diff options
Diffstat (limited to 'md/writeup/list_linux_elf_section_names.md')
| -rw-r--r-- | md/writeup/list_linux_elf_section_names.md | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/md/writeup/list_linux_elf_section_names.md b/md/writeup/list_linux_elf_section_names.md new file mode 100644 index 0000000..0f45a4b --- /dev/null +++ b/md/writeup/list_linux_elf_section_names.md @@ -0,0 +1,66 @@ +title: List ELF section names +keywords: elf,sections,linux + +# List ELF section names +Every ELF (Executable Linux Format) file has standard structure. +There is section names that used to identify purpose of section. + +Here is example how to write all names of all ELF sections. + +Here is steps that we have taken: +1. Find String Table Section +2. Get all section names from string table section +3. Run trough all section an get names of sections + +First of all we need get ELF header (Elf32_Ehdr) from position 0. +ELF header have offset of section headers (Elf32_Ehdr.e_shoff). + +Sting table section have attributes with help us to recognize it: +1. string table section header address in memory (Elf32_Shdr.sh_addr) is 0 +2. its type (Elf32_Shdr.sh_type) is SHT_STRTAB = 3 +3. and it is first section with such attributes + +To get trough all sections we make for cycle. We can get number +of sections from (Elf32_Ehdr.e_shnum) . +we run all trough all sections and checking for 3 string table section +rules. + +```c +for ( iter_s=0; iter_s < ELFheader.e_shnum; iter_s++ ) + { + fseek( f, ELFheader.e_shoff+(ELFheader.e_shentsize*iter_s), SEEK_SET); + fread( &STRheader, ELFheader.e_shentsize, 1, f ); + if ((STRheader.sh_type == SHT_STRTAB) && + (STRheader.sh_addr == 0x00000000)) + { + //some code + iter_s=ELFheader.e_shnum+1; //this is to exit from for cycle + } + } +``` + +String table section has all section names as strings. Section name +is in (Elf32_Shdr.sh_name) as position number of strings first symbol. + +All string table values we read inside buffer + +```c +fseek( f, STRheader.sh_offset, SEEK_SET); +fread( STR_buffer, STRheader.sh_size, 1, f); +``` + +Now we can get section name with + +```c +printf("%s\n", STR_buffer+ITERheader.sh_name); +``` + +This is example code to get some info from ELF file. There is allot other +info that can be gained from ELF file. + + + +## Downloads +elf_section_list.zip - +2KiB - http://archive.main.lv/files/writeup/list_elf_section_names/elf_section_list.zip + |