Sunday, August 16, 2009

what is

Back in April, I wrote about a particular use of It's important to know however what the purpose of is in a little more detail. is the locater and loader of dynamic (shared libs) on your system. Most applications these days use shared libs (instead of statically built-in libs). When a program is loaded, Linux passes control to instead of normal entry point of the application. Now searches for and loads the unresolved libraries, and then it passes control to the application starting point.

To understand how a program loads, it's useful to understand ELF. The ELF (Executable and Linking Format) specification defines how an object file is composed and organized. With this information, the kernel and the binary loader (ld in our case) know how to load the file, where to look for the code, where to look the initializeddata, which shared library that needs to be loaded and so on. is the runtime component for the linker (ld) which locates and loads into memory the dynamic libraries used by the applicaiton.

A little more about ELF (from wikipedia).

Each ELF file is made up of one ELF header, followed by file data. The file data can include:

  • Program header table, describing zero or more segments
  • Section header table, describing zero or more sections
  • Data referred to by entries in the program header table, or the section header table
The segments contain information that is necessary for runtime execution of the file, while sections contain important data for linking and relocation.

There are a few useful tools to read ELF files:
  • ldd prints the shared library dependencies.
  • readelf is a Unix binary utility that displays information about one or more ELF files.
  • objdump provides a wide range of information about ELF files and other object formats.

rutul@ubuntu:~/test_progs$ gcc hello_world.c
rutul@ubuntu:~/test_progs$ ldd a.out => (0xb7ef2000) => /lib/tls/i686/cmov/ (0xb7d80000)
/lib/ (0xb7ef3000)
rutul@ubuntu:~/test_progs$ readelf -l a.out

Elf file type is EXEC (Executable file)
Entry point 0x8048310
There are 8 program headers, starting at offset 52

Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x08048034 0x08048034 0x00100 0x00100 R E 0x4
INTERP 0x000134 0x08048134 0x08048134 0x00013 0x00013 R 0x1
[Requesting program interpreter: /lib/]
LOAD 0x000000 0x08048000 0x08048000 0x004c4 0x004c4 R E 0x1000
LOAD 0x000f0c 0x08049f0c 0x08049f0c 0x00108 0x00110 RW 0x1000
DYNAMIC 0x000f20 0x08049f20 0x08049f20 0x000d0 0x000d0 RW 0x4
NOTE 0x000148 0x08048148 0x08048148 0x00020 0x00020 R 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
GNU_RELRO 0x000f0c 0x08049f0c 0x08049f0c 0x000f4 0x000f4 R 0x1

Section to Segment mapping:
Segment Sections...
01 .interp
02 .interp .note.ABI-tag .hash .gnu.hash .dynsym .dynstr .gnu.version .gn
u.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame
03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
04 .dynamic
05 .note.ABI-tag
07 .ctors .dtors .jcr .dynamic .got

1 comment:

Anonymous said...

what does this mean: /?ld=4vk7mgwQm50mc-tScPCTE1MACzFADCuRH0KVLMhcOZ7M1K40LIZY9WXQYVM6XaVYZJkVGMuk266LL0OI26Ubgw-3tv-TV55HAFaeGERhSSFqrGgjP6WeXfS6enoWQlvjigKd5iutmQTgFpQYw11QSqtwGwEEYRjU5Aur7hf6bHoUYvnwRRgPJgykg_Iv2RYUR_FyFiALcc6UY0isD2XxNH9t6Jhldy8hBqfMzZsGCI2GlipdaQkbfWVAPsBXvqxxCqQ3IHko9fhKBT33V5nFl3_Wyj25L2Wxb5ruuUJy8g5CtBUmrstAI__aokWWlSlRj05rcLU-xcHNHs_OTfNbbzJretdA8sH5YoUvDhtnpCgoTiRNyfnfuEwPhpH8z4zlc2p5YTA4I00Cm2vYSuqm2h2zVUCUz03dCQikKtPjjAEDGtdJK3ECZjcz0CLKwKmfxk7vldMEW35WDZKyPNO2DAbUVPe_ZVmtFGzQ