Accessing particular section in ELF

Question

We have a program in which a section is added named .proghead.

I can read elf .proghead section data by using following command,

$ readelf -x .proghead  elf-binary-file

Hex dump of section '.proghead':
  0x0058b960 00112233 00000000 00010000 00000000 .."3............
  0x0058b970 15200704 00000000 00016904 00000000 . ........i.....

Now I have to access this section using a C/C++ program.

Can someone please help me in writing C/C++ code to read particular section in elf binary ?

Any help is highly appreciated .

Answer 1

What you need is to read section headers (Elf64_Shdr) to find section names and its offset. The relevant information lies in sh_name and sh_offset fields. So you need to compare sh_name with your required section. On finding required section, you can get its offset(sh_offset) and its size sh_size. Now it is easy for you to get data through loop which reads from sh_offset to sh_offset+sh_offset+sh_size. This is theoretically correct and hope you will get data of required section For further help check following links Get elf sections offsets How to get a pointer to an specific section of a program from within itself? (Maybe with libelf)

Answer 2

You can copy one section of the binary to a text file using the command objcopy from package binutils:

$ objcopy -O binary --only-section=<section> <binary> <output>

So in your case:

$ objcopy -O binary --only-section=.proghead elf-binary-file output.proghead

After that, you can simply code a C++ program that reads a binary file. This approach would work as long as all you need to do is to read that section and not to modify the binary.

If you need to modify the binary, you would need to start reading the section at that sections's offset for size bytes. It's possible to use readelf to know what offset a section starts and its size:

$ readelf --wide -S /bin/ls
There are 28 section headers, starting at offset 0x1c760:
Section Headers:
  [Nr] Name               Type     Address          Off    Size   ES Flg Lk Inf Al
  [ 0]                    NULL     0000000000000000 000000 000000 00      0   0  0
  [ 1] .interp            PROGBITS 0000000000400238 000238 00001c 00   A  0   0  1
  [ 2] .note.ABI-tag      NOTE     0000000000400254 000254 000020 00   A  0   0  4
  [ 3] .note.gnu.build-id NOTE     0000000000400274 000274 000024 00   A  0   0  4
  [ 4] .gnu.hash          GNU_HASH 0000000000400298 000298 000068 00   A  5   0  8
  [ 5] .dynsym            DYNSYM   0000000000400300 000300 000c18 18   A  6   1  8
  [ 6] .dynstr            STRTAB   0000000000400f18 000f18 000593 00   A  0   0  1

However, bear in mind that directly modifying a binary is fine as long as there's no new data added or data removed. Adding new data, will grow a section which results into overriding data of other sections and disorganizing the section index. Shrinking a section and filling up with padding may be OK but doing in the .text section, for instance, may affect the program's logic if there's a jump to a relative direction that no longer exists.

Answer 3

in general, modify the linker command file to give a name to the first address of the .proghead section.

Then, in the C file write a struct to cover the contents of the .proghead section.

Then set a C pointer variable, of the above struct type, to point to the .proghead section.

From then on, that pointer->fieldName will access each of the fields in the struct that is the .proghead section