Question

我试图获取elf文件的每个部分的偏移量和数据。我已经使用此代码创建了部分名称：

#include <elf.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>

int filesize(int fd)
{
  return (lseek(fd, 0, SEEK_END));
}

void    print_section(Elf64_Shdr *shdr, char *strTab, int shNum)
{
  int   i;

  for(i = 0; i < shNum; i++)
     printf("%02d: %s\n", i, &strTab[shdr[i].sh_name]);
}

int main(int ac, char **av)
{
  void  *data;
  Elf64_Ehdr    *elf;
  Elf64_Shdr    *shdr;
  int       fd;
  char      *strtab;

  fd = open(av[1], O_RDONLY);
  data = mmap(NULL, filesize(fd), PROT_READ, MAP_SHARED, fd, 0);
  elf = (Elf64_Ehdr *) data;
  shdr = (Elf64_Shdr *) (data + elf->e_shoff);
  strtab = (char *)(data + shdr[elf->e_shstrndx].sh_offset);
  print_section(shdr, strtab, elf->e_shnum);
  close(fd);
  return 0;
}

但我无法找到获取每个部分的数据或其起始偏移量的方法。谢谢你的帮助

Answer 1

我认为您可以使用sh_offset和shdr[i].sh_size：

void    print_section(Elf64_Shdr *shdr, char *strTab, int shNum, uint8_t *data)
{
  int   i;  

  for(i = 0; i < shNum; i++) {
    size_t k;
     printf("%02d: %s Offset %lx\n", i, &strTab[shdr[i].sh_name], 
        shdr[i].sh_offset);
     for (k = shdr[i].sh_offset; k < shdr[i].sh_offset + shdr[i].sh_size; k++) {
       printf("%x", data[k]);
     }   
     printf("\n");
     for (k = shdr[i].sh_offset; k < shdr[i].sh_offset + shdr[i].sh_size; k++) {
       printf("%c", data[k]);
     }   
     printf("\n");
  }
}

并称之为：

print_section(shdr, strtab, elf->e_shnum, (uint8_t*)data);

获取虚拟地址（偏移）的一种方法：

Elf64_Phdr *ph = (Elf64_Phdr *) ((uint8_t *) data + elf->e_phoff);
printf("Virtual address offset: %lx\n", ph->p_vaddr - elf->e_phoff);

获得精灵部分抵消

1 个答案: