These are the slides used in a lecture I gave in the XIV International Board on Free Software. In this lecture I gave a brief overview of the ELF specification (the ELF specification is a document describing the format of executable, shared libraries and relocatable objects files used in Linux and many others operating systems) and the Linux dynamic loader (which is a program that acts together with the OS to create and initialize a program address space among others tasks).

1. The ELF File Format and the Linux Loader
Divino C´esar S. Lucas
Universidade de Campinas - Instituto de Computac¸ ˜ao
Laborat´orio de Sistemas de Computac¸ ˜ao
(www.lsc.ic.unicamp.br)
XIV F´orum Internacional de Software Livre
05 de Julho de 2013

2. The ELF Format
The Linux ELF Loader
Questions
Agenda
1 The ELF (Executable and Linkable Format) Format
2 The Linux ELF Loader
3 Questions
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

3. The ELF Format
The Linux ELF Loader
Questions
Relocatable, Shared Libraries and Executable Files
What / Why ELFs?
The ELF Header
Sections
Segments
The Pieces of a Program
gcc -c -O3 bob.c -o bob.o // relocatable files
gcc -c -O3 main.c -o main.o
gcc bob.o main.o -o hello // executable file
gcc -shared -fPIC bob.c -o libhello.so // shared library
gcc main.c -lhello -L. -o hello // dynamically linked executable
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

4. The ELF Format
The Linux ELF Loader
Questions
Relocatable, Shared Libraries and Executable Files
What / Why ELFs?
The ELF Header
Sections
Segments
What the file looks inside?
The Matrix?
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

5. The ELF Format
The Linux ELF Loader
Questions
Relocatable, Shared Libraries and Executable Files
What / Why ELFs?
The ELF Header
Sections
Segments
What the file looks inside?
The Matrix?
Not. An ELF!
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

6. The ELF Format
The Linux ELF Loader
Questions
Relocatable, Shared Libraries and Executable Files
What / Why ELFs?
The ELF Header
Sections
Segments
The Executable and Linkable Format (ELF)
Specification for Executable and Linkable Files.
Successor of a.out and COFF formats.
Besides Linux, it’s also used in: FreeBSD, OpenBSD,
Solaris, HP-UX, etc.
Used in many devices: PlayStation 3, Dreamcast, Some
Nokia Cellphones.
Support for modern programming languages and code
reutilization.
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

7. The ELF Format
The Linux ELF Loader
Questions
Relocatable, Shared Libraries and Executable Files
What / Why ELFs?
The ELF Header
Sections
Segments
The ELF Header
The ELF Header
typedef struct elf32 hdr {
unsigned char e ident [ EI NIDENT ] ;
Elf32 Half e type ;
Elf32 Half e machine ;
Elf32 Word e version ;
Elf32 Addr e entry ;
Elf32 Off e phoff ;
Elf32 Off e shoff ;
Elf32 Word e flags ;
Elf32 Half e ehsize ;
Elf32 Half e phentsize ;
Elf32 Half e phnum ;
Elf32 Half e shentsize ;
Elf32 Half e shnum ;
Elf32 Half e shstrndx ;
} Elf32 Ehdr ;
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

8. The ELF Format
The Linux ELF Loader
Questions
Relocatable, Shared Libraries and Executable Files
What / Why ELFs?
The ELF Header
Sections
Segments
The ELF Header - Example
The ELF Header
$ readelf -h executavel
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2’s complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x400410
Start of program headers: 64 (bytes into file)
Start of section headers: 4440 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 9
Size of section headers: 64 (bytes)
Number of section headers: 30
Section header string table index: 27
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

9. The ELF Format
The Linux ELF Loader
Questions
Relocatable, Shared Libraries and Executable Files
What / Why ELFs?
The ELF Header
Sections
Segments
Program Representation
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

10. The ELF Format
The Linux ELF Loader
Questions
Relocatable, Shared Libraries and Executable Files
What / Why ELFs?
The ELF Header
Sections
Segments
ELF Sections
Mainly used during static linking process.
Used to group together program portions with are
sematically related (eg: data / code / constructors /
destructors).
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

11. The ELF Format
The Linux ELF Loader
Questions
Relocatable, Shared Libraries and Executable Files
What / Why ELFs?
The ELF Header
Sections
Segments
ELF Sections - Example
ELF Header
Sections Table
. . .
.text
.data
.bss
. . .
Allice.o
ELF Header
Sections Table
Segments Table
. . .
.text
.text
.data
.data
.bss
.bss
. . .
Executable
ELF Header
Sections Table
. . .
.text
.data
.bss
. . .
Bob.o
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

12. The ELF Format
The Linux ELF Loader
Questions
Relocatable, Shared Libraries and Executable Files
What / Why ELFs?
The ELF Header
Sections
Segments
ELF Sections - Example
Section Table
$ readelf -WS executavel
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 1] .interp PROGBITS 0000000000400238 000238 00001c 00 A 0 0 1
[11] .init PROGBITS 00000000004003c8 0003c8 000018 00 AX 0 0 4
[12] .plt PROGBITS 00000000004003e0 0003e0 000030 10 AX 0 0 16
[13] .text PROGBITS 0000000000400410 000410 000228 00 AX 0 0 16
[15] .rodata PROGBITS 0000000000400648 000648 000031 00 A 0 0 4
[22] .got PROGBITS 0000000000600fe0 000fe0 000008 08 WA 0 0 8
[24] .data PROGBITS 0000000000601010 001010 000020 00 WA 0 0 8
[25] .bss NOBITS 0000000000601030 001030 000010 00 WA 0 0 8
[28] .symtab SYMTAB 0000000000000000 0018d8 000690 18 29 48 8
[29] .strtab STRTAB 0000000000000000 001f68 00022b 00 0 0 1
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

13. The ELF Format
The Linux ELF Loader
Questions
Relocatable, Shared Libraries and Executable Files
What / Why ELFs?
The ELF Header
Sections
Segments
ELF Segments
Used mainly during process creation (by the dynamic
loader).
Used to group together sections with the same flags (all
text, all data.
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

14. The ELF Format
The Linux ELF Loader
Questions
Relocatable, Shared Libraries and Executable Files
What / Why ELFs?
The ELF Header
Sections
Segments
ELF Segments - Example
Program Headers
$ readelf -Wl executavel
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000040 0x0000000000400040 0x0000000000400040 0x0001f8 0x0001f8 R E 0x8
INTERP 0x000238 0x0000000000400238 0x0000000000400238 0x00001c 0x00001c R 0x1
LOAD 0x000000 0x0000000000400000 0x0000000000400000 0x00079c 0x00079c R E 0x200000
LOAD 0x000e28 0x0000000000600e28 0x0000000000600e28 0x000208 0x000218 RW 0x200000
DYNAMIC 0x000e50 0x0000000000600e50 0x0000000000600e50 0x000190 0x000190 RW 0x8
NOTE 0x000254 0x0000000000400254 0x0000000000400254 0x000044 0x000044 R 0x4
GNU_EH_FRAME 0x00067c 0x000000000040067c 0x000000000040067c 0x00003c 0x00003c R 0x4
GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x8
GNU_RELRO 0x000e28 0x0000000000600e28 0x0000000000600e28 0x0001d8 0x0001d8 R 0x1
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

15. The ELF Format
The Linux ELF Loader
Questions
Relocatable, Shared Libraries and Executable Files
What / Why ELFs?
The ELF Header
Sections
Segments
ELF Segments - Sections to Segments
Mapping from Sections to Segments
$ readelf -Wl executavel
00
01 .interp
02 .interp .gnu.hash .dynsym .dynstr .rela.dyn .rela.plt .init .plt .text .fini .rodata
03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
04 .dynamic
05 .note.ABI-tag .note.gnu.build-id
06 .eh_frame_hdr
07
08 .ctors .dtors .jcr .dynamic .got
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

16. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
How a Process Start?
Function File Comment
Shell/GUI user application
Executes fork() to create a news process
and execve() to replace the child.
execve fs/exec.c
Do some preprocessing stuff and calls
search binary handler.
search binary handler fs/exec.c
Identify which type is the binary
and calls the appropriate handler.
load elf binary fs/binfmt elf.c
Validate the binary file and
do some preprocessing.
start thread arch/x86/kernel/process.c Start a new thread of execution.
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

17. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Loader - workflow
1 Load the main binary.
2 Load the main binary dependencies (shared libraries).
3 Create a symbol resolution map.
4 Apply data relocations (fill the GOT table).
5 Apply function relocations (fill the GOT.PLT table).
6 Call libraries initializers, registry finalizers and start the
program.
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

18. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Loading the main binary
Loadable Segments
$ readelf -Wl executavel
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000040 0x0000000000400040 0x0000000000400040 0x0001f8 0x0001f8 R E 0x8
INTERP 0x000238 0x0000000000400238 0x0000000000400238 0x00001c 0x00001c R 0x1
**** LOAD 0x000000 0x0000000000400000 0x0000000000400000 0x00079c 0x00079c R E 0x200000
**** LOAD 0x000e28 0x0000000000600e28 0x0000000000600e28 0x000208 0x000218 RW 0x200000
**** DYNAMIC 0x000e50 0x0000000000600e50 0x0000000000600e50 0x000190 0x000190 RW 0x8
NOTE 0x000254 0x0000000000400254 0x0000000000400254 0x000044 0x000044 R 0x4
GNU_EH_FRAME 0x00067c 0x000000000040067c 0x000000000040067c 0x00003c 0x00003c R 0x4
GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x8
GNU_RELRO 0x000e28 0x0000000000600e28 0x0000000000600e28 0x0001d8 0x0001d8 R 0x1
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

19. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
The Dynamic Section/Segment
Dynamic Information Block
$ readelf -dW executavel
Tag Type Name/Value
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
0x000000000000000c (INIT) 0x4003c8
0x000000000000000d (FINI) 0x400638
0x000000006ffffef5 (GNU_HASH) 0x400298
0x0000000000000005 (STRTAB) 0x400318
0x0000000000000006 (SYMTAB) 0x4002b8
0x000000000000000a (STRSZ) 63 (bytes)
0x000000000000000b (SYMENT) 24 (bytes)
0x0000000000000003 (PLTGOT) 0x600fe8
0x0000000000000002 (PLTRELSZ) 48 (bytes)
0x0000000000000014 (PLTREL) RELA
0x0000000000000017 (JMPREL) 0x400398
0x0000000000000007 (RELA) 0x400380
0x0000000000000008 (RELASZ) 24 (bytes)
0x0000000000000009 (RELAENT) 24 (bytes)
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

20. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Dependences from my dependences...
Executable
libz.so
liby.so
...
libc.so
libb.so
liba.so
libb.so
libe.so
libd.so
libc.so
liby.so
libg.so
libf.so
libe.so
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

21. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Shared Libraries: ldd and ldconfig
ldconfig to find dynamic dependencies
$ ldconfig -p
...
libBrokenLocale.so.1 (libc6, OS ABI: Linux 2.6.24) => /lib/i386-linux-gnu/libBrokenLocale.so.1
ld-linux-x86-64.so.2 (libc6,x86-64) => /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
libQtXml.so.4 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libQtXml.so.4
libQtWebKit.so.4 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libQtWebKit.so.4
libQtSvg.so.4 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libQtSvg.so.4
libQtSql.so.4 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libQtSql.so.4
...
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

22. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Process Address Space
Executable (.text)
Executable (.data)
Executable ( .bss)
HEAP
Library-A (.text)
Library-A (.data)
Library-A ( .bss)
Library-B (.text)
Library-B (.data)
Library-B ( .bss)
STACK
Lower Addresses
Higher Addresses
Process Address Space
Fixed distance
Fixed distance
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

23. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Symbol resolution scope and ordering
Executable
libz.so
liby.so
...
libc.so
libb.so
liba.so
libb.so
libe.so
libd.so
libc.so
liby.so
libg.so
libf.so
libe.so
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

24. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Relocations
Relocation is the process of connecting symbolic
references with symbolic definitions.
There are data relocations and function relocations.
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

25. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Relocations - Why do we need relocations (Part 1)?
gcc -c -O3 bob.c -o bob.o // relocatable files
gcc -c -O3 main.c -o main.o
gcc bob.o main.o -o hello // executable file
gcc -shared -fPIC bob.c -o libhello.so // shared library
gcc main.c -lhello -L. -o hello // dynamically linked executable
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

26. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Relocations - Why do we need relocations (Part 1)?
gcc -c -O3 bob.c -o bob.o // relocatable files
gcc -c -O3 main.c -o main.o
gcc bob.o main.o -o hello // executable file
gcc -shared -fPIC bob.c -o libhello.so // shared library
gcc main.c -lhello -L. -o hello // dynamically linked executable
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

27. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Relocations - Why do we need relocations (Part 2)?
Executable (.text)
Executable (.data)
Executable ( .bss)
HEAP
Library-A (.text)
Library-A (.data)
Library-A ( .bss)
Library-B (.text)
Library-B (.data)
Library-B ( .bss)
STACK
Process A
. . .
. . .
Library-A (.text)
Library-A (.data)
Library-A ( .bss)
Library-A (.data)
Library-A ( .bss)
Library-B (.text)
Library-B (.data)
Library-B ( .bss)
Library-C (.text)
Library-C (.data)
Library-C ( .bss)
. . .
. . .
Physical Memory
Executable (.text)
Executable (.data)
Executable ( .bss)
HEAP
Library-A (.text)
Library-A (.data)
Library-A ( .bss)
Library-C (.text)
Library-C (.data)
Library-C ( .bss)
STACK
Process B
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

28. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Relocations - Where are them?
Data and function relocations
$ readelf -rW executavel
Relocation section ’.rela.dyn’ at offset 0x380 contains 1 entries:
Offset Info Type Symbol’s Value Symbol’s Name + Addend
0000000000600fe0 0000000300000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0
Relocation section ’.rela.plt’ at offset 0x398 contains 2 entries:
Offset Info Type Symbol’s Value Symbol’s Name + Addend
0000000000601000 0000000100000007 R_X86_64_JUMP_SLOT 0000000000000000 printf + 0
0000000000601008 0000000200000007 R_X86_64_JUMP_SLOT 0000000000000000 __libc_start_main + 0
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

29. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Dynamic Symbol Table (dynsym)
$ readelf -Ws libtest.so
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000498 0 SECTION LOCAL DEFAULT 9
2: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
3: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND foo
4: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
5: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.2.5 (2)
6: 0000000000201018 0 NOTYPE GLOBAL DEFAULT ABS _edata
7: 0000000000201028 0 NOTYPE GLOBAL DEFAULT ABS _end
8: 0000000000201018 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
9: 00000000000005ac 11 FUNC GLOBAL DEFAULT 11 function
10: 0000000000000498 0 FUNC GLOBAL DEFAULT 9 _init
11: 00000000000005f8 0 FUNC GLOBAL DEFAULT 12 _fini
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

30. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Dynamic String Table (dynstr)
$ readelf -p .dynstr executavel
String dump of section ’.dynstr’:
[ 1] libhello.so
[ d] __gmon_start__
[ 1c] _Jv_RegisterClasses
[ 30] bob_speak
[ 3a] _init
[ 40] _fini
[ 46] libc.so.6
[ 50] __libc_start_main
[ 62] _edata
[ 69] __bss_start
[ 75] _end
[ 7a] GLIBC_2.2.5
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

31. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Global Offset Table
gcc -shared -fPIC hello.c -o libhello.so
#include <stdio . h>
int valor1 ;
int fun1 ( void ) {
valor1 = 123;
p r i n t f ( ” Valor de valor1 = %dn ” , valor1 ) ;
return 0;
}
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

32. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Global Offset Table
objdump -d libhello.so
5f0 : mov 0x2009d9(% r i p ),% rax # 200fd0 < DYNAMIC+0x188>
5f7 : movl $0x7b ,(% rax )
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

33. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Global Offset Table
readelf -WS libhello.so
[20] .got PROGBITS 0000000000200 fc8 000fc8 000020 08 WA 0 0 8
[21] . g o t . p l t PROGBITS 0000000000200fe8 000fe8 000028 08 WA 0 0 8
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

34. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Global Offset Table
readelf -Wr libhello.so
Relocation section ’.rela.dyn’ at offset 0x428 contains 5 entries:
Offset Info Type Symbol’s Value Symbol’s Name + Addend
...
0000000000200fd0 0000000c00000006 R_X86_64_GLOB_DAT 0000000000201028 valor1 + 0
...
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

35. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Procedure Linkage Table
objdump -d exec
4005 fd : c a l l q 400500 <fun1@plt>
400500 <fun1@plt >:
400500: jmpq ∗0x200b02(% r i p ) # 601008 < GLOBAL OFFSET TABLE +0x20>
400506: pushq $0x1
40050b : jmpq 4004e0 < i n i t +0x20>
4004e0 < l i b c s t a r t m a i n @ p l t −0x10 >:
4004e0 : pushq 0x200b0a(% r i p ) # 600 f f 0 < GLOBAL OFFSET TABLE +0x8>
4004e6 : jmpq ∗0x200b0c(% r i p ) # 600 f f 8 < GLOBAL OFFSET TABLE +0x10>
4004ec : nopl 0x0(%rax )
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

36. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Procedure Linkage Table
readelf -Wr exec
Offset Info Type Symbol’s Value Symbol’s Name + Addend
0000000000601000 0000000100000007 R_X86_64_JUMP_SLOT 0000000000000000 __libc_start_main + 0
0000000000601008 0000000300000007 R_X86_64_JUMP_SLOT 0000000000000000 fun1 + 0
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

37. The ELF Format
The Linux ELF Loader
Questions
1) Load the main binary
2) Load the main binary dependencies
3) Create a symbol resolution map
4 and 5) Apply data and function relocations
6) Initialize libraries and jump to program start.
Program Initialization Flow
Divino C´esar S. Lucas The ELF File Format and the Linux Loader

38. The ELF Format
The Linux ELF Loader
Questions
Thank you!
Questions?
divcesar [at] gmail [dot] com
http://johntortugo.wordpress.com
Divino C´esar S. Lucas The ELF File Format and the Linux Loader