重写ELF二进制文件后,我遇到了一个非常神秘的问题。我用libelf库重写了一个二进制文件。基本上我只是用相同数量的NOP替换.text中的一些指令。这不会改变任何部分的大小,readelf输出也很明显。但是,对于原始文件,在重写后的段到段映射中存在一些奇怪的不匹配。
在重写之前readelf -l输出:
Elf file type is EXEC (Executable file)
Entry point 0x202a0
There are 8 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
EXIDX 0x000964 0x10020964 0x10020964 0x00230 0x00230 R 0x4
LOAD 0x010000 0x00020000 0x00020000 0x20000 0x20000 R E 0x10000
LOAD 0x000000 0x10020000 0x10020000 0x00c1c 0x00c1c R 0x10000
LOAD 0x000c20 0x10030c20 0x10030c20 0x00b18 0x010b4 RW 0x10000
NOTE 0x000134 0x10020134 0x10020134 0x0003c 0x0003c R 0x4
TLS 0x000c20 0x10030c20 0x10030c20 0x00478 0x00478 R 0x8
GNU_EH_FRAME 0x000b94 0x10020b94 0x10020b94 0x00014 0x00014 R 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x10
Section to Segment mapping:
Segment Sections...
00 .ARM.exidx
01 .init .text .fini
02 .note.NaCl.ABI.arm .note.gnu.build-id .rodata .ARM.extab .ARM.exidx
.eh_frame_hdr .eh_frame
03 .tdata .init_array .fini_array .jcr .got .data .bss
04 .note.NaCl.ABI.arm .note.gnu.build-id
05 .tdata
06 .eh_frame_hdr
07
Elf file type is EXEC (Executable file)
Entry point 0x202a0
There are 8 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
EXIDX 0x000964 0x10020964 0x10020964 0x00230 0x00230 R 0x4
LOAD 0x010000 0x00020000 0x00020000 0x20000 0x20000 R E 0x10000
LOAD 0x000000 0x10020000 0x10020000 0x00c1c 0x00c1c R 0x10000
LOAD 0x000c20 0x10030c20 0x10030c20 0x00b18 0x010b4 RW 0x10000
NOTE 0x000134 0x10020134 0x10020134 0x0003c 0x0003c R 0x4
TLS 0x000c20 0x10030c20 0x10030c20 0x00478 0x00478 R 0x8
GNU_EH_FRAME 0x000b94 0x10020b94 0x10020b94 0x00014 0x00014 R 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x10
Section to Segment mapping:
Segment Sections...
00
01 .fini .comment .ARM.attributes .debug_aranges .debug_info
.debug_abbrev
02
03 .bss
04
05
06
07
这背后可能是什么原因?