Hosted by the courtesy of  
 GitHub 
The stars ASAP english francais spanish arab
Durée du voyage intersidéral francais
Résolutions de l'ONU en HTML francais
Bussard Ramjet english francais
DWARF : dwarf2xml english
ELF : libelf examples english
Code presentation : ctoohtml english

Author : Emmanuel Azencot
Création : Fri Nov 16 16:38:21 CET 2007
Last update : Sun Nov 22 20:39:05 CET 2009

Libelf sample programs

At the time I have writen a simple object relocation program (elf_obj_loc.c), I have found very few code dealing with Elf format with libelf and gelf. One of them was the excelent libelf by Example writen by Joseph Koshy. I hope these two libelf code example will help.

The first source example is a demo that copies an elf to an new one. The result it produce from a running executable is an non-running Elf executable.

elf_copy.c (source file) (build : gcc -o elf_copy -lelf elf_copy.c)
The second also produce non-running Elf executable, but this time the result is more usefull. The only Elf type it accepts is relocatable object from which it produces a new Elf that can be used with a disassembler, like objdump. As a trivial link pass have been done on the result, objdump is fed with adresses synchronized with symbol table and can thus produce a far better output.
elf_obj_loc.c (souce file) (build : gcc -o elf_obj_loc -lelf elf_obj_loc.c)
Example :
Compile the file sample.c (source file) (build : gcc -c -o sample.o sample.c)

And have a look on objdump disassembly output :

shell$ > objdump -d sample.o

sample.o: file format elf32-i386

Disassembly of section .text:

00000000 <whois>:
0: 55 push %ebp
1: 89 e5 mov %esp,%ebp

3: a1 00 00 00 00 mov 0x0,%eax
variable "who"
8: 5d pop %ebp
9: c3 ret

0000000a <what>:
a: 55 push %ebp
b: 89 e5 mov %esp,%ebp

d: a1 00 00 00 00 mov 0x0,%eax
variable "hello"
12: 5d pop %ebp
13: c3 ret

00000014 <main>:
14: 8d 4c 24 04 lea 0x4(%esp),%ecx
18: 83 e4 f0 and $0xfffffff0,%esp
1b: ff 71 fc pushl 0xfffffffc(%ecx)
1e: 55 push %ebp
1f: 89 e5 mov %esp,%ebp
21: 53 push %ebx
22: 51 push %ecx
23: 83 ec 10 sub $0x10,%esp

26: e8 fc ff ff ff call 27 <main+0x13>
defined function (whois)
2b: 89 c3 mov %eax,%ebx

2d: e8 fc ff ff ff call 2e <main+0x1a>
defined function (what)
32: 89 5c 24 08 mov %ebx,0x8(%esp)
36: 89 44 24 04 mov %eax,0x4(%esp)
3a: c7 04 24 0c 00 00 00 movl $0xc,(%esp)

41: e8 fc ff ff ff call 42 <main+0x2e>
undefine function (printf)
46: b8 00 00 00 00 mov $0x0,%eax
4b: 83 c4 10 add $0x10,%esp
4e: 59 pop %ecx
4f: 5b pop %ebx
50: 5d pop %ebp
51: 8d 61 fc lea 0xfffffffc(%ecx),%esp
54: c3 ret


All adresses, including variables and functions, are left unchanged from the binary relocatable object which does not contain an address at all (value is set to 0 for variables and 0xFFFFFFFC for functions).

elf_obj_loc applies .rel sections to the corresponding sections as whould do a linker. In addition, it maps undefined symbols to adress 0x2500000 incrementing by 0x10 at each symbol. The output of objdump clearly shows that it is happier than it was with the raw object.

shell$ > ./elf_obj_loc sample.o sample.reloc
shell$ > objdump -d sample.reloc
sample.reloc: file format elf32-i386

Disassembly of section .text:

08048000 <whois>:
8048000: 55 push %ebp
8048001: 89 e5 mov %esp,%ebp

8048003: a1 5c 80 04 08 mov 0x804805c,%eax
variable who
8048008: 5d pop %ebp
8048009: c3 ret

0804800a <what>:
804800a: 55 push %ebp
804800b: 89 e5 mov %esp,%ebp

804800d: a1 58 80 04 08 mov 0x8048058,%eax
variable hello
8048012: 5d pop %ebp
8048013: c3 ret

08048014 <main>:
8048014: 8d 4c 24 04 lea 0x4(%esp),%ecx
8048018: 83 e4 f0 and $0xfffffff0,%esp
804801b: ff 71 fc pushl 0xfffffffc(%ecx)
804801e: 55 push %ebp
804801f: 89 e5 mov %esp,%ebp
8048021: 53 push %ebx
8048022: 51 push %ecx
8048023: 83 ec 10 sub $0x10,%esp

8048026: e8 d5 ff ff ff call 8048000 <whois>
defined function
804802b: 89 c3 mov %eax,%ebx

804802d: e8 d8 ff ff ff call 804800a <what>
defined function
8048032: 89 5c 24 08 mov %ebx,0x8(%esp)
8048036: 89 44 24 04 mov %eax,0x4(%esp)

804803a: c7 04 24 60 80 04 08 movl $0x8048060,(%esp)

8048041: e8 ca 7f 4b fa call 2500010 <printf>
undefined function
8048046: b8 00 00 00 00 mov $0x0,%eax
804804b: 83 c4 10 add $0x10,%esp
804804e: 59 pop %ecx
804804f: 5b pop %ebx
8048050: 5d pop %ebp
8048051: 8d 61 fc lea 0xfffffffc(%ecx),%esp
8048054: c3 ret



web design : machinman.net all right reserved, update Wed May 18 11:46:24 CEST 2022

Hosted by the courtesy of  
 GitHub 
The stars ASAP english francais spanish
Durée du voyage intersidéral francais
Résolutions de l'ONU en HTML francais
Bussard Ramjet english francais
DWARF : dwarf2xml english
ELF : libelf examples english
Code presentation : ctoohtml english