1
[Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
[ 1] .text             PROGBITS        00000000 000034 00002a 00  AX  0   0  4

As above,the segment begin from 0x34 address, but its Al is 4,so it can't be divided by 2**4.

I mean : 0x34 % 16 != 0.So I want to ask why .text segment's address doesn't begin from Integer times of 16.

Ciro Santilli OurBigBook.com
  • 347,512
  • 102
  • 1,199
  • 985
CrystalJake
  • 897
  • 2
  • 10
  • 18

1 Answers1

1

The section header struct looks like this:

typedef struct {
   uint32_t   sh_name;
   uint32_t   sh_type;
   uint32_t   sh_flags;
   Elf32_Addr sh_addr;
   Elf32_Off  sh_offset;
   uint32_t   sh_size;
   uint32_t   sh_link;
   uint32_t   sh_info;
   uint32_t   sh_addralign;
   uint32_t   sh_entsize;
} Elf32_Shdr;

So what you see under the Al column is sh_addralign. Let's look at the description of that member from the elf manpage:

sh_addralign
             Some sections have address alignment constraints.  If a
             section holds a doubleword, the system must ensure
             doubleword alignment for the entire section.  That is, the
             value of sh_addr must be congruent to zero, modulo the
             value of sh_addralign.  Only zero and positive integral
             powers of two are allowed.  Values of zero or one mean the
             section has no alignment constraints.

TL;DR: The alignment constraint shown in the Al column is for Addr (which is aligned in your case since it's zero), not for Off. In other words, it's an alignment constraint for the address where the image is loaded in memory, not for where it's stored in the ELF file.

Michael
  • 57,169
  • 9
  • 80
  • 125
  • Further: sh_offset is the offset in the elf file, not offset in memory. – Chris Desjardins May 24 '13 at 06:37
  • Cool,I understant it.You mean that in my case,al is 4,because addr is 0x0? – CrystalJake May 24 '13 at 07:09
  • Not exactly. `Al` is not 4 _because of_ the value of `Addr` - `Al` is a constraint on `Addr`, not the other way around. And with `Addr == 0` that constraint is met, since `0 % 16 == 0`. – Michael May 24 '13 at 07:28
  • 1
    Also, although the value is constrained to powers of two, it's an actual value not an exponent. So, 4 means 4, not 16. – Chris Stratton May 24 '13 at 14:13
  • I am a little mess, Do you mean that AL is the value which section used for alignment?so when AL is 4, the section is align with 4 bytes,isn't it? – CrystalJake May 27 '13 at 01:10