Understanding the relocation table output from readelf

elf readelf
10,477

Here is a clear (I hope so) to the readelf output:

  1. Offset is the offset where the symbol value should go
  2. Info tells us two things - the type (terminates the exact calculation depends on the arch) and the symbol index in the symtab
  3. Type - type of the symbol according to the ABI
  4. Sym value is the addend to be added to the symbol resolution
  5. Sym name and addend - a pretty printing of the symbol name + addend.

See this for a calculation example: https://web.archive.org/web/20150324024617/http://mylinuxbook.com/readelf-command/ more info: http://docs.oracle.com/cd/E23824_01/html/819-0690/chapter6-54839.html

Share:
10,477
Fred Thomsen
Author by

Fred Thomsen

Updated on June 07, 2022

Comments

  • Fred Thomsen
    Fred Thomsen almost 2 years

    For example, running the command:

    readelf -r /bin/ls | head -n 20

    I get the following output:

    Relocation section '.rela.dyn' at offset 0x15b8 contains 7 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000619ff0  003e00000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0
00000061a580  006f00000005 R_X86_64_COPY     000000000061a580 __progname + 0
00000061a590  006c00000005 R_X86_64_COPY     000000000061a590 stdout + 0
00000061a5a0  007800000005 R_X86_64_COPY     000000000061a5a0 optind + 0
00000061a5a8  007a00000005 R_X86_64_COPY     000000000061a5a8 optarg + 0
00000061a5b0  007400000005 R_X86_64_COPY     000000000061a5b0 __progname_full + 0
00000061a5b8  007700000005 R_X86_64_COPY     000000000061a5b8 stderr + 0

Relocation section '.rela.plt' at offset 0x1660 contains 105 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
00000061a018  000100000007 R_X86_64_JUMP_SLO 0000000000000000 __ctype_toupper_loc + 0
00000061a020  000200000007 R_X86_64_JUMP_SLO 0000000000000000 getenv + 0
00000061a028  000300000007 R_X86_64_JUMP_SLO 0000000000000000 sigprocmask + 0
00000061a030  000400000007 R_X86_64_JUMP_SLO 0000000000000000 raise + 0
00000061a038  007000000007 R_X86_64_JUMP_SLO 00000000004020a0 free + 0
00000061a040  000500000007 R_X86_64_JUMP_SLO 0000000000000000 localtime + 0
00000061a048  000600000007 R_X86_64_JUMP_SLO 0000000000000000 __mempcpy_chk + 0

    I do not understand this output and wanted some clarification.

    Does the 1st column, offset, indicate where these symbolic references are in the .text segment? What is meant by the Info and Type columns, I thought relocations just mapped a symbol reference to a definition, so I don't understand how there can be different types? Why do certain symbol names have 0 as the address for their value... I can't imagine they all map to the same spot in the text segment? Finally, why does the relocation table even exist in the final executable? Doesn't it take up extra space and all the references have already been resolved for the last link command that generates the executable?

  • Ciro Santilli OurBigBook.com
    Ciro Santilli OurBigBook.com almost 9 years
    I don't reproduce Sym. Value == Added. E.g. I have Sym Value = 0 and the pretty print Sym name + added = .data - 4. I think value might be the bytes pointed to by offset in the .text segment.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Explaining readelf -S output
readelf: Error: Not an ELF file - it has the wrong magic bytes at the start
Why does register_tm_clones and deregister_tm_clones reference an address past the .bss section? Where is this memory allocated?
How to set the dynamic linker path for a shared library?
Difference between Program header and Section Header in ELF
What is the difference in byte code like Java bytecode and files and machine code executables like ELF?
Getting the error: bash: (program): cannot execute binary file: Exec format error, on both 32-bit and 64-bit Windows
Locating the Global Offset Table in an ELF file
Extract detailed symbol information (struct members) from elf file compiled with ARM-GCC
How read ELF header in C?