Last Updated : 03 Sep, 2024
When we compile source code, an object file is generated of the program and with the help of linker, this object files gets converted to a binary file which, only the machine can understand. This kind of file follows some structures one of which is ELF(Executable and Linkable Format). And to get the information of these ELF files 'readelf' command is used.
Here, we will explore how to effectively use the 'readelf' command to work with ELF files in Linux.
'readelf' is a command-line tool that allows you to view detailed information about ELF files. ELF is a common file format for executables, object code, shared libraries, and core dumps in Unix-based systems. The 'readelf' command provides insights into the structure of these files, displaying headers, sections, symbols, and other critical information needed for understanding and debugging ELF binaries.
Syntax:readelf [options] elf_file
where,
The 'readelf' command offers a variety of options to explore different aspects of ELF files. Here are some commonly used options:
Option Description-h Displays the ELF header, which contains key information about the file's structure. -S Lists all the sections in the ELF file, showing details about each section's address, size, type, and attributes. -l Displays the program headers, which describe the segments used at runtime. -s Shows the symbol table, including symbols defined and used in the ELF file. -r Displays the relocation sections, showing how the binary modifies itself at runtime. -d Displays the dynamic section, which contains information about dynamic linking. -n Displays core notes, which include metadata such as the build ID. -V Displays the version information of the 'readelf' command. --help Provides a help message listing all available options for the 'readelf' command. Working with readelf command and ELF files
Let's look into the practical examples of how to use the 'readelf' command to extract information from ELF files.
1. To display help of readelf command.$readelf
This displays the help section of the command containing all its parameters and their uses.
2. To check whether a file is ELF file.$file elf_file
If it prints ELF in the output then the file is an ELF file. Note: In our case, file name is 'elf_file'.
3. To generate a elf file using gcc compiler.$gcc filename.c -o elf_file
The above command will generate an executable elffile. Note: In our case, the name of file is filename.c and the name of elf file is 'elf_file'.
4. To display file headers of a elf file.$readelf -h elf_file
This will display the top-level headers of the elf file.
5. To display information about the different sections of the process' address space.Note: In our case, the name of elf file is 'elf_file'.
$readelf -S elf_file
This will display the different sections of the process' address space.
6. To display symbols table.Note: In our case, the name of elf file is 'elf_file'.
$readelf -s elf_file
This will display the symbols table of the file.
7. To display core notes.Note: In our case, the name of elf file is 'elf_file'.
$readelf -n elf_files
This will display the core notes related to the file.
8. To display relocation section.Note: In our case, the name of elf file is 'elf_file'.
$readelf -r elf_file
This will display the relocks(if present).
9. To display the dynamic section.Note: In our case, the name of elf file is 'elf_file'.
$readelf -d elf_file
This will display the dynamic section of the file.
10. To get the version of the readelf command.Note: In our case, the name of elf file is elf_file.
$readelf -v
This will display the version information of the 'readelf' command.
ConclusionThe 'readelf' command is a powerful tool for working with ELF files in Linux, providing deep insights into the structure and contents of executable binaries. Mastering 'readelf' is an essential skill for a developer debugging an application, a security professional conducting binary analysis, or a system administrator verifying software configurations.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4