设为首页收藏本站

LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
LinuxSir.cn,穿越时空的Linuxsir!»论坛 编程开发讨论区 —— LinuxSir.cn Linux 程序设计专题讨论 [原创]Elf动态解析符号过程-演示
返回列表 发新帖
查看: 778|回复: 0

[原创]Elf动态解析符号过程-演示

[复制链接]
xueyan
发表于 2005-6-15 12:53:29 | 显示全部楼层 |阅读模式
程序源码:
  1. #include <stdio.h>
  2. int main(int argc, char *argv[])
  3. {
  4.   printf("Hello, world\n");
  5.   printf("test for another time\n");

  7. return 0;
  8. }
复制代码

相关的节:
  1. .got 节的内容:
  2. 80495e8 0c950408 00000000 00000000 a6820408  ................
  3. 80495f8 b6820408 00000000                    ........        
  4. .plt 节的内容:
  5. 8048290 ff35ec95 0408ff25 f0950408 00000000  .5.....%........
  6. 80482a0 ff25f495 04086800 000000e9 e0ffffff  .%....h.........
  7. 80482b0 ff25f895 04086808 000000e9 d0ffffff  .%....h.........00000000   
复制代码

以上来自objdump -s elf_test输出
.got节存放global offset table---全局偏移表
.plt节存放动态过程联接表
  1. linuxbuddy@l1u6uddy:~$ gdb -q elf_test
  2. Using host libthread_db library "/lib/libthread_db.so.1".
  3. (gdb) disass main
  4. Dump of assembler code for function main:
  5. 0x08048384 <main+0>:    push   %ebp
  6. 0x08048385 <main+1>:    mov    %esp,%ebp
  7. 0x08048387 <main+3>:    sub    $0x8,%esp
  8. 0x0804838a <main+6>:    and    $0xfffffff0,%esp
  9. 0x0804838d <main+9>:    mov    $0x0,%eax
  10. 0x08048392 <main+14>:   sub    %eax,%esp
  11. 0x08048394 <main+16>:   movl   $0x80484d4,(%esp)
  12. 0x0804839b <main+23>:   call   0x80482b0 <_init+56>//call printf
  13. 0x080483a0 <main+28>:   movl   $0x80484e2,(%esp)
  14. 0x080483a7 <main+35>:   call   0x80482b0 <_init+56>//call printf
  15. 0x080483ac <main+40>:   mov    $0x0,%eax
  16. 0x080483b1 <main+45>:   leave
  17. 0x080483b2 <main+46>:   ret
  18. End of assembler dump.
  19. (gdb) b *0x0804839b //在call printf前设置断点
  20. Breakpoint 1 at 0x804839b: file elf_test.c, line 4.
  21. (gdb) r
  22. Starting program: /home/linuxbuddy/libpcap/mysniffer/elf_test

  24. Breakpoint 1, 0x0804839b in main (argc=1, argv=0xbffff994) at elf_test.c:4
  25. 4         printf("Hello, world\n");
  26. (gdb) info address printf //查看prinf的地址
  27. Symbol "printf" is at 0x4006f960 in a file compiled without debugging.
  28. (gdb) disass  0x80482b0  0x80482bc
  29. Dump of assembler code from 0x80482b0 to 0x80482bc:
  30. 0x080482b0 <_init+56>:  jmp    *0x80495f8
  31. 0x080482b6 <_init+62>:  push   $0x8
  32. 0x080482bb <_init+67>:  jmp    0x8048290 <_init+24>
  33. End of assembler dump.
  34. (gdb) watch *0x80495f8 //设置观察点
  35. Hardware watchpoint 2: *134518264
  36. (gdb) p/a 0x80495f8
  37. $3 = 0x80495f8 <_GLOBAL_OFFSET_TABLE_+16>// 0x80495f8为全局偏移表的一个表项
  38. (gdb) p/a *0x80495f8//其内容为
  39. $4 = 0x80482b6 <_init+62> //正好是"0x080482b0 <_init+56>:  jmp    *0x80495f8"的下一条指令
  40. (gdb) l
  41. 1       #include <stdio.h>
  42. 2       int main(int argc, char *argv[])
  43. 3       {
  44. 4         printf("Hello, world\n");
  45. 5         printf("test for another time\n");
  46. 6
  47. 7       return 0;
  48. 8       }
  49. (gdb) b 5 //在第二次printf处设置断点
  50. Breakpoint 3 at 0x80483a0: file elf_test.c, line 5.
  51. (gdb) c
  52. Continuing.
  53. Hardware watchpoint 2: *134518264

  55. Old value = 134513334
  56. New value = 1074198880 //ld-linux.so.2修改全局偏移表
  57. 0x4000bacb in _dl_map_object_deps () from /lib/ld-linux.so.2
  58. (gdb) p/a *0x80495f8 //修改后的内容为
  59. $5 = 0x4006f960 <printf> //ld-linux.so.2修改全局偏移表中关于printf的相应项为printf函数的绝对地址
  60. (gdb) info symbol  0x4006f960 //确认一下下
  61. printf in section .text
  62. (gdb) c
  63. Continuing.
  64. Hello, world

  66. Breakpoint 3, main (argc=1, argv=0xbffff994) at elf_test.c:5
  67. 5         printf("test for another time\n");
  68. (gdb) disass  0x80482b0  0x80482bc
  69. Dump of assembler code from 0x80482b0 to 0x80482bc:
  70. 0x080482b0 <_init+56>:  jmp    *0x80495f8
  71. 0x080482b6 <_init+62>:  push   $0x8
  72. 0x080482bb <_init+67>:  jmp    0x8048290 <_init+24>
  73. End of assembler dump.
  74. (gdb) p/a *0x80495f8
  75. $6 = 0x4006f960 <printf>
  76. (gdb) c
  77. Continuing.
  78. test for another time

  80. Program exited normally.
  81. (gdb) q
复制代码

具体参见http://elfhack.whitecell.org/myd ... resolve_process.txt
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表