2

I know the name of the symbols are in the shstrtab. But I don't get how to catch them. Should I cast my shstrab into a Elf64_Sym so that I can use the st_name? 

Elf64_Shdr      *shdr = (Elf64_Shdr *) (data + elf->e_shoff);
Elf64_Shdr      *symtab;
Elf64_Shdr      *shstrtab;
Elf64_Shdr      *strtab;
char            *str = (char *) (data + shdr[elf->e_shstrndx].sh_offset);

for (int i = 0; i < elf->e_shnum; i++) {
  if (shdr[i].sh_size) {
    printf("%s\n", &str[shdr[i].sh_name]);
    if (strcmp(&str[shdr[i].sh_name], ".symtab") == 0)
      symtab = (Elf64_Shdr *) &shdr[i];
    if (strcmp(&str[shdr[i].sh_name], ".shstrtab") == 0)
      shstrtab = (Elf64_Shdr *) &shdr[i];
    if (strcmp(&str[shdr[i].sh_name], ".strtab") == 0)
      strtab = (Elf64_Shdr *) &shdr[i];
  }
}

str = (char *) shstrtab;
for (size_t i = 0; i < (symtab->sh_size / sizeof(Elf64_Sym *)); i ++) {
  printf("%s\n", &str[shstrtab[i].sh_name]);
}
Employed Russian
  • 199,314
  • 34
  • 295
  • 362
SJS
  • 77
  • 1
  • 2
  • 8
  • 6
    I only understood it's about some cats... – Eugene Sh. Feb 16 '18 at 19:52
  • It sounds like you are confused about some data type. You should post a code snippet that shows where you are stuck so we can see what you are trying to do. – indiv Feb 16 '18 at 19:53
  • 1
    Elf64_Shdr *shdr = (Elf64_Shdr *) (data + elf->e_shoff); Elf64_Shdr *symtab; Elf64_Shdr *shstrtab; Elf64_Shdr *strtab; char *str = (char *) (data + shdr[elf->e_shstrndx].sh_offset); for (int i = 0; i < elf->e_shnum; i++) { if (shdr[i].sh_size) { if (strcmp(&str[shdr[i].sh_name], ".symtab") == 0) symtab = (Elf64_Shdr *) &shdr[i]; if (strcmp(&str[shdr[i].sh_name], ".shstrtab") == 0) shstrtab = (Elf64_Shdr *) &shdr[i]; if (strcmp(&str[shdr[i].sh_name], ".strtab") == 0) strtab = (Elf64_Shdr *) &shdr[i]; } } – SJS Feb 16 '18 at 19:53
  • 1
    You should be using the ELF library (`libelf.so` or thereabouts) to read and analyze the data. I've no idea what you think 'cats' are doing — did one tread on your keyboard as you were typing that? – Jonathan Leffler Feb 16 '18 at 19:54
  • Put the code into the question where you can format it, not in a comment where you can't. – Jonathan Leffler Feb 16 '18 at 19:55
  • 1
    I'm trying to recode nm without the flas – SJS Feb 16 '18 at 19:55

2 Answers2

4

Should I cast my shstrab into a Elf64_Sym so that I can use the st_name?

No.

Here is the loop you want:

Elf64_Sym *sym = (Elf64_Sym*) (data + symtab->sh_offset);
str = (char*) (data + strtab->sh_offset);

for (size_t i = 0; i < symtab->sh_size / sizeof(Elf64_Sym); i++) {
  printf("%s\n", str + sym[i].st_name);
}
Employed Russian
  • 199,314
  • 34
  • 295
  • 362
  • but there is some extra symbols and the program crash – SJS Feb 18 '18 at 13:18
  • @EmployedRussian what's **data** supposed to be? Can I just use `str = (char*) strtab->sh_offset?` – Trey Feb 29 '20 at 00:50
  • @Trey `data` is supposed to point to file *contents* loaded into memory usually by either `mmap` or by `read`ing it into a buffer. No, `strtab->sh_offset` will *not* work. – Employed Russian Feb 29 '20 at 02:00
1

You have to write symtab->sh_size / symtab->sh_entsize not like symtab->sh_size / sizeof(Elf64_Sym *) as the post above says

CharlesRA
  • 375
  • 2
  • 8