3

What is the right way to get text section of Elf file and display it's content? I've tried to do it myself but it's showing just 250 bites of data, but when I try with readelf command it shows me much more. I think I just made wrong offset to get the section. What is the right approach?

Update: I supplemented the code. Now, it gives me segmentation fault when I want to print symbol names.

danilo
  • 56
  • 8
  • 1
    You could use libelf to read the elf file. – Tom Karzes Apr 07 '20 at 12:56
  • No I can't, I can only use elf.h library and nothing else – danilo Apr 07 '20 at 13:01
  • 2
    It doesn't matter for Unix, but you should use `"rb"` mode for binary files. – Ian Abbott Apr 07 '20 at 14:23
  • 2
    "elf.h" is a header file, not a library. The accompanied library is "libelf" and needs to be linked to your program if you use any object (variable or function) of it, what you don't plan to do, apparently. It seems that you just use the type declarations of the header file. – the busybee Apr 07 '20 at 14:58
  • PLEASE don't remove the source code from the question! It renders your question useless. – the busybee Dec 01 '20 at 11:47

1 Answers1

1

I think I just made wrong offset to get the section.

Your program iterates over all sections, so at the end of the first loop, sectHdr contains the section header of the last section, which is unlikely to the .text section.

So in the second loop you print the contents of whatever section happened to be the last.

To print the .text section, you need to save its section header when you come across it.

Update:

So if I do for loop over all sections and then strcmp with every name, and when I find matching with .text I save the adress of that header.

You don't save the address of that header -- you save the contents.

What about if I want to access to Symbol table, which is not Section (has its own type: Elf32_Sym), how do I reach that table?

The symbol table does have its own section (containing a set of Elf32_Sym records). See this answer.

Update 2:

This code:

    if(strcmp(name, ".symtab") == 0) {
        //symbolTable = (Elf32_Sym*)sectHdr.sh_addr;
        symtab = (Elf32_Shdr*) &sectHdr;
    }
    if(strcmp(name, ".strtab") == 0) {
        strtab = (Elf32_Shdr *) &sectHdr;
    }

is obviously broken: you save a pointer to memory that you overwrite on each iteration of the loop. You must save a copy of .symtab and .strtab section header (just as you do for .text).

An even better solution is to mmap the entire file into memory. Then you can save pointers to various parts of it (that's what the other answer does -- the data there points to the start of mmaped region).

Employed Russian
  • 199,314
  • 34
  • 295
  • 362
  • So if I do for loop over all sections and then strcmp with every name, and when I find matching with .text I save the adress of that header. What about if I want to access to Symbol table, which is not Section (has its own type: Elf32_Sym), how do I reach that table? – danilo Apr 07 '20 at 17:27
  • I get it, THANK YOU. I'm just curious what is the "data" variable (type, for what is used) in the code at the link. – danilo Apr 07 '20 at 20:43
  • 1
    @danilo The `data` variable in the other question is a `char*` pointing to the buffer into which the entire file was read. So the `ELF` header `elf` is `(struct Elf64_Ehdr *)data`, and section header `shdr` is `(Elf64_Shdr *)(data + elf->e_shoff)`, etc. – Employed Russian Apr 07 '20 at 22:09
  • I updated the code, which now gives me segmentation fault when I want to display Symbol names – danilo Apr 08 '20 at 13:00
  • 1
    Should also check the magic number to be sure its really claiming to be an elf file before processing the rest. – stark Apr 08 '20 at 14:59
  • In the specifications it's mentioned that this will be tested only with elf files, so I don't need to check this, but yeah, good stuff to include. – danilo Apr 09 '20 at 10:19
  • @EmployedRussian did you also check if my code for print text section is right? Cause when I check it with dumpelf command there are not the same characters as my code output – danilo Apr 11 '20 at 09:16
  • @danilo You appear to want to extend this question forever. Instead, you should accept this answer, and ask a new question. Before doing so, please clean up your program so it compiles without warnings, and has no remnants of abandoned approaches. The reason your program crashes is the same reason I already told you about: `symtab` points to memory that you overwrite. Don't do *that*. – Employed Russian Apr 11 '20 at 22:24