ELF 文件头

Question

A quick question about elf file headers, I can't seem to find anything useful on how to add/change fields in the elf header. I'd like to be able to change the magic numbers and to add a build date to the header, and probably a few other things.

As I understand it the linker creates the header information, but I don't see anything in the LD script that refers to it (though i'm new to ld scripts).

I'm using gcc and building for ARM.

thanks!

Updates:

• ok maybe my first question should be: is it possible to create/edit the header file at link time?

Answer 1

I don't know of linker script commands that can do this, but you can do it post-link using the objcopy command. The --add-section option can be used to add a section containing arbitrary data to the ELF file. If the ELF header doesn't contain the fields you want, just make a new section and add them there.

Answer 2

此链接（teensy elf binary）是某人对另一个问题的回答，但它详细介绍了 ELF 标头的复杂性。

Answer 3

I'm fairly sure that a sufficiently complex ld script can do what you want. However, I have no idea how.

On the other hand, elfsh can easily do all sorts of manipulations to elf objects, so give it a whirl.

Answer 4

You can create an object file with informative fields like a version number and link that file such that they are included in the resulting ELF binary.

Ident

For example, as part of you build process, you can generate - say - info.c that contains one or more #ident directives:

#ident "Build: 1.2.3 (Halloween)"
#ident "Environment: example.org"

Compile it:

$ gcc -c info.c

Check if the information is included:

$ readelf -p .comment info.o
String dump of section '.comment':
  [     1]  Build: 1.2.3 (Halloween)
  [    1a]  Environment: example.org
  [    33]  GCC: (GNU) 7.2.1 20170915 (Red Hat 7.2.1-2)

Alternatively, you can use objdump -s --section .comment info.o . Note that GCC also writes its own comment, by default.

Check the information after linking an ELF executable:

$ gcc -o main main.o info.o
$ readelf -p .comment main 
String dump of section '.comment':
  [     0]  GCC: (GNU) 7.2.1 20170915 (Red Hat 7.2.1-2)
  [    2c]  Build: 1.2.3 (Halloween)
  [    45]  Environment: example.org

Comment Section

Using #ident in a C translation unit is basically equivalent to creating a .comment section in an assembler file. Example:

$ cat info.s
.section .comment
.string "Build: 1.2.3 (Halloween)"
.string "Environment: example.org"
$ gcc -c info.s
$ readelf -p .comment info.o
String dump of section '.comment':
  [     0]  Build: 1.2.3 (Halloween)
  [    19]  Environment: example.org

Using an uncommon section name works, as well (eg .section .blahblah ). But .comment is used and understood by other tools. GNU as also understands the .ident directive, and this is what GCC translates #ident to.

With Symbols

For data that you also want to access from the ELF executable itself you need to create symbols.

Objcopy

Say you want to include some magic bytes stored in a data file:

$ cat magic.bin 
2342

Convert into a object file with GNU objcopy :

$ objcopy -I binary -O elf64-x86-64 -B i386 \
    --rename-section .data=.rodata,alloc,load,readonly,data,contents \
    magic.bin magic.o

Check for the symbols:

$ nm  magic.o  
0000000000000005 R _binary_magic_bin_end
0000000000000005 A _binary_magic_bin_size
0000000000000000 R _binary_magic_bin_start

Example usage:

#include <stdio.h>
#include <string.h>
#include <inttypes.h>

extern const char _binary_magic_bin_start[];
extern const char _binary_magic_bin_end[];
extern const unsigned char _binary_magic_bin_size;
static const size_t magic_bin_size = (uintptr_t) &_binary_magic_bin_size;

int main()
{
  char s[23];
  memcpy(s, _binary_magic_bin_start,
      _binary_magic_bin_end - _binary_magic_bin_start);
  s[magic_bin_size] = 0;
  puts(s);
  return 0;
}

Link everything together:

$ gcc -g -o main_magic main_magic.c magic.o

GNU ld

GNU ld is also able to turn data files into object files using an objcopy compatible naming scheme:

$ ld -r -b binary magic.bin -o magic-ld.o

Unlike objcopy, it places the symbols into the .data instead of the .rodata section, though (cf. objdump -h magic.o ).

incbin

In case GNU objcopy isn't available, one can use the GNU as .incbin directive to create the object file (assemble with gcc -c incbin.s ):

    .section .rodata

    .global _binary_magic_bin_start
    .type _binary_magic_bin_start, @object
_binary_magic_bin_start:
    .incbin "magic.bin"
    .size _binary_magic_bin_start, . - _binary_magic_bin_start

    .global _binary_magic_bin_size
    .type _binary_magic_bin_size, @object
    .set _binary_magic_bin_size, . - _binary_magic_bin_start

    .global _binary_magic_bin_end
    .type _binary_magic_bin_end, @object
    .set _binary_magic_bin_end, _binary_magic_bin_start + _binary_magic_bin_size
    ; an alternate  way to include the size    
    .global _binary_magic_bin_len
    .type _binary_magic_bin_len, @object
    .size _binary_magic_bin_len, 8
_binary_magic_bin_len:
    .quad _binary_magic_bin_size

xxd

A more portable alternative that doesn't require GNU objcopy nor GNU as is to create an intermediate C file and compile and link that. For example with xxd :

$ xxd -i magic.bin | sed 's/\(unsigned\)/const \1/' > magic.c
$ gcc -c magic.c
$ nm magic.o
0000000000000000 R magic_bin
0000000000000008 R magic_bin_len
$ cat magic.c
const unsigned char magic_bin[] = {
  0x32, 0x33, 0x34, 0x32, 0x0a
};
const unsigned int magic_bin_len = 5;

Answer 5

You might be able to use libmelf, a dead project on freshmeat, but available from LOPI - http://www.ipd.bth.se/ska/lopi.html

Otherwise, you can get the spec and (over)write the header yourself.

Answer 6

I haven't done this in awhile, but can't you just append arbitrary data to an executable. If you always append fixed-size data it would be trivial to recover anything you append. Variable size wouldn't be much harder. Probably easier than messing w/ elf headers and potentially ruining you executables.

Answer 7

In Solaris you can use elfedit but I think you are really asking solutions for Linux. Linux Is Not UniX :P

Answer 8

我没有读完这本书，但约翰·莱文 (John Levine ) 的 iirc Linkers and Loaders有你需要能够做到这一点的血腥细节。

Answer 9

In Linux Console:

$ man ld

$ ld --verbose

HTH