info because the data segment sometimes start from another page, even though the space left in text is enough) – bluesea Jun 06 '12 at 05:44
  • @bluesea "How to explain the contradiction" There is *no* contradiction: only `PT_LOAD` segments describe how to `mmap` memory. `PT_INTERP` can have arbitrary flags, they don't matter. The glibc loader doesn't even look at `PT_INTERP`, only the kernel does (this is true only as a first-order approximation). – Employed Russian Jun 06 '12 at 05:59
  • Why only with same value modulo page size ,can mmap the segment into memory? I got some info about this: mmap try to put the segment twice, first time right next to the last segment, then second piece of segment would appear at the virtual addr which is same with offset modulo the page size. Am I right? If so, why mmap try to fill the same segment into memory twice? – bluesea Jun 07 '12 at 04:18