20160409 - ELF


Random source from one of my prior languages which generates an ELF header for a x86-64 Linux binary with the dlsym() symbol.

\============================================================================
                              [ELF] LINUX
-----------------------------------------------------------------------------
http://www.sco.com/developers/gabi/2000-07-17/ch4.symtab.html
http://blog.markloiseau.com/2012/05/tiny-64-bit-elf-executables/
============================================================================\
{ ElfPh! \align memsz filesz paddr,vaddr,offset type\ 
 `word .elfPhXWR `word `dup `dup `long `long `long `long `long `long }
{ ElfDs! \val tag\ `long `long }
{ ElfSym! \size value shndx other type bind name\ 
 `word 10 `mul `add `byte `byte `half `long `long }
{ ElfStr( $ .ElfStr `neg `add }
{ ElfStr) `text 0 `byte }
\===========================================================================\
{ Elf
\---------------------------------------------------------------------------\
\ELF HEADER\
\e_ident\     00010102464c457f `long
\reserved\    0  `long
\e_type\      2  `half \ET_EXEC\
\e_machine\   3e `half \X86-64\
\e_version\   1  `word \EV_CURRENT\
\e_entry\     .ElfEntry `long
\e_phoff\     .ElfPh `long
\e_shoff\     0  `long
\e_flags\     0  `word
\e_ehsize\    40 `half
\e_phentsize\ 38 `half
\e_phnum\     .ElfPh# `half
\e_shentsize\ 40 `half
\e_shnum\     0  `half
\e_shstrndx\  0  `half
\---------------------------------------------------------------------------\
\PROGRAM HEADER\
$ :ElfPh
7 :elfPhXWR \PF_X+PF_W+PF_R\
3 :ElfPh#
1       .elfIs# .elfIs# .ElfIs  3 \PT_INTERP\  ElfPh!
.BUILD# .BUILD# .ElfEnd 0       1 \PT_LOAD\    ElfPh!
8       .elfDs# .elfDs# .ElfDs  2 \PT_DYNAMIC\ ElfPh!
\---------------------------------------------------------------------------\
\DYNAMIC SECTION\
$ :ElfDs
.elfLib% 1 \DT_NEEDED\  ElfDs!
.ElfHsh  4 \DT_HASH\    ElfDs!
.ElfStr  5 \DT_STRTAB\  ElfDs!
.ElfSym  6 \DT_SYMTAB\  ElfDs!
.ElfRel  7 \DT_RELA\    ElfDs!
.elfRel# 8 \DT_RELASZ\  ElfDs!
18       9 \DT_RELAENT\ ElfDs!
0        0              ElfDs!
.ElfDs $# :elfDs#
\---------------------------------------------------------------------------\
\SYMBOL TABLE\
10 $- \overlap\
$ :ElfSym 
0 0         0 0               0              0            0          ElfSym!
0 .ElfDlSym 0 0 \STV_DEFAULT\ 1 \STT_OBJECT\ 2 \STB_WEAK\ .elfDlSym% ElfSym!
\---------------------------------------------------------------------------\
\RELOCATION TABLE\
$ :ElfRel .ElfDlSym `long 7 \R_X86_64_JUMP_SLOT\ `word 1 `word 0 `long .ElfRel $# :elfRel#
\---------------------------------------------------------------------------\
\DLSYM\
$ :ElfDlSym 0 `long
\---------------------------------------------------------------------------\
\HASH TABLE\
$ :ElfHsh 1 `word 2 `word 1 `word 0 `word 0 `word
\---------------------------------------------------------------------------\
\INTERPRETER STRING\
$ :ElfIs "/lib/ld-linux-x86-64.so.2" `text 0 `byte .ElfIs $# :elfIs#
\---------------------------------------------------------------------------\
\DYNAMIC STRING TABLE\
1 $- \overlap\
$ :ElfStr
0 `byte
ElfStr( :elfLib%   "libdl.so.2" ElfStr)
ElfStr( :elfDlSym% "dlsym"      ElfStr) }
\===========================================================================\
{ Elf( 0 `asm! 0 $0! $_0 Elf }
{ Elf) `asm :ElfEnd }
{ Elf! $ :ElfEntry }

And the associated "readelf" on a binary generated with this code,

ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x1e7
  Start of program headers:          64 (bytes into file)
  Start of section headers:          0 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         3
  Size of section headers:           64 (bytes)
  Number of section headers:         0
  Section header string table index: 0

There are no sections in this file.

There are no sections to group in this file.

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  INTERP         0x00000000000001bc 0x00000000000001bc 0x00000000000001bc
                 0x000000000000001a 0x000000000000001a  RWE    1
      [Requesting program interpreter: /lib/ld-linux-x86-64.so.2]
  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x0000000000001e48 0x0000000002000000  RWE    2000000
  DYNAMIC        0x00000000000000e8 0x00000000000000e8 0x00000000000000e8
                 0x0000000000000080 0x0000000000000080  RWE    8

Dynamic section at offset 0xe8 contains 8 entries:
  Tag        Type                         Name/Value
 0x0000000000000001 (NEEDED)             Shared library: [libdl.so.2]
 0x0000000000000004 (HASH)               0x1a8
 0x0000000000000005 (STRTAB)             0x1d5
 0x0000000000000006 (SYMTAB)             0x158
 0x0000000000000007 (RELA)               0x188
 0x0000000000000008 (RELASZ)             24 (bytes)
 0x0000000000000009 (RELAENT)            24 (bytes)
 0x0000000000000000 (NULL)               0x0

There are no relocations in this file.

The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.

Histogram for bucket list length (total of 1 buckets):
 Length  Number     % of total  Coverage
      0  0          (  0.0%)
      1  1          (100.0%)    100.0%

No version information found in this file.

And a hex dump,

00000000  7f 45 4c 46 02 01 01 00  00 00 00 00 00 00 00 00  |.ELF............|
00000010  02 00 3e 00 01 00 00 00  e7 01 00 00 00 00 00 00  |..>.............|
00000020  40 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |@...............|
00000030  00 00 00 00 40 00 38 00  03 00 40 00 00 00 00 00  |....@.8...@.....|
00000040  03 00 00 00 07 00 00 00  bc 01 00 00 00 00 00 00  |................|
00000050  bc 01 00 00 00 00 00 00  bc 01 00 00 00 00 00 00  |................|
00000060  1a 00 00 00 00 00 00 00  1a 00 00 00 00 00 00 00  |................|
00000070  01 00 00 00 00 00 00 00  01 00 00 00 07 00 00 00  |................|
00000080  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000090  00 00 00 00 00 00 00 00  48 1e 00 00 00 00 00 00  |........H.......|
000000a0  00 00 00 02 00 00 00 00  00 00 00 02 00 00 00 00  |................|
000000b0  02 00 00 00 07 00 00 00  e8 00 00 00 00 00 00 00  |................|
000000c0  e8 00 00 00 00 00 00 00  e8 00 00 00 00 00 00 00  |................|
000000d0  80 00 00 00 00 00 00 00  80 00 00 00 00 00 00 00  |................|
000000e0  08 00 00 00 00 00 00 00  01 00 00 00 00 00 00 00  |................|
000000f0  01 00 00 00 00 00 00 00  04 00 00 00 00 00 00 00  |................|
00000100  a8 01 00 00 00 00 00 00  05 00 00 00 00 00 00 00  |................|
00000110  d5 01 00 00 00 00 00 00  06 00 00 00 00 00 00 00  |................|
00000120  58 01 00 00 00 00 00 00  07 00 00 00 00 00 00 00  |X...............|
00000130  88 01 00 00 00 00 00 00  08 00 00 00 00 00 00 00  |................|
00000140  18 00 00 00 00 00 00 00  09 00 00 00 00 00 00 00  |................|
00000150  18 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000170  0c 00 00 00 21 00 00 00  a0 01 00 00 00 00 00 00  |....!...........|
00000180  00 00 00 00 00 00 00 00  a0 01 00 00 00 00 00 00  |................|
00000190  07 00 00 00 01 00 00 00  00 00 00 00 00 00 00 00  |................|
000001a0  00 00 00 00 00 00 00 00  01 00 00 00 02 00 00 00  |................|
000001b0  01 00 00 00 00 00 00 00  00 00 00 00 2f 6c 69 62  |............/lib|
000001c0  2f 6c 64 2d 6c 69 6e 75  78 2d 78 38 36 2d 36 34  |/ld-linux-x86-64|
000001d0  2e 73 6f 2e 32 00 6c 69  62 64 6c 2e 73 6f 2e 32  |.so.2.libdl.so.2|
000001e0  00 64 6c 73 79 6d 00 33  ff be b8 14 00 00 ff 15  |.dlsym.3........|

No Dynamic Linking Example
And source for a ELF which only uses syscalls and no dynamic linking for comparison,

\===============================================================
            64-BIT ELF FOR KERNEL ONLY INTERFACE
----------------------------------------------------------------
http://blog.markloiseau.com/2012/05/tiny-64-bit-elf-executables/
===============================================================\
{ Elf
\e_ident\     00010102464c457f `long
\reserved\    0  `long
\e_type\      2  `half
\e_machine\   3e `half
\e_version\   1  `word
\e_entry\     .ElfEntry `long
\e_phoff\     .ElfPh `long
\e_shoff\     0  `long
\e_flags\     0  `word
\e_ehsize\    40 `half
\e_phentsize\ 38 `half
\e_phnum\     1  `half
\e_shentsize\ 0  `half
\e_shnum\     0  `half
\e_shstrndx\  0  `half
\______________________________________________________________\
`asm :ElfPh
\p_type\   1 `word
\p_flags\  7 `word
\p_offset\ 0 `long
\p_vaddr\  0 `long
\p_paddr\  0 `long
\p_filesz\ .ElfEnd `long
\p_memsz\  4000000 `long
\p_align\  2000000 `long }
\______________________________________________________________\
{ Elf( 0 `asm! 0 $0! Elf }
{ Elf) `asm :ElfEnd }
{ ElfEntry! $ :ElfEntry }

The "readelf" results,

ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x5f6
  Start of program headers:          64 (bytes into file)
  Start of section headers:          0 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         1
  Size of section headers:           0 (bytes)
  Number of section headers:         0
  Section header string table index: 0

There are no sections in this file.

There are no sections to group in this file.

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000
                 0x00000000000006aa 0x0000000004000000  RWE    2000000

There is no dynamic section in this file.

There are no relocations in this file.

The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.

No version information found in this file.

And the hex dump (I'm too lazy so this is going to just include the full binary, which happens to be the compiler I use for the language both these ELF headers are written in),

00000000  7f 45 4c 46 02 01 01 00  00 00 00 00 00 00 00 00  |.ELF............|
00000010  02 00 3e 00 01 00 00 00  f6 05 00 00 00 00 00 00  |..>.............|
00000020  40 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |@...............|
00000030  00 00 00 00 40 00 38 00  01 00 00 00 00 00 00 00  |....@.8.........|
00000040  01 00 00 00 07 00 00 00  00 00 00 00 00 00 00 00  |................|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000060  aa 06 00 00 00 00 00 00  00 00 00 04 00 00 00 00  |................|
00000070  00 00 00 02 00 00 00 00  69 6e 2e 61 00 6f 75 74  |........in.a.out|
00000080  2e 61 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |.a..............|
00000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000b0  00 00 00 00 01 02 03 04  05 06 07 08 09 00 00 00  |................|
000000c0  00 00 00 00 0a 0b 0c 0d  0e 0f 00 00 00 00 00 00  |................|
000000d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000000e0  00 00 00 00 0a 0b 0c 0d  0e 0f 00 00 00 00 00 00  |................|
000000f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000100  00 00 00 65 05 65 05 65  05 65 05 65 05 65 05 65  |...e.e.e.e.e.e.e|
00000110  05 65 05 65 05 65 05 65  05 65 05 65 05 65 05 65  |.e.e.e.e.e.e.e.e|
*
00000140  05 65 05 65 05 d7 03 4b  04 d7 03 d7 03 ab 03 d7  |.e.e...K........|
00000150  03 06 04 d7 03 d7 03 d7  03 d7 03 05 05 d7 03 71  |...............q|
00000160  03 d7 03 a0 04 a0 04 a0  04 a0 04 a0 04 a0 04 a0  |................|
00000170  04 a0 04 a0 04 a0 04 2b  03 d7 03 d7 03 d7 03 d7  |.......+........|
00000180  03 d7 03 d7 03 d7 03 d7  03 d7 03 d7 03 d7 03 d7  |................|
*
000001b0  03 d7 03 d7 03 d7 03 d7  03 d7 03 40 05 d7 03 d7  |...........@....|
000001c0  03 d7 03 9b 02 d7 03 d7  03 d7 03 d7 03 d7 03 d7  |................|
000001d0  03 d7 03 d7 03 d7 03 d7  03 d7 03 d7 03 d7 03 d7  |................|
*
000001f0  03 d7 03 d7 03 d7 03 d7  03 05 03 d7 03 d4 02 d7  |................|
00000200  03 82 05 48 89 91 08 00  50 00 48 89 99 10 00 50  |...H....P.H....P|
00000210  00 48 89 a9 00 00 50 00  8b c5 83 c5 08 c3 b9 c5  |.H....P.........|
00000220  9d 1c 81 33 d2 33 db 40  0f b6 06 83 c6 01 48 69  |...3.3.@......Hi|
00000230  c9 93 01 00 01 48 33 c8  48 c1 e2 03 48 03 d0 48  |.....H3.H...H..H|
00000240  83 e2 f0 48 c1 e3 04 83  e0 0f 48 03 d8 40 0f b6  |...H......H..@..|
00000250  06 83 c6 01 83 f8 20 0f  87 d1 ff ff ff c1 e1 06  |...... .........|
00000260  83 c1 e0 83 c1 20 81 e1  e0 ff 7f 00 4c 3b b9 00  |..... ......L;..|
00000270  00 50 00 0f 84 8a ff ff  ff 48 3b 91 08 00 50 00  |.P.......H;...P.|
00000280  0f 85 dd ff ff ff 48 3b  99 10 00 50 00 0f 85 d0  |......H;...P....|
00000290  ff ff ff 48 8b 81 00 00  50 00 c3 e8 7e ff ff ff  |...H....P...~...|
000002a0  8b 90 00 00 20 00 8b 00  48 8b 08 48 89 0f 48 8b  |.... ...H..H..H.|
000002b0  48 08 48 89 4f 08 48 8b  48 10 48 89 4f 10 03 fa  |H.H.O.H.H.H.O...|
000002c0  40 0f b6 06 83 c6 01 8b  c8 03 c9 0f b7 89 03 01  |@...............|
000002d0  00 00 ff e1 41 8b 40 fc  41 83 e8 04 8b cf 2b 08  |....A.@.A.....+.|
000002e0  89 88 00 00 20 00 b9 c3  00 00 00 40 88 0f 83 c7  |.... ......@....|
000002f0  01 40 0f b6 06 83 c6 01  8b c8 03 c9 0f b7 89 03  |.@..............|
00000300  01 00 00 ff e1 83 c6 01  e8 11 ff ff ff 41 89 00  |.............A..|
00000310  41 83 c0 04 48 89 38 40  0f b6 06 83 c6 01 8b c8  |A...H.8@........|
00000320  03 c9 0f b7 89 03 01 00  00 ff e1 e8 ee fe ff ff  |................|
00000330  2b c7 83 e8 07 89 47 03  b9 48 89 00 00 66 89 0f  |+.....G..H...f..|
00000340  b9 05 00 00 00 40 88 4f  02 b9 48 8b 03 83 89 4f  |.....@.O..H....O|
00000350  07 b9 eb 08 00 00 66 89  4f 0b 83 c7 0d 40 0f b6  |......f.O....@..|
00000360  06 83 c6 01 8b c8 03 c9  0f b7 89 03 01 00 00 ff  |................|
00000370  e1 e8 a8 fe ff ff 2b c7  83 e8 0e 89 47 0a 48 b9  |......+.....G.H.|
00000380  48 89 43 08 83 c3 08 48  48 89 0f b9 8b 05 00 00  |H.C....HH.......|
00000390  66 89 4f 08 83 c7 0e 40  0f b6 06 83 c6 01 8b c8  |f.O....@........|
000003a0  03 c9 0f b7 89 03 01 00  00 ff e1 e8 6e fe ff ff  |............n...|
000003b0  89 47 08 48 b9 48 89 43  08 83 c3 08 b8 48 89 0f  |.G.H.H.C.....H..|
000003c0  83 c7 0c 40 0f b6 06 83  c6 01 8b c8 03 c9 0f b7  |...@............|
000003d0  89 03 01 00 00 ff e1 83  c6 ff e8 3f fe ff ff 2b  |...........?...+|
000003e0  c7 83 e8 06 89 47 02 b9  ff 15 00 00 66 89 0f 83  |.....G......f...|
000003f0  c7 06 40 0f b6 06 83 c6  01 8b c8 03 c9 0f b7 89  |..@.............|
00000400  03 01 00 00 ff e1 e8 13  fe ff ff 8b 00 2b c7 83  |.............+..|
00000410  e8 0f 89 47 0b 48 b9 48  85 c0 48 8b 03 8d 5b 48  |...G.H.H..H...[H|
00000420  89 0f b9 f8 0f 00 00 66  89 4f 08 b9 85 00 00 00  |.......f.O......|
00000430  40 88 4f 0a 83 c7 0f 40  0f b6 06 83 c6 01 8b c8  |@.O....@........|
00000440  03 c9 0f b7 89 03 01 00  00 ff e1 8b ce 40 0f b6  |.............@..|
00000450  06 83 c6 01 83 f8 22 0f  85 f0 ff ff ff 8b c6 2b  |......"........+|
00000460  c1 83 c0 ff 89 4f 05 89  47 11 b9 48 89 43 08 89  |.....O..G..H.C..|
00000470  0f b9 b8 00 00 00 40 88  4f 04 48 b9 48 89 43 10  |......@.O.H.H.C.|
00000480  83 c3 10 b8 48 89 4f 09  83 c7 15 40 0f b6 46 01  |....H.O....@..F.|
00000490  83 c6 02 8b c8 03 c9 0f  b7 89 03 01 00 00 ff e1  |................|
000004a0  33 c9 40 0f b6 80 83 00  00 00 48 c1 e1 04 48 03  |3.@.......H...H.|
000004b0  c8 40 0f b6 06 83 c6 01  83 f8 30 0f 83 e1 ff ff  |.@........0.....|
000004c0  ff 48 8b d1 48 f7 da 8d  5e 01 83 f8 2d 48 0f 44  |.H..H...^...-H.D|
000004d0  ca 0f 44 f3 48 89 4f 09  48 b9 48 89 43 08 83 c3  |..D.H.O.H.H.C...|
000004e0  08 48 48 89 0f b9 b8 00  00 00 40 88 4f 08 83 c7  |.HH.......@.O...|
000004f0  11 40 0f b6 06 83 c6 01  8b c8 03 c9 0f b7 89 03  |.@..............|
00000500  01 00 00 ff e1 40 0f b6  06 40 0f b6 88 83 00 00  |.....@...@......|
00000510  00 40 0f b6 46 01 40 0f  b6 80 83 00 00 00 48 c1  |.@..F.@.......H.|
00000520  e1 04 48 03 c8 40 88 0f  83 c7 01 40 0f b6 46 03  |..H..@.....@..F.|
00000530  83 c6 04 8b c8 03 c9 0f  b7 89 03 01 00 00 ff e1  |................|
00000540  40 0f b6 06 83 c6 01 83  f8 5c 0f 85 f0 ff ff ff  |@........\......|
00000550  40 0f b6 46 01 83 c6 02  8b c8 03 c9 0f b7 89 03  |@..F............|
00000560  01 00 00 ff e1 40 0f b6  06 83 c6 01 83 f8 20 0f  |.....@........ .|
00000570  86 f0 ff ff ff 8b c8 03  c9 0f b7 89 03 01 00 00  |................|
00000580  ff e1 48 b9 d9 bf 6f 7a  22 42 bc 83 48 ba 40 96  |..H...oz"B..H.@.|
00000590  00 00 00 00 00 00 48 bb  71 e6 00 00 00 00 00 00  |......H.q.......|
000005a0  e8 b8 fc ff ff bb 00 00  20 01 ba 00 00 30 01 bf  |........ ....0..|
000005b0  00 00 30 00 8b 00 ff d0  8d 9f 00 00 d0 ff bf 7d  |..0............}|
000005c0  00 00 00 be 41 02 00 00  ba c0 01 00 00 b8 02 00  |....A...........|
000005d0  00 00 0f 05 8b e8 8b fd  be 00 00 30 00 8b d3 b8  |...........0....|
000005e0  01 00 00 00 0f 05 8b fd  b8 03 00 00 00 0f 05 b8  |................|
000005f0  e7 00 00 00 0f 05 48 83  e4 f0 bf 78 00 00 00 be  |......H....x....|
00000600  00 00 00 00 b8 02 00 00  00 0f 05 8b d8 48 b8 ff  |.............H..|
00000610  ff ff ff ff ff ff ff 48  89 05 e2 f9 01 00 bf 00  |.......H........|
00000620  00 00 00 be 00 00 02 00  ba 08 00 02 00 41 ba 08  |.............A..|
00000630  00 00 00 b8 0d 00 00 00  0f 05 8b fb be 10 00 02  |................|
00000640  00 b8 05 00 00 00 0f 05  8b fb be 00 00 10 00 48  |...............H|
00000650  8b 15 ea f9 01 00 b8 00  00 00 00 0f 05 8b fb b8  |................|
00000660  03 00 00 00 0f 05 48 b8  00 00 00 00 7f 7f 7f 7f  |......H.........|
00000670  48 8b 1d c9 f9 01 00 48  89 83 00 00 10 00 bd 00  |H......H........|
00000680  00 d0 00 be 00 00 10 00  bf 00 00 40 01 41 b8 00  |...........@.A..|
00000690  00 10 01 45 33 ff 40 0f  b6 06 83 c6 01 8b c8 03  |...E3.@.........|
000006a0  c9 0f b7 89 03 01 00 00  ff e1                    |..........|