Created
February 18, 2012 21:36
-
-
Save jesstess/1861075 to your computer and use it in GitHub Desktop.
Where in an ELF executable do various types of strings live?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Where in an ELF executable do various types of strings live? | |
| Inspired by "How to waste a lot of space without knowing": http://glandium.org/blog/?p=2361 | |
| Test file: | |
| $ cat /tmp/test.c | |
| char *ptr_global = "ptr_global_string"; | |
| char array_global[] = "array_global_string"; | |
| const char *const_ptr_global = "const_ptr_global_string"; | |
| const char const_array_global[] = "const_array_global_string"; | |
| int main() { | |
| return 0; | |
| } | |
| Test run on a 32-bit machine running Ubuntu: | |
| $ uname -a | |
| Linux aja 2.6.38-13-generic #53-Ubuntu SMP Mon Nov 28 19:23:39 UTC 2011 i686 i686 i386 GNU/Linux | |
| For each of the strings in test.c, where does the string live, and if applicable where does the pointer to the string live? | |
| ptr_global: | |
| - string lives in .rodata | |
| - ptr lives in .data, 4 bytes | |
| array_global: | |
| - string lives in .data section, 20 bytes ie length of string including NULL terminator | |
| const_ptr_global: | |
| - string lives in .rodata | |
| - ptr lives in .data, 4 bytes | |
| const_array_global: | |
| - string lives in .rodata section, 26 bytes ie length of string including NULL terminator | |
| === | |
| Proof: | |
| array_global_string is in .data: | |
| $ readelf -x .data test | |
| Hex dump of section '.data': | |
| 0x0804a008 00000000 00000000 60840408 61727261 ........`...arra | |
| 0x0804a018 795f676c 6f62616c 5f737472 696e6700 y_global_string. | |
| 0x0804a028 72840408 r... | |
| All others are in .rodata: | |
| $ readelf -x .rodata test | |
| Hex dump of section '.rodata': | |
| 0x08048458 03000000 01000200 7074725f 676c6f62 ........ptr_glob | |
| 0x08048468 616c5f73 7472696e 6700636f 6e73745f al_string.const_ | |
| 0x08048478 7074725f 676c6f62 616c5f73 7472696e ptr_global_strin | |
| 0x08048488 6700636f 6e73745f 61727261 795f676c g.const_array_gl | |
| 0x08048498 6f62616c 5f737472 696e6700 obal_string. | |
| We can see the strings themselves in the disassembly of the .rodata and .data sections for the array_ strings. We can see the pointers to the ptr_ strings in .data. (Note that the pointers are not constant, the strings are -- if we wanted a constant pointer to a constant string we would need `const char * const ptr`, and then the pointers would be in .rodata): | |
| $ objdump -D test | |
| ... | |
| Disassembly of section .rodata: | |
| 0804848a <const_array_global>: | |
| 804848a: 63 6f 6e arpl %bp,0x6e(%edi) | |
| 804848d: 73 74 jae 8048503 <__FRAME_END__+0x5f> | |
| 804848f: 5f pop %edi | |
| 8048490: 61 popa | |
| 8048491: 72 72 jb 8048505 <__FRAME_END__+0x61> | |
| 8048493: 61 popa | |
| 8048494: 79 5f jns 80484f5 <__FRAME_END__+0x51> | |
| 8048496: 67 6c insb (%dx),%es:(%di) | |
| 8048498: 6f outsl %ds:(%esi),(%dx) | |
| 8048499: 62 61 6c bound %esp,0x6c(%ecx) | |
| 804849c: 5f pop %edi | |
| 804849d: 73 74 jae 8048513 <__FRAME_END__+0x6f> | |
| 804849f: 72 69 jb 804850a <__FRAME_END__+0x66> | |
| 80484a1: 6e outsb %ds:(%esi),(%dx) | |
| 80484a2: 67 addr16 | |
| ... | |
| Disassembly of section .data: | |
| ... | |
| 0804a010 <ptr_global>: | |
| 804a010: 60 pusha | |
| 804a011: 84 04 08 test %al,(%eax,%ecx,1) | |
| 0804a014 <array_global>: | |
| 804a014: 61 popa | |
| 804a015: 72 72 jb 804a089 <_end+0x55> | |
| 804a017: 61 popa | |
| 804a018: 79 5f jns 804a079 <_end+0x45> | |
| 804a01a: 67 6c insb (%dx),%es:(%di) | |
| 804a01c: 6f outsl %ds:(%esi),(%dx) | |
| 804a01d: 62 61 6c bound %esp,0x6c(%ecx) | |
| 804a020: 5f pop %edi | |
| 804a021: 73 74 jae 804a097 <_end+0x63> | |
| 804a023: 72 69 jb 804a08e <_end+0x5a> | |
| 804a025: 6e outsb %ds:(%esi),(%dx) | |
| 804a026: 67 00 72 84 add %dh,-0x7c(%bp,%si) | |
| 0804a028 <const_ptr_global>: | |
| 804a028: 72 84 jb 8049fae <_DYNAMIC+0x86> | |
| 804a02a: 04 08 add $0x8,%al | |
| The symbols have entries in .symtab: | |
| $ readelf -s test | egrep "ptr|global" | |
| ... | |
| 47: 0804a028 4 OBJECT GLOBAL DEFAULT 23 const_ptr_global | |
| 52: 0804848a 26 OBJECT GLOBAL DEFAULT 15 const_array_global | |
| 56: 0804a014 20 OBJECT GLOBAL DEFAULT 23 array_global | |
| 62: 0804a010 4 OBJECT GLOBAL DEFAULT 23 ptr_global | |
| The symbol names have entries in .strtab: | |
| $ readelf -p .strtab test | egrep "ptr|global" | |
| ... | |
| [ 11d] const_ptr_global | |
| [ 15e] const_array_global | |
| [ 1aa] array_global | |
| [ 1f2] ptr_global |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment