Home > Backend Development > PHP Tutorial > Teach you how to read the elf structure using php

Teach you how to read the elf structure using php

藏色散人
Release: 2023-04-09 17:14:01
forward
3940 people have browsed it

Recommended: "PHP Video Tutorial"

Prerequisite knowledge

  1. UNIX system executable The files are all in ELF format, and the types are divided into target files, executable files and shared libraries
  2. Analysis of ELF format three: sections
  3. This example is based on a 64-bit little-endian Linux machine

Take reading the target file hello.o as an example

#include <stdio.h>
void say_hello(char *who) {
    printf("hello, %s!\n", who);
}
char *my_name = "wb";
int man() {
    say_hello(my_name);
    return 0;
}
// 执行gcc -c hello.c生成hello.o
Copy after login

The elf structure of the target file mainly includes:

  1. ELF header, located 0~64 bytes of the file store the description information of the file, the starting position of the Section header table
  2. N Section
  3. Section header table, each entry is 64 bytes, corresponding to a Section Information
  4. Program header table, executable file needs, hello.o in this example does not

Further analysis of the elf structure

  1. First use the readelf command to read the elf information: readelf -h hello.o. The summary is as follows:
  2. ELF header occupies 64 bytes
  3. N Sections occupy 6488-64-1472=4952 bytes
  4. Section header table occupies 23*64=1472 words Section
readelf -h hello.o
ELF Header:
Class:                             ELF64
Data:                              2&#39;s complement, little endian
OS/ABI:                            UNIX - System V
Type:                              REL (Relocatable file)
Machine:                           Advanced Micro Devices X86-64
Start of program headers:          0 (bytes into file)
Start of section headers:          5016 (bytes into file) //Section header table的起始位置
Size of this header:               64 (bytes) //ELF header的占用大小
Size of program headers:           0 (bytes)  //hello.o没有program header table
Number of program headers:         0          //hello.o没有program header table
Size of section headers:           64 (bytes) //Section header table每个条目占用大小
Number of section headers:         23         //Section header table条目个数
Section header string table index: 22         //.shstrtab Section位于Section header table第22个条目
Copy after login

Use php to read the .shstrtab Section content

  1. .shstrtab Section is actually the name of all stored Sections
<?php
$fp = fopen("hello.o", "rb");

fseek($fp, 40, SEEK_SET);
$sh_off = fread($fp, 8);
$sh_off = unpack("P", $sh_off);
var_dump("section header offset in file: ". $sh_off[1]);

fseek($fp, 10, SEEK_CUR);
$sh_ent_size = fread($fp, 2);
$sh_ent_size = unpack("v", $sh_ent_size);
var_dump("section header entry size: ". $sh_ent_size[1]);

$sh_num = fread($fp, 2);
$sh_num = unpack("v", $sh_num);
var_dump("section header number: ". $sh_num[1]);

$sh_strtab_index = fread($fp, 2);
$sh_strtab_index = unpack("v", $sh_strtab_index);
var_dump("section header string table index: ". $sh_strtab_index[1]);

fseek($fp, $sh_off[1] + $sh_strtab_index[1] * $sh_ent_size[1], SEEK_SET);
fseek($fp, 24, SEEK_CUR); //sh_name(4) + sh_type(4) + sh_flags(8) + sh_addr(8) = 24
$str_table_off = fread($fp, 8);
$str_table_off = unpack("P", $str_table_off);
var_dump("section name string table offset: ". $str_table_off[1]);

$str_table_size = fread($fp, 8);
$str_table_size = unpack("P", $str_table_size);
var_dump("section name string table size: ". $str_table_size[1]);

fseek($fp, $str_table_off[1], SEEK_SET);
$str = fread($fp, $str_table_size[1]);
print_r(explode("\x00", trim($str, "\x00")));

// 读取所有Section条目信息
for ($i =0;$i < $sh_num[1]; $i ++) {
    fseek($fp, $sh_off[1] + $i * $sh_ent_size[1], SEEK_SET);
    $sh_name = fread($fp, 4);
    $sh_name = unpack("V", $sh_name);
    fseek($fp, 20, SEEK_CUR); //sh_type(4) + sh_flags(8) + sh_addr(8) = 20
    $sh_offset = fread($fp, 8);
    $sh_offset = unpack("P", $sh_offset);

    $sh_size = fread($fp, 8);
    $sh_size = unpack("P", $sh_size);

    printf("section: %2s name: %-24s offset: %12s size: %12s\n", $i, get_section_name($sh_name[1]), $sh_offset[1], $sh_size[1]);
}

function get_section_name($start) {
    global $str;
    $name = substr($str, $start);
    return strstr($name, "\x00", true);
}
Copy after login

The above is the detailed content of Teach you how to read the elf structure using php. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
php
source:learnku.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template