0

I was analyzing an ELF Executable with readelf and getting the following Program and header. 

|Type         | Offset   | VirtAddr   | PhysAddr   | FileSiz | MemSiz  | Flg | Align | size | start addr | end addr |
|PHDR         | 0x000034 | 0x08048034 | 0x08048034 | 0x00120 | 0x00120 | R E | 0x4 | 288 | 52 | 340 |
|INTERP       | 0x000154 | 0x08048154 | 0x08048154 | 0x00013 | 0x00013 | R   | 0x1 | 19 | 340 | 359 |
|LOAD         | 0x000000 | 0x08048000 | 0x08048000 | 0x00600 | 0x00600 | RE  | 0x1000 | 1536 | 0 | 1536 |
|LOAD         | 0x000f0c | 0x08049f0c | 0x08049f0c | 0x0010c | 0x00114 | RW  | 0x1000 | 276 | 3852 | 4128 |
|DYNAMIC      | 0x000f14 | 0x08049f14 | 0x08049f14 | 0x000e8 | 0x000e8 | RW  | 0x4 | 232 | 3860 | 4092 |
|NOTE         | 0x000168 | 0x08048168 | 0x08048168 | 0x00044 | 0x00044 | R   | 0x4 | 68 | 360 | 428 |
|GNU_EH_FRAME | 0x0004c4 | 0x080484c4 | 0x080484c4 | 0x0003c | 0x0003c | R   | 0x4 | 60 | 1220 | 1280 |
|GNU_STACK    | 0x000000 | 0x00000000 | 0x00000000 | 0x00000 | 0x00000 | RW  | 0x10 |  |  |  |
|GNU_RELRO    | 0x000f0c | 0x08049f0c | 0x08049f0c | 0x000f4 | 0x000f4 | R   | 0x1 | 244 | 3852 | 4096 |

1). Why is GNU_STACK at Program header table doesn't have a size or start addr?

2). At layout why memory position from 1536 to 3852 (2316 bytes) have no information? What this space is used for?

3). What changes to this format are needed to add extra text section?

Employed Russian
  • 199,314
  • 34
  • 295
  • 362
Wicky
  • 44
  • 5
  • Do you have a reference for the ELF header structure you're working from? – tadman Jun 02 '18 at 02:57
  • What is meant by reference? The executable i am using is a simple echo c program. – Wicky Jun 02 '18 at 03:13
  • I mean as in a manual or technical documentation that describes the format. You can't just intuit your way through here, or at least you shouldn't because this format was invented by the Linux community and has documentation. – tadman Jun 02 '18 at 03:14
  • ELF file may contain 1 or more physical headers. My question is about the empty space in between. I understand there could be empty spaces between sections due to alignment. But this particular space (1536 to 3852) is not described by either section/program header tables. – Wicky Jun 02 '18 at 03:19

0 Answers0