1 #pragma once 2 #include <common/glib.h> 3 4 // --> begin ==============EHDR===================== 5 // Reference: https://docs.oracle.com/cd/E23824_01/html/819-0690/chapter6-43405.html#scrolltoc 6 7 // ====== ELF32 Header中的数据类型定义 ==== 8 typedef uint32_t Elf32_Addr; 9 typedef uint16_t Elf32_Half; 10 typedef uint32_t Elf32_Off; 11 typedef uint32_t Elf32_SWord; 12 typedef uint32_t Elf32_Word; 13 14 // ====== ELF64 Header中的数据类型定义 ==== 15 typedef uint64_t Elf64_Addr; 16 typedef uint16_t Elf64_Half; 17 typedef uint64_t Elf64_Off; 18 typedef uint32_t Elf64_Sword; 19 typedef uint32_t Elf64_Word; 20 typedef uint64_t Elf64_Xword; 21 typedef uint64_t Elf64_Sxword; 22 23 // ====== ELF Identification Index ====== 24 // Purpose: File identification 25 #define EI_MAG0 0 26 #define EI_MAG1 1 27 #define EI_MAG2 2 28 #define EI_MAG3 3 29 // Purpose: File class 30 #define EI_CLASS 4 31 // Purpose: Data encoding 32 #define EI_DATA 5 33 // Purpose: File version 34 #define EI_VERSION 6 // e_ident[EI_VERSION]指定了ELF header的版本号 当前这个值必须是EV_CURRENT 35 36 // Purpose: Operating system/ABI identification 37 #define EI_OSABI 7 // e_ident[EI_OSABI]指定了操作系统以及对象所对应的ABI 38 39 // Purpose: ABI version 40 #define EI_ABIVERSION 8 // e_ident[EI_ABIVERSION] 指定了对象所对应的ABI版本. 41 42 // Purpose: Start of padding bytes 43 #define EI_PAD 9 // 这个值标志了e_ident中未使用字节的的起始下标 44 // Purpose: Size of e_ident[] 45 #define EI_NIDENT 16 46 47 // EI_MAG0 - EI_MAG3 这是一个4byte的 magic number 48 #define ELFMAG0 0x7f 49 #define ELFMAG1 'E' 50 #define ELFMAG2 'L' 51 #define ELFMAG3 'F' 52 53 // EI_CLASS e_ident[EI_CLASS]指明了文件的类型或capacity 54 #define ELFCLASSNONE 0 // Invalid class 55 #define ELFCLASS32 1 // 32–bit objects 56 #define ELFCLASS64 2 // 64–bit objects 57 58 // EI_DATA e_ident[EI_DATA]指明了与处理器相关的数据的编码方式 59 #define ELFDATANONE 0 60 #define ELFDATA2LSB 1 // 小端对齐 61 #define ELFDATA2MSB 2 // 大端对齐 62 63 // ELF e_type的类型定义 64 #define ET_NONE 0 // No file type 65 #define ET_REL 1 // Relocatable file 66 #define ET_EXEC 2 // Executable file 67 #define ET_DYN 3 // Shared object file 68 #define ET_CORE 4 // Core file 69 #define ET_LOPROC 0xff00 // Processor-specific 70 #define ET_HIPROC 0xffff // Processor-specific 71 72 // e_machine的类型定义 73 #define EM_NONE 0 // No machine 74 #define EM_SPARC 2 // SPARC 75 #define EM_386 3 // Intel 80386 76 #define EM_SPARC32PLUS 18 // Sun SPARC 32+ 77 #define EM_SPARCV9 43 // SPARC V9 78 #define EM_AMD64 62 // AMD 64 79 80 // e_version的类型定义 81 #define EV_NONE 0 // Invalid Version 82 // EV_CURRENT: Value>=1 means current version 83 84 // e_flags 定义 85 // e_flags for SPARC 86 #define EF_SPARC_EXT_MASK 0xffff00 // Vendor Extension mask 87 #define EF_SPARC_32PLUS 0x000100 // Generic V8+ features 88 #define EF_SPARC_SUN_US1 0x000200 // Sun UltraSPARC 1 Extensions 89 #define EF_SPARC_HAL_R1 0x000400 // HAL R1 Extensions 90 #define EF_SPARC_SUN_US3 0x000800 // Sun UltraSPARC 3 Extensions 91 #define EF_SPARCV9_MM 0x3 // Mask for Memory Model 92 #define EF_SPARCV9_TSO 0x0 // Total Store Ordering 93 #define EF_SPARCV9_PSO 0x1 // Partial Store Ordering 94 #define EF_SPARCV9_RMO 0x2 // Relaxed Memory Ordering 95 96 #define PN_XNUM 0xffff 97 98 typedef struct 99 { 100 unsigned char e_ident[EI_NIDENT]; 101 Elf32_Half e_type; 102 Elf32_Half e_machine; 103 Elf32_Word e_version; 104 Elf32_Addr e_entry; 105 Elf32_Off e_phoff; 106 Elf32_Off e_shoff; 107 Elf32_Word e_flags; 108 Elf32_Half e_ehsize; 109 Elf32_Half e_phentsize; 110 Elf32_Half e_phnum; 111 Elf32_Half e_shentsize; 112 Elf32_Half e_shnum; 113 Elf32_Half e_shstrndx; 114 } Elf32_Ehdr; 115 116 typedef struct 117 { 118 unsigned char e_ident[EI_NIDENT]; // 标志字节,这些字节与机器架构类型无关。目的是为了告诉我们如何解析这个文件的内容 119 Elf64_Half e_type; // 文件类型标志符 120 Elf64_Half e_machine; // 该文件依赖的处理器架构类型 121 Elf64_Word e_version; // 对象文件的版本 122 Elf64_Addr e_entry; // 进程的虚拟地址入点,使用字节偏移量表示。如果没有entry point,则该值为0 123 Elf64_Off e_phoff; // The program header table's file offset in bytes. 若没有,则为0 124 Elf64_Off e_shoff; // The section header table's file offset in bytes. 若没有,则为0 125 Elf64_Word e_flags; // 与处理器相关联的flags。格式为: EF_machine_flag 如果是x86架构,那么该值为0 126 Elf64_Half e_ehsize; // ELF Header的大小(单位:字节) 127 Elf64_Half e_phentsize; // 程序的program header table中的一个entry的大小(所有的entry大小相同) 128 Elf64_Half e_phnum; // program header table的entry数量 129 // e_phentsize*e_phnum=program header table的大小 130 // 如果没有program header table,该值为0 131 // 如果entry num>=PN_XNUM(0xffff), 那么该值为0xffff,且真实的pht的entry数量存储在section header的sh_info中(index=0) 132 // 其他情况下,第一个section header entry的sh_info的值为0 133 134 Elf64_Half e_shentsize; // 每个section header的大小(字节 135 // 每个section header是section header table的一个entry 136 137 Elf64_Half e_shnum; // section header table的entry数量 138 // e_shentsize*e_shnum=section header table的大小 139 // 如果没有section header table,那么该值为0 140 // 如果section的数量>=SHN_LORESERVE(0xff00),那么该值为0,且真实的section数量存储在 141 // section header at index 0的sh_size变量中,否则第一个sh_size为0 142 143 Elf64_Half e_shstrndx; // 与section name string表相关联的section header table的entry的索引下标 144 // 如果没有name string table,那么该值等于SHN_UNDEF 145 // 如果对应的index>=SHN_LORESERVE(0xff00), 那么该变量值为SHN_XINDEX(0xffff) 146 // 且真正的section name string table的index被存放在section header的index=0处的sh_link变量中 147 // 否则初始section header entry的sh_link变量为0 148 } Elf64_Ehdr; 149 150 // --> end ==============EHDR===================== 151 152 // --> begin ==============SHDR===================== 153 154 // reference: https://docs.oracle.com/cd/E23824_01/html/819-0690/chapter6-94076.html#scrolltoc 155 156 // ===== ELF Special Section Indexes ===== 157 #define SHN_UNDEF 0 // An undefined, missing, irrelevant, or otherwise meaningless section reference. 158 #define SHN_LORESERVE 0xff00 // The lower boundary of the range of reserved indexes. 159 // The system reserves indexes between SHN_LORESERVE and SHN_HIRESERVE, inclusive. 160 #define SHN_LOPROC 0xff00 // SHN_LOPROC - SHN_HIPROC 这个范围以内的数据为处理器特定的语义所保留 161 #define SHN_BEFORE 0xff00 // SHN_BEFORE, SHN_AFTER 与SHF_LINK_ORDER及SHF_ORDERED section flags一起,提供初始和终止section的 162 #define SHN_AFTER 0xff01 163 #define SHN_AMD64_LCOMMON 0xff02 // x64 specific common block label. This label is similar to SHN_COMMON, but provides for identifying a large common block. 164 #define SHN_HIPROC 0xff1f 165 #define SHN_LOOS 0xff20 // SHN_LOOS - SHN_HIOS 这个范围你的数为操作系统特定的语义所保留 166 #define SHN_LOSUNW 0xff3f // SHN_LOSUNW - SHN_HISUNW Values in this inclusive range are reserved for Sun-specific semantics. 167 #define SHN_SUNW_IGNORE 0xff3f // This section index provides a temporary symbol definition within relocatable objects. Reserved for internal use by dtrace(1M). 168 #define SHN_HISUNW 0xff3f 169 #define SHN_HIOS 0xff3f 170 #define SHN_ABS 0xfff1 // 对应的引用的绝对值。 举个例子,symbols defined relative to section number SHN_ABS have absolute values and are not affected by relocation. 171 #define SHN_COMMON 0xfff2 // Symbols defined relative to this section are common symbols 172 #define SHN_XINDEX 0xffff 173 #define SHN_HIRESERVE 0xffff // The upper boundary of the range of reserved indexes. 174 /* 175 Note - 176 Although index 0 is reserved as the undefined value, 177 the section header table contains an entry for index 0. 178 That is, if the e_shnum member of the ELF header indicates 179 a file has 6 entries in the section header table, the sections 180 have the indexes 0 through 5. The contents of the initial entry 181 are specified later in this section. 182 */ 183 184 typedef struct 185 { 186 Elf32_Word sh_name; 187 Elf32_Word sh_type; 188 Elf32_Word sh_flags; 189 Elf32_Addr sh_addr; 190 Elf32_Off sh_offset; 191 Elf32_Word sh_size; 192 Elf32_Word sh_link; 193 Elf32_Word sh_info; 194 Elf32_Word sh_addralign; 195 Elf32_Word sh_entsize; 196 } Elf32_Shdr; 197 198 typedef struct 199 { 200 Elf64_Word sh_name; // 段名 201 Elf64_Word sh_type; // 段的类型(按照内容和语义来分类) 202 Elf64_Xword sh_flags; 203 Elf64_Addr sh_addr; // 该section在进程的内存空间中的基地址。如果该段不需要出现在内存中,该值为0 204 Elf64_Off sh_offset; // The byte offset from the beginning of the file to the first byte in the section 205 // 对于一个 SHT_NOBITS section,这个变量指的是概念上的偏移量。因为这种段并不是真正存在于文件中 206 Elf64_Xword sh_size; // The section's size in bytes(如果是SHT_NOBITS类型的section,section不会在文件中真正占用sh_size的空间) 207 Elf64_Word sh_link; // A section header table index link, whose interpretation depends on the section type. 208 Elf64_Word sh_info; // 依赖于section type来解析的额外的信息。如果sh_flags有SHF_INFO_LINK属性,那么这个变量代表一个section header table index. 209 Elf64_Xword sh_addralign; // 地址按照多少bytes对齐。只允许使用2的n次幂的值。如果值为0或1,则意味着地址没有对齐要求。 210 Elf64_Xword sh_entsize; // 如果某个段拥有指定size的entry,则在这里指定,否则为0 211 } Elf64_Shdr; 212 213 // ELF Section Types, sh_type 214 #define SHT_NULL 0 215 #define SHT_PROGBITS 1 216 #define SHT_SYMTAB 2 // Identifies a symbol table 217 #define SHT_STRTAB 3 // Identifies a string table. 218 #define SHT_RELA 4 219 #define SHT_HASH 5 220 #define SHT_DYNAMIC 6 221 #define SHT_NOTE 7 222 #define SHT_NOBITS 8 223 #define SHT_REL 9 224 #define SHT_SHLIB 10 225 #define SHT_DYNSYM 11 // Identifies a symbol table 226 #define SHT_INIT_ARRAY 14 227 #define SHT_FINI_ARRAY 15 228 #define SHT_PREINIT_ARRAY 16 229 #define SHT_GROUP 17 230 #define SHT_SYMTAB_SHNDX 18 231 #define SHT_LOOS 0x60000000 232 #define SHT_LOSUNW 0x6fffffef 233 #define SHT_SUNW_capchain 0x6fffffef 234 #define SHT_SUNW_capinfo 0x6ffffff0 235 #define SHT_SUNW_symsort 0x6ffffff1 236 #define SHT_SUNW_tlssort 0x6ffffff2 237 #define SHT_SUNW_LDYNSYM 0x6ffffff3 // Identifies a symbol table 238 #define SHT_SUNW_dof 0x6ffffff4 239 #define SHT_SUNW_cap 0x6ffffff5 240 #define SHT_SUNW_SIGNATURE 0x6ffffff6 241 #define SHT_SUNW_ANNOTATE 0x6ffffff7 242 #define SHT_SUNW_DEBUGSTR 0x6ffffff8 243 #define SHT_SUNW_DEBUG 0x6ffffff9 244 #define SHT_SUNW_move 0x6ffffffa 245 #define SHT_SUNW_COMDAT 0x6ffffffb 246 #define SHT_SUNW_syminfo 0x6ffffffc 247 #define SHT_SUNW_verdef 0x6ffffffd 248 #define SHT_SUNW_verneed 0x6ffffffe 249 #define SHT_SUNW_versym 0x6fffffff 250 #define SHT_HISUNW 0x6fffffff 251 #define SHT_HIOS 0x6fffffff 252 #define SHT_LOPROC 0x70000000 253 #define SHT_SPARC_GOTDATA 0x70000000 254 #define SHT_AMD64_UNWIND 0x70000001 255 #define SHT_HIPROC 0x7fffffff 256 #define SHT_LOUSER 0x80000000 257 #define SHT_HIUSER 0xffffffff 258 259 // ELF Section Attribute Flags 260 #define SHF_WRITE 0x1 // Identifies a section that should be writable during process execution 261 #define SHF_ALLOC 0x2 // Identifies a section that occupies memory during process execution 262 #define SHF_EXECINSTR 0x4 // contains executable machine instructions 263 #define SHF_MERGE 0x10 264 #define SHF_STRINGS 0x20 265 #define SHF_INFO_LINK 0x40 // This section headers sh_info field holds a section header table index 266 #define SHF_LINK_ORDER 0x80 // This section adds special ordering requirements to the link-editor 267 #define SHF_OS_NONCONFORMING 0x100 268 #define SHF_GROUP 0x200 269 #define SHF_TLS 0x400 270 #define SHF_MASKOS 0x0ff00000 271 #define SHF_AMD64_LARGE 0x10000000 // identifies a section that can hold more than 2 Gbyte 272 #define SHF_ORDERED 0x40000000 273 #define SHF_EXCLUDE 0x80000000 274 #define SHF_MASKPROC 0xf0000000 275 276 // --> end ==============SHDR===================== 277 278 // --> begin ========== symbol table section ====== 279 typedef struct 280 { 281 Elf32_Word st_name; 282 Elf32_Addr st_value; 283 Elf32_Word st_size; 284 unsigned char st_info; 285 unsigned char st_other; 286 Elf32_Half st_shndx; 287 } Elf32_Sym; 288 typedef struct 289 { 290 Elf64_Word st_name; 291 unsigned char st_info; 292 unsigned char st_other; 293 Elf64_Half st_shndx; 294 Elf64_Addr st_value; 295 Elf64_Xword st_size; 296 } Elf64_Sym; 297 298 // --> end ========== symbol table section ====== 299 300 // --> begin ========== program header ========= 301 // Ref: https://docs.oracle.com/cd/E23824_01/html/819-0690/chapter6-83432.html#scrolltoc 302 303 typedef struct 304 { 305 Elf32_Word p_type; 306 Elf32_Off p_offset; 307 Elf32_Addr p_vaddr; 308 Elf32_Addr p_paddr; 309 Elf32_Word p_filesz; 310 Elf32_Word p_memsz; 311 Elf32_Word p_flags; 312 Elf32_Word p_align; 313 } Elf32_Phdr; 314 315 typedef struct 316 { 317 Elf64_Word p_type; 318 Elf64_Word p_flags; 319 Elf64_Off p_offset; 320 Elf64_Addr p_vaddr; 321 Elf64_Addr p_paddr; 322 Elf64_Xword p_filesz; 323 Elf64_Xword p_memsz; 324 Elf64_Xword p_align; 325 } Elf64_Phdr; 326 327 // ELF segment types 328 #define PT_NULL 0 329 #define PT_LOAD 1 // Specifies a loadable segment 330 #define PT_DYNAMIC 2 // Specifies dynamic linking information. 331 #define PT_INTERP 3 // Specifies the location and size of a null-terminated path name to invoke as an interpreter 332 #define PT_NOTE 4 // Specifies the location and size of auxiliary information 333 #define PT_SHLIB 5 334 #define PT_PHDR 6 // Specifies the location and size of the program header table 335 #define PT_TLS 7 // Specifies a thread-local storage template 336 /* 337 PT_LOOS - PT_HIOS 338 Values in this inclusive range are reserved for OS-specific semantics. 339 */ 340 #define PT_LOOS 0x60000000 341 #define PT_SUNW_UNWIND 0x6464e550 342 #define PT_SUNW_EH_FRAME 0x6474e550 343 #define PT_LOSUNW 0x6ffffffa 344 #define PT_SUNWBSS 0x6ffffffa 345 #define PT_SUNWSTACK 0x6ffffffb 346 #define PT_SUNWDTRACE 0x6ffffffc 347 #define PT_SUNWCAP 0x6ffffffd 348 #define PT_HISUNW 0x6fffffff 349 #define PT_HIOS 0x6fffffff 350 #define PT_LOPROC 0x70000000 351 #define PT_HIPROC 0x7fffffff 352 353 // ELF Segment Flags 354 #define PF_X 0x1 // Execute 355 #define PF_W 0x2 // Write 356 #define PF_R 0x4 // Read 357 #define PF_MASKPROC 0xf0000000 // Unspecified 358 359 360 // --> end ========== program header ========= 361 362 /** 363 * @brief 校验是否为ELF文件 364 * 365 * @param ehdr 366 */ 367 bool elf_check(void * ehdr);