Location of DW_FORM_strp values

Question

I'm trying to understand where DW_FORM_strp attribute values are actually stored in an ELF file (can be found here: https://filebin.net/77bb8359o0ibqu67).

I've found sections .debug_info, .debug_abbrev and .debug_str. I've then parsed the compilation unit header in .debug_info, and found the abbreviation table entry for the compile unit and iterated over its abbreviations. The first abbreviation is DW_AT_producer with form DW_FORM_strp. What I'm wondering is how to find where this offset is located?

From the DWARF4 spec I read: Each debugging information entry begins with a code that represents an entry in a separate abbreviations table. This code is followed directly by a series of attribute values. My understanding of this is that if I go back to the compilation unit header, skip over its content, I should end up at the compilation unit. It starts with a ULEB128 (which I parse), after which the attribute values should come. However, in my ELF file those bytes are all 0. I've run readelf -w on the file, and I see the following:

Contents of the .debug_info section:

  Compilation Unit @ offset 0x0:
   Length:        0xf6 (32-bit)
   Version:       4
   Abbrev Offset: 0x0
   Pointer Size:  8
 <0><b>: Abbrev Number: 1 (DW_TAG_compile_unit)
    <c>   DW_AT_producer    : (indirect string, offset: 0x62): GNU C11 7.5.0 -mtune=generic -march=x86-64 -g -O0 -fstack-protector-strong
    <10>   DW_AT_language    : 12   (ANSI C99)
    <11>   DW_AT_name        : (indirect string, offset: 0xd9): elf.c
    <15>   DW_AT_comp_dir    : (indirect string, offset: 0xad): /home//struct_analyzer
    <19>   DW_AT_low_pc      : 0x0
    <21>   DW_AT_high_pc     : 0x39
    <29>   DW_AT_stmt_list   : 0x0

This tells me that the offset into the string table is 0x62, and the name is at an offset 0xd9. However, after parsing the ULEB128 which is the first part of any DIE, the next 4 bytes (the first attribute's value) are 0x00 00 00 00. This I don't understand?

Edit to Employed Russian:

Yes, I understand that the offset 0x62 points into the .debug_str section. However, what I'm wondering is where I find this 0x62 value?

Each DIE starts with a ULEB128 value (the abbreviation table entry code), and is followed by the attributes. The first attribute in the corresponding abbreviation table entry is a DW_AT_producer of form DW_FORM_strp. This means that the next 4 bytes in the DIE are supposed to be the offset into .debug_str. However, the next 4 bytes are 0x00 00 00 00, and not 0x62 00 00 00 which is the value I'm looking. 0x62 is residing at offset 0x5c8 into the ELF file, whereas the DIE's attributes start at offset 0x85 as far as I can tell (see attached image for a hexdump (little endian) - highlighted byte is the ULEB128, and the following bytes are what I expect to be the offset into .debug_str).

Edit 2

I've been able to determine that the actual attribute values of form DW_FORM_strp are located in the .rela.debug_info section in the ELF file, so I'll have to read more about that.

Answer 1

The specific ELF file posted for this question also has a rela.debug_info section, which contains relocation entries for the .debug_info section. From the ELF spec:

 .relaNAME
              This section holds relocation information as described below.
              If the file has a loadable segment that includes relocation,
              the section's attributes will include the SHF_ALLOC bit.  Oth‐
              erwise, the bit will be off.  By convention, "NAME" is sup‐
              plied by the section to which the relocations apply.  Thus a
              relocation section for .text normally would have the name
              .rela.text.  This section is of type SHT_RELA.

Each relocation entry in this section (of type Elf64_Rela in this particular case) should be iterated over, and the value of each entry should be addended with the corresponding value in the .debug_info section.

Answer 2

This tells me that the offset into the string table is 0x62, and the name is at an offset 0xd9.

Correct. These offsets are into the .debug_str section, which starts at offset 0x289 in the file.

readelf -WS elf.o | grep debug_str
  [12] .debug_str        PROGBITS        0000000000000000 000289 0000e4 01  MS  0   0  1

dd if=elf.o bs=1 skip=$((0x289+0x62)) count=75 2>/dev/null
GNU C11 7.5.0 -mtune=generic -march=x86-64 -g -O0 -fstack-protector-strong

dd if=elf.o bs=1 skip=$((0x289+0xd9)) count=5 2>/dev/null
elf.c

P.S.

I've found sections .dwarf_info, .dward_abbrev and .dwarf_str.

None of above sections exit in your file. It helps to be precise when asking questions.