starting point of ELF executable file?

删除回忆录丶 提交于 2019-12-10 20:17:19

问题


I compile following C program on lubuntu 12.10 with anjuta

int main()
{
return 0;
}

the file name is foobar

then I open up terminal and write command

ndisasm foobar -b 32 1>asm.txt

(disassemble foobar with 32 bit instruction option and save disassembled result to asm.txt)

I open up asm.txt there are many 0x0000 and miss-understandable code.

the instruction jg 0x47(0x7F45) on 0x00000000 and dec esp(0x4C) on 0x00000002 seems ELF file format signature. (because the hex code 0x454c46 is 'ELF' in ascii)

the Linux might load this code to memory and don't jump to 0x00000000 because there is no executable code.

I have questions here.

  1. how do I know the address of starting address?
  2. which code is OK to ignore?(maybe many 0x0000 would be OK to ignore but what else?)

回答1:


Even for the simplest program like yours, gcc is linking some libraries and some object files (notably crt0.o which calls your main and contains _start, the ELF starting point). And your binary is probably dynamically linked to some libc.so.6 so needs the dynamic linker (use ldd foobar to find out). Use gcc -v to understand what gcc is doing. And objdump has a lot of interesting flags or options.

You may also want to read the Assembly Howto, the X86 calling conventions, this question, the X86-64 ABI, these notes on X86-64 programming, etc



来源:https://stackoverflow.com/questions/14002502/starting-point-of-elf-executable-file

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!