0

when I call readelf with -s flag on my Executable Elf file I get:

Num:    Value          Size Type    Bind   Vis      Ndx Name
43: 00000000004004e7    30 FUNC    GLOBAL DEFAULT   13  find_me_func

But when I read the symbol table entry at index 43 I have:

st_name: 259
st_info: 18 '\022'
st_other: 0 '\0000'
st_shndx: 13
st_value: 4195559
st_size: 30

My question is how can I use the information I have to get: 00000000004004e7? I think it's related somehow to st_value

Note: maybe thes macros can help?

/*
 * Dynamic structure.  The ".dynamic" section contains an array of them.
 */
typedef struct {
    Elf64_Sxword d_tag;        /* Entry type. */
    union {
        Elf64_Xword d_val;    /* Integer value. */
        Elf64_Addr d_ptr;    /* Address value. */
    } d_un;
} Elf64_Dyn;

/*
 * Relocation entries.
 */

/* Relocations that don't need an addend field. */
typedef struct {
    Elf64_Addr r_offset;    /* Location to be relocated. */
    Elf64_Xword r_info;        /* Relocation type and symbol index. */
} Elf64_Rel;

/* Relocations that need an addend field. */
typedef struct {
    Elf64_Addr r_offset;    /* Location to be relocated. */
    Elf64_Xword r_info;        /* Relocation type and symbol index. */
    Elf64_Sxword r_addend;    /* Addend. */
} Elf64_Rela;

/* Macros for accessing the fields of r_info. */
#define    ELF64_R_SYM(info)    ((info) >> 32)
#define    ELF64_R_TYPE(info)    ((info) & 0xffffffffL)

/* Macro for constructing r_info from field values. */
#define    ELF64_R_INFO(sym, type)    (((sym) << 32) + ((type) & 0xffffffffL))

#define    ELF64_R_TYPE_DATA(info)    (((Elf64_Xword)(info)<<32)>>40)
#define    ELF64_R_TYPE_ID(info)    (((Elf64_Xword)(info)<<56)>>56)
#define    ELF64_R_TYPE_INFO(data, type)    \
                (((Elf64_Xword)(data)<<8)+(Elf64_Xword)(type))
  • I know other is reserved and I know what are name and info fields so those won't help as I believe –  Jun 21 '21 at 19:11

1 Answers1

1

00000000004004e7 is a hexadecimal representation of 4195559, which is your st_value.

You can use %x with printf() to print a value in hexadecimal. Add number like %016x to specify the number of digits.

#include <stdio.h>

int main(void) {
    int st_value = 4195559;
    printf("%016x\n", st_value);
    return 0;
}

Or if you want 64-bit value:

#include <stdio.h>
#include <inttypes.h>

int main(void) {
    uint64_t st_value = UINT64_C(4195559);
    printf("%016" PRIx64 "\n", st_value);
    return 0;
}
MikeCAT
  • 73,922
  • 11
  • 45
  • 70
  • Then why it isn't saved as hexa in my code: `fread(&sym_table[i], sizeof(sym_table[0]), 1, file);` –  Jun 21 '21 at 19:17
  • I have too: `Elf64_Addr st_value;` –  Jun 21 '21 at 19:17
  • Because you load the number as binary and not converted it to hexa? – MikeCAT Jun 21 '21 at 19:20
  • Then why I get first_inst_data=-1? ```unsigned long func_start_addr = st_value; long first_inst_data = ptrace(PTRACE_PEEKTEXT, child_pid, (void *) func_start_addr, NULL);``` –  Jun 21 '21 at 19:27
  • This code is in child process being debugged –  Jun 21 '21 at 19:28
  • @dreamer: A -1 value there means your `ptrace` call failed -- check `errno` to see why. Maybe `ESRCH` if the child hasn't called `ptrace(PTRACE_TRACEME)`? Nothing really related to ELF, however. – Chris Dodd Jun 21 '21 at 23:17
  • @ChrisDodd that's the reason, can you kindly help with it: https://stackoverflow.com/questions/68074843/c-ptrace-returns-1-why –  Jun 21 '21 at 23:28