Questions tagged [elf]

ELF stands for Executable and Linkable Format, a file format for files containing machine code. Use this tag for questions about the ELF format itself, or for questions which are specifically about reading/writing ELF files.

The Executable and Linkable Format (ELF) standard describes a layout for files containing executable machine code. The format is non-proprietary, flexible, extensible and machine architecture-independent.

Most modern open-source operating systems (e.g., Linux) use ELF for their native executables. Notable exceptions are Windows (using PE/COFF) and macOS/iOS (using Mach-O).

Questions that should use the elf tag:

Questions about the ELF format itself, e.g. how certain fields should be used or what their intention is.
Questions about reading/parsing ELF files, e.g. via the C elf.h standard header or with the readelf program.
Question about writing/modifying ELF files, e.g. using tools like objcopy or strip.

Resources:

elf(5) Linux manual page
Contains a quick overview over the ELF format and its most common data types.
ELF format specification
This is the official full specification of the ELF format.

Related tags:

readelf For questions about the readelf program, which is used for parsing and dumping most non-machine code sections of an ELF file.
objcopy For questions about the objcopy program, which allows changing section contents or adding sections to existing ELF files.

2307 questions

vote

1 answer

Gdb struct values all become 0 after "next"

So my struct values are becoming 0 after a "next" command in gdb, which should have no effect. 166 RawElfSymbol *currSymb = symbolTabSec; (gdb) p *currSymb $8 = {name = 623313010, addr = 540682099, size = 1931505518, type_and_bind = 117 'u',…

c struct gdb elf

asked Mar 01 '15 at 09:53

Fran C

vote

0 answers

Executable gets larger when removing sections from linker script

I'm really struggling with linker scripts, so I decided to start with a minimal test and start tweaking things. But removing lines for the default linker script for sections not even in my object file, can cause the executable to grow…

ld elf linker-scripts

asked Feb 24 '15 at 06:42

RabbitEars

vote

1 answer

How to make my ELF run with both new and old version of glibc?

When I'm compiling my elf, it is "best practice" to make it link against the oldest version of glibc I can, so it will work both on new and old versions of glibc. i.e. if I use realpath, which in readelf output of glibc we can see has both a…

linux linker glibc elf

asked Feb 22 '15 at 19:43

speller

1,641
2
20
27

vote

1 answer

What ELF section headers typically have no associated section?

For the Executable and Linkable Format, sections describe information in an object file. In the ELF specification, it is mentioned that there may be section headers that are not followed by a section: Every section in an object file has exactly one…

elf

asked Feb 20 '15 at 11:37

Caterpillar

vote

1 answer

PIN, IMG_AddInstrumentFunction and the ELF loader

Basically, I'm trying to figure out how PIN tracks "Image" loads using IMG_AddInstrumentFunction. The documentation says "Use this to register a call back to catch the loading of an image". (There is an imageload pintool in…

linux linker loader elf instrumentation

asked Feb 18 '15 at 17:33

user277465

vote

0 answers

Define new code section in assembly code to compile ELF binary

I defined a new code section in my assembly program, which is going to be compiled into 32-bit ELF binary, on x86. I use the linker scripts to assign a specified address for this new code section, it works. However, I noticed that this new section…

c assembly compilation linker elf

asked Feb 10 '15 at 19:33

lllllllllllll

8,519
9
45
80

vote

0 answers

Why is my arm-none-eabi output empty?

I'm trying to compile and link code for the STM32F030F4, using arm-none-eabi-gcc 2014 Q3: arm-none-eabi-gcc (GNU Tools for ARM Embedded Processors) 4.8.4 20140725 (release) [ARM/embedded-4_8-branch revision 213147] The code was generated by…

gcc arm codeblocks elf stm32

asked Feb 08 '15 at 23:18

Christoph

1,040
3
14
29

vote

0 answers

Reuse symbols in disassembling/reassembling a C++ program

it's me again. I am working on a tool can that disassemble/reassemble stripped binaries and now I am sucked in a (external) symbol reuse issue. The test is on 32-bit Linux x86 platform. Suppose I am working on a C++ program, in the GCC compiler…

c assembly elf symbols undefined-symbol

asked Feb 06 '15 at 20:47

lllllllllllll

8,519
9
45
80

vote

1 answer

What happens with functions using macro __init as prefix?

From the info I've read about module initialization in a Linux OS, I came to know that the function calls that are having a prefix like __init will be placed in a single ELF location. For example we usually write: int __init…

kernel init elf

asked Jan 16 '15 at 08:38

kakeh

vote

1 answer

elf processing by linkers(both dynamic and program)

I am working on a project that involves ELF binary file parsing. From past few weeks I am reading quite a bit on ELF format. However, one thing I really want to understand is how linkers and loaders use the different sections in an ELF file. Can…

linker loader elf

asked Jan 08 '15 at 16:41

Vasant K

vote

1 answer

How to locate what symbol corresponds to a specified offset in an ELF shared library?

I have an application that is linked against an ELF shared library. The library that it's using has all of its unneeded symbols stripped (using strip --strip-unneeded). I'm trying to debug a heap-corruption problem. I have a stack trace generated by…

shared-libraries elf debug-symbols

asked Jan 06 '15 at 22:32

Jason R

11,159
6
50
81

vote

0 answers

Will "clear_user()" for .bss clearing leads to page fault during ELF loading in function load_elf_binary?

The discussion below applies to 32-bit ARM Linux. When kernel is loading an ELF executable file, function load_elf_binary will be called. I believe it is the following code snippet that clears .bss section: nbyte = ELF_PAGEOFFSET(elf_bss); if…

linux memory-management linux-kernel elf

asked Dec 25 '14 at 15:18

CodingNow

vote

1 answer

Is it possible to remove the heap from an ELF Core file?

I'm collecting stacktraces from very large coredumps via /proc/sys/kernel/core_pattern. The following questions suggest using /proc/pid/core_filter to reduce the size of large coredumps: Minimal core dump (stack trace + current frame only) Selective…

c++ linux-kernel operating-system stack-trace elf

asked Nov 21 '14 at 18:37

matthewatabet

1,463
11
26

vote

1 answer

Is the Executable and Linkable Format (ELF) streamable?

I'd like to extract the stacktrace from crashing applications with large memory footprints. Ideally, the user wouldn't need to wait while the entire coredump is written to disk. My current thinking is to install a coredump hook at…

parsing streaming elf crash-dumps

asked Nov 12 '14 at 22:02

matthewatabet

1,463
11
26

vote

1 answer

Linux native executable does not consist of proper symbol information

I am using Excelsior Jet (A java to native compiler) to compile a Java application into a native executable. I have been successful in doing that. The standalone executable runs properly on my system. Now, I wanted to instrument the execution of…

java elf debug-symbols objdump

asked Nov 11 '14 at 11:03

Karishma Agarwal

Prev 1 2 3

…

99 100 Next