Random source from one of my prior languages which generates an ELF header for a x86-64 Linux binary with the dlsym() symbol.
And source for a ELF which only uses syscalls and no dynamic linking for comparison,
And the associated "readelf" on a binary generated with this code,
\============================================================================
[ELF] LINUX
-----------------------------------------------------------------------------
http://www.sco.com/developers/gabi/2000-07-17/ch4.symtab.html
http://blog.markloiseau.com/2012/05/tiny-64-bit-elf-executables/
============================================================================\
{ ElfPh! \align memsz filesz paddr,vaddr,offset type\
`word .elfPhXWR `word `dup `dup `long `long `long `long `long `long }
{ ElfDs! \val tag\ `long `long }
{ ElfSym! \size value shndx other type bind name\
`word 10 `mul `add `byte `byte `half `long `long }
{ ElfStr( $ .ElfStr `neg `add }
{ ElfStr) `text 0 `byte }
\===========================================================================\
{ Elf
\---------------------------------------------------------------------------\
\ELF HEADER\
\e_ident\ 00010102464c457f `long
\reserved\ 0 `long
\e_type\ 2 `half \ET_EXEC\
\e_machine\ 3e `half \X86-64\
\e_version\ 1 `word \EV_CURRENT\
\e_entry\ .ElfEntry `long
\e_phoff\ .ElfPh `long
\e_shoff\ 0 `long
\e_flags\ 0 `word
\e_ehsize\ 40 `half
\e_phentsize\ 38 `half
\e_phnum\ .ElfPh# `half
\e_shentsize\ 40 `half
\e_shnum\ 0 `half
\e_shstrndx\ 0 `half
\---------------------------------------------------------------------------\
\PROGRAM HEADER\
$ :ElfPh
7 :elfPhXWR \PF_X+PF_W+PF_R\
3 :ElfPh#
1 .elfIs# .elfIs# .ElfIs 3 \PT_INTERP\ ElfPh!
.BUILD# .BUILD# .ElfEnd 0 1 \PT_LOAD\ ElfPh!
8 .elfDs# .elfDs# .ElfDs 2 \PT_DYNAMIC\ ElfPh!
\---------------------------------------------------------------------------\
\DYNAMIC SECTION\
$ :ElfDs
.elfLib% 1 \DT_NEEDED\ ElfDs!
.ElfHsh 4 \DT_HASH\ ElfDs!
.ElfStr 5 \DT_STRTAB\ ElfDs!
.ElfSym 6 \DT_SYMTAB\ ElfDs!
.ElfRel 7 \DT_RELA\ ElfDs!
.elfRel# 8 \DT_RELASZ\ ElfDs!
18 9 \DT_RELAENT\ ElfDs!
0 0 ElfDs!
.ElfDs $# :elfDs#
\---------------------------------------------------------------------------\
\SYMBOL TABLE\
10 $- \overlap\
$ :ElfSym
0 0 0 0 0 0 0 ElfSym!
0 .ElfDlSym 0 0 \STV_DEFAULT\ 1 \STT_OBJECT\ 2 \STB_WEAK\ .elfDlSym% ElfSym!
\---------------------------------------------------------------------------\
\RELOCATION TABLE\
$ :ElfRel .ElfDlSym `long 7 \R_X86_64_JUMP_SLOT\ `word 1 `word 0 `long .ElfRel $# :elfRel#
\---------------------------------------------------------------------------\
\DLSYM\
$ :ElfDlSym 0 `long
\---------------------------------------------------------------------------\
\HASH TABLE\
$ :ElfHsh 1 `word 2 `word 1 `word 0 `word 0 `word
\---------------------------------------------------------------------------\
\INTERPRETER STRING\
$ :ElfIs "/lib/ld-linux-x86-64.so.2" `text 0 `byte .ElfIs $# :elfIs#
\---------------------------------------------------------------------------\
\DYNAMIC STRING TABLE\
1 $- \overlap\
$ :ElfStr
0 `byte
ElfStr( :elfLib% "libdl.so.2" ElfStr)
ElfStr( :elfDlSym% "dlsym" ElfStr) }
\===========================================================================\
{ Elf( 0 `asm! 0 $0! $_0 Elf }
{ Elf) `asm :ElfEnd }
{ Elf! $ :ElfEntry }
And a hex dump,
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x1e7
Start of program headers: 64 (bytes into file)
Start of section headers: 0 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 3
Size of section headers: 64 (bytes)
Number of section headers: 0
Section header string table index: 0
There are no sections in this file.
There are no sections to group in this file.
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
INTERP 0x00000000000001bc 0x00000000000001bc 0x00000000000001bc
0x000000000000001a 0x000000000000001a RWE 1
[Requesting program interpreter: /lib/ld-linux-x86-64.so.2]
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000001e48 0x0000000002000000 RWE 2000000
DYNAMIC 0x00000000000000e8 0x00000000000000e8 0x00000000000000e8
0x0000000000000080 0x0000000000000080 RWE 8
Dynamic section at offset 0xe8 contains 8 entries:
Tag Type Name/Value
0x0000000000000001 (NEEDED) Shared library: [libdl.so.2]
0x0000000000000004 (HASH) 0x1a8
0x0000000000000005 (STRTAB) 0x1d5
0x0000000000000006 (SYMTAB) 0x158
0x0000000000000007 (RELA) 0x188
0x0000000000000008 (RELASZ) 24 (bytes)
0x0000000000000009 (RELAENT) 24 (bytes)
0x0000000000000000 (NULL) 0x0
There are no relocations in this file.
The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.
Histogram for bucket list length (total of 1 buckets):
Length Number % of total Coverage
0 0 ( 0.0%)
1 1 (100.0%) 100.0%
No version information found in this file.
No Dynamic Linking Example
00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 3e 00 01 00 00 00 e7 01 00 00 00 00 00 00 |..>.............|
00000020 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |@...............|
00000030 00 00 00 00 40 00 38 00 03 00 40 00 00 00 00 00 |....@.8...@.....|
00000040 03 00 00 00 07 00 00 00 bc 01 00 00 00 00 00 00 |................|
00000050 bc 01 00 00 00 00 00 00 bc 01 00 00 00 00 00 00 |................|
00000060 1a 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 |................|
00000070 01 00 00 00 00 00 00 00 01 00 00 00 07 00 00 00 |................|
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000090 00 00 00 00 00 00 00 00 48 1e 00 00 00 00 00 00 |........H.......|
000000a0 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 |................|
000000b0 02 00 00 00 07 00 00 00 e8 00 00 00 00 00 00 00 |................|
000000c0 e8 00 00 00 00 00 00 00 e8 00 00 00 00 00 00 00 |................|
000000d0 80 00 00 00 00 00 00 00 80 00 00 00 00 00 00 00 |................|
000000e0 08 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
000000f0 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|
00000100 a8 01 00 00 00 00 00 00 05 00 00 00 00 00 00 00 |................|
00000110 d5 01 00 00 00 00 00 00 06 00 00 00 00 00 00 00 |................|
00000120 58 01 00 00 00 00 00 00 07 00 00 00 00 00 00 00 |X...............|
00000130 88 01 00 00 00 00 00 00 08 00 00 00 00 00 00 00 |................|
00000140 18 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 |................|
00000150 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000170 0c 00 00 00 21 00 00 00 a0 01 00 00 00 00 00 00 |....!...........|
00000180 00 00 00 00 00 00 00 00 a0 01 00 00 00 00 00 00 |................|
00000190 07 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 |................|
000001a0 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 |................|
000001b0 01 00 00 00 00 00 00 00 00 00 00 00 2f 6c 69 62 |............/lib|
000001c0 2f 6c 64 2d 6c 69 6e 75 78 2d 78 38 36 2d 36 34 |/ld-linux-x86-64|
000001d0 2e 73 6f 2e 32 00 6c 69 62 64 6c 2e 73 6f 2e 32 |.so.2.libdl.so.2|
000001e0 00 64 6c 73 79 6d 00 33 ff be b8 14 00 00 ff 15 |.dlsym.3........|
And source for a ELF which only uses syscalls and no dynamic linking for comparison,
The "readelf" results,
\===============================================================
64-BIT ELF FOR KERNEL ONLY INTERFACE
----------------------------------------------------------------
http://blog.markloiseau.com/2012/05/tiny-64-bit-elf-executables/
===============================================================\
{ Elf
\e_ident\ 00010102464c457f `long
\reserved\ 0 `long
\e_type\ 2 `half
\e_machine\ 3e `half
\e_version\ 1 `word
\e_entry\ .ElfEntry `long
\e_phoff\ .ElfPh `long
\e_shoff\ 0 `long
\e_flags\ 0 `word
\e_ehsize\ 40 `half
\e_phentsize\ 38 `half
\e_phnum\ 1 `half
\e_shentsize\ 0 `half
\e_shnum\ 0 `half
\e_shstrndx\ 0 `half
\______________________________________________________________\
`asm :ElfPh
\p_type\ 1 `word
\p_flags\ 7 `word
\p_offset\ 0 `long
\p_vaddr\ 0 `long
\p_paddr\ 0 `long
\p_filesz\ .ElfEnd `long
\p_memsz\ 4000000 `long
\p_align\ 2000000 `long }
\______________________________________________________________\
{ Elf( 0 `asm! 0 $0! Elf }
{ Elf) `asm :ElfEnd }
{ ElfEntry! $ :ElfEntry }
And the hex dump (I'm too lazy so this is going to just include the full binary, which happens to be the compiler I use for the language both these ELF headers are written in),
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x5f6
Start of program headers: 64 (bytes into file)
Start of section headers: 0 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 1
Size of section headers: 0 (bytes)
Number of section headers: 0
Section header string table index: 0
There are no sections in this file.
There are no sections to group in this file.
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x00000000000006aa 0x0000000004000000 RWE 2000000
There is no dynamic section in this file.
There are no relocations in this file.
The decoding of unwind sections for machine type Advanced Micro Devices X86-64 is not currently supported.
No version information found in this file.
00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 02 00 3e 00 01 00 00 00 f6 05 00 00 00 00 00 00 |..>.............|
00000020 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |@...............|
00000030 00 00 00 00 40 00 38 00 01 00 00 00 00 00 00 00 |....@.8.........|
00000040 01 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 |................|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000060 aa 06 00 00 00 00 00 00 00 00 00 04 00 00 00 00 |................|
00000070 00 00 00 02 00 00 00 00 69 6e 2e 61 00 6f 75 74 |........in.a.out|
00000080 2e 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |.a..............|
00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000000b0 00 00 00 00 01 02 03 04 05 06 07 08 09 00 00 00 |................|
000000c0 00 00 00 00 0a 0b 0c 0d 0e 0f 00 00 00 00 00 00 |................|
000000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000e0 00 00 00 00 0a 0b 0c 0d 0e 0f 00 00 00 00 00 00 |................|
000000f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000100 00 00 00 65 05 65 05 65 05 65 05 65 05 65 05 65 |...e.e.e.e.e.e.e|
00000110 05 65 05 65 05 65 05 65 05 65 05 65 05 65 05 65 |.e.e.e.e.e.e.e.e|
*
00000140 05 65 05 65 05 d7 03 4b 04 d7 03 d7 03 ab 03 d7 |.e.e...K........|
00000150 03 06 04 d7 03 d7 03 d7 03 d7 03 05 05 d7 03 71 |...............q|
00000160 03 d7 03 a0 04 a0 04 a0 04 a0 04 a0 04 a0 04 a0 |................|
00000170 04 a0 04 a0 04 a0 04 2b 03 d7 03 d7 03 d7 03 d7 |.......+........|
00000180 03 d7 03 d7 03 d7 03 d7 03 d7 03 d7 03 d7 03 d7 |................|
*
000001b0 03 d7 03 d7 03 d7 03 d7 03 d7 03 40 05 d7 03 d7 |...........@....|
000001c0 03 d7 03 9b 02 d7 03 d7 03 d7 03 d7 03 d7 03 d7 |................|
000001d0 03 d7 03 d7 03 d7 03 d7 03 d7 03 d7 03 d7 03 d7 |................|
*
000001f0 03 d7 03 d7 03 d7 03 d7 03 05 03 d7 03 d4 02 d7 |................|
00000200 03 82 05 48 89 91 08 00 50 00 48 89 99 10 00 50 |...H....P.H....P|
00000210 00 48 89 a9 00 00 50 00 8b c5 83 c5 08 c3 b9 c5 |.H....P.........|
00000220 9d 1c 81 33 d2 33 db 40 0f b6 06 83 c6 01 48 69 |...3.3.@......Hi|
00000230 c9 93 01 00 01 48 33 c8 48 c1 e2 03 48 03 d0 48 |.....H3.H...H..H|
00000240 83 e2 f0 48 c1 e3 04 83 e0 0f 48 03 d8 40 0f b6 |...H......H..@..|
00000250 06 83 c6 01 83 f8 20 0f 87 d1 ff ff ff c1 e1 06 |...... .........|
00000260 83 c1 e0 83 c1 20 81 e1 e0 ff 7f 00 4c 3b b9 00 |..... ......L;..|
00000270 00 50 00 0f 84 8a ff ff ff 48 3b 91 08 00 50 00 |.P.......H;...P.|
00000280 0f 85 dd ff ff ff 48 3b 99 10 00 50 00 0f 85 d0 |......H;...P....|
00000290 ff ff ff 48 8b 81 00 00 50 00 c3 e8 7e ff ff ff |...H....P...~...|
000002a0 8b 90 00 00 20 00 8b 00 48 8b 08 48 89 0f 48 8b |.... ...H..H..H.|
000002b0 48 08 48 89 4f 08 48 8b 48 10 48 89 4f 10 03 fa |H.H.O.H.H.H.O...|
000002c0 40 0f b6 06 83 c6 01 8b c8 03 c9 0f b7 89 03 01 |@...............|
000002d0 00 00 ff e1 41 8b 40 fc 41 83 e8 04 8b cf 2b 08 |....A.@.A.....+.|
000002e0 89 88 00 00 20 00 b9 c3 00 00 00 40 88 0f 83 c7 |.... ......@....|
000002f0 01 40 0f b6 06 83 c6 01 8b c8 03 c9 0f b7 89 03 |.@..............|
00000300 01 00 00 ff e1 83 c6 01 e8 11 ff ff ff 41 89 00 |.............A..|
00000310 41 83 c0 04 48 89 38 40 0f b6 06 83 c6 01 8b c8 |A...H.8@........|
00000320 03 c9 0f b7 89 03 01 00 00 ff e1 e8 ee fe ff ff |................|
00000330 2b c7 83 e8 07 89 47 03 b9 48 89 00 00 66 89 0f |+.....G..H...f..|
00000340 b9 05 00 00 00 40 88 4f 02 b9 48 8b 03 83 89 4f |.....@.O..H....O|
00000350 07 b9 eb 08 00 00 66 89 4f 0b 83 c7 0d 40 0f b6 |......f.O....@..|
00000360 06 83 c6 01 8b c8 03 c9 0f b7 89 03 01 00 00 ff |................|
00000370 e1 e8 a8 fe ff ff 2b c7 83 e8 0e 89 47 0a 48 b9 |......+.....G.H.|
00000380 48 89 43 08 83 c3 08 48 48 89 0f b9 8b 05 00 00 |H.C....HH.......|
00000390 66 89 4f 08 83 c7 0e 40 0f b6 06 83 c6 01 8b c8 |f.O....@........|
000003a0 03 c9 0f b7 89 03 01 00 00 ff e1 e8 6e fe ff ff |............n...|
000003b0 89 47 08 48 b9 48 89 43 08 83 c3 08 b8 48 89 0f |.G.H.H.C.....H..|
000003c0 83 c7 0c 40 0f b6 06 83 c6 01 8b c8 03 c9 0f b7 |...@............|
000003d0 89 03 01 00 00 ff e1 83 c6 ff e8 3f fe ff ff 2b |...........?...+|
000003e0 c7 83 e8 06 89 47 02 b9 ff 15 00 00 66 89 0f 83 |.....G......f...|
000003f0 c7 06 40 0f b6 06 83 c6 01 8b c8 03 c9 0f b7 89 |..@.............|
00000400 03 01 00 00 ff e1 e8 13 fe ff ff 8b 00 2b c7 83 |.............+..|
00000410 e8 0f 89 47 0b 48 b9 48 85 c0 48 8b 03 8d 5b 48 |...G.H.H..H...[H|
00000420 89 0f b9 f8 0f 00 00 66 89 4f 08 b9 85 00 00 00 |.......f.O......|
00000430 40 88 4f 0a 83 c7 0f 40 0f b6 06 83 c6 01 8b c8 |@.O....@........|
00000440 03 c9 0f b7 89 03 01 00 00 ff e1 8b ce 40 0f b6 |.............@..|
00000450 06 83 c6 01 83 f8 22 0f 85 f0 ff ff ff 8b c6 2b |......"........+|
00000460 c1 83 c0 ff 89 4f 05 89 47 11 b9 48 89 43 08 89 |.....O..G..H.C..|
00000470 0f b9 b8 00 00 00 40 88 4f 04 48 b9 48 89 43 10 |......@.O.H.H.C.|
00000480 83 c3 10 b8 48 89 4f 09 83 c7 15 40 0f b6 46 01 |....H.O....@..F.|
00000490 83 c6 02 8b c8 03 c9 0f b7 89 03 01 00 00 ff e1 |................|
000004a0 33 c9 40 0f b6 80 83 00 00 00 48 c1 e1 04 48 03 |3.@.......H...H.|
000004b0 c8 40 0f b6 06 83 c6 01 83 f8 30 0f 83 e1 ff ff |.@........0.....|
000004c0 ff 48 8b d1 48 f7 da 8d 5e 01 83 f8 2d 48 0f 44 |.H..H...^...-H.D|
000004d0 ca 0f 44 f3 48 89 4f 09 48 b9 48 89 43 08 83 c3 |..D.H.O.H.H.C...|
000004e0 08 48 48 89 0f b9 b8 00 00 00 40 88 4f 08 83 c7 |.HH.......@.O...|
000004f0 11 40 0f b6 06 83 c6 01 8b c8 03 c9 0f b7 89 03 |.@..............|
00000500 01 00 00 ff e1 40 0f b6 06 40 0f b6 88 83 00 00 |.....@...@......|
00000510 00 40 0f b6 46 01 40 0f b6 80 83 00 00 00 48 c1 |.@..F.@.......H.|
00000520 e1 04 48 03 c8 40 88 0f 83 c7 01 40 0f b6 46 03 |..H..@.....@..F.|
00000530 83 c6 04 8b c8 03 c9 0f b7 89 03 01 00 00 ff e1 |................|
00000540 40 0f b6 06 83 c6 01 83 f8 5c 0f 85 f0 ff ff ff |@........\......|
00000550 40 0f b6 46 01 83 c6 02 8b c8 03 c9 0f b7 89 03 |@..F............|
00000560 01 00 00 ff e1 40 0f b6 06 83 c6 01 83 f8 20 0f |.....@........ .|
00000570 86 f0 ff ff ff 8b c8 03 c9 0f b7 89 03 01 00 00 |................|
00000580 ff e1 48 b9 d9 bf 6f 7a 22 42 bc 83 48 ba 40 96 |..H...oz"B..H.@.|
00000590 00 00 00 00 00 00 48 bb 71 e6 00 00 00 00 00 00 |......H.q.......|
000005a0 e8 b8 fc ff ff bb 00 00 20 01 ba 00 00 30 01 bf |........ ....0..|
000005b0 00 00 30 00 8b 00 ff d0 8d 9f 00 00 d0 ff bf 7d |..0............}|
000005c0 00 00 00 be 41 02 00 00 ba c0 01 00 00 b8 02 00 |....A...........|
000005d0 00 00 0f 05 8b e8 8b fd be 00 00 30 00 8b d3 b8 |...........0....|
000005e0 01 00 00 00 0f 05 8b fd b8 03 00 00 00 0f 05 b8 |................|
000005f0 e7 00 00 00 0f 05 48 83 e4 f0 bf 78 00 00 00 be |......H....x....|
00000600 00 00 00 00 b8 02 00 00 00 0f 05 8b d8 48 b8 ff |.............H..|
00000610 ff ff ff ff ff ff ff 48 89 05 e2 f9 01 00 bf 00 |.......H........|
00000620 00 00 00 be 00 00 02 00 ba 08 00 02 00 41 ba 08 |.............A..|
00000630 00 00 00 b8 0d 00 00 00 0f 05 8b fb be 10 00 02 |................|
00000640 00 b8 05 00 00 00 0f 05 8b fb be 00 00 10 00 48 |...............H|
00000650 8b 15 ea f9 01 00 b8 00 00 00 00 0f 05 8b fb b8 |................|
00000660 03 00 00 00 0f 05 48 b8 00 00 00 00 7f 7f 7f 7f |......H.........|
00000670 48 8b 1d c9 f9 01 00 48 89 83 00 00 10 00 bd 00 |H......H........|
00000680 00 d0 00 be 00 00 10 00 bf 00 00 40 01 41 b8 00 |...........@.A..|
00000690 00 10 01 45 33 ff 40 0f b6 06 83 c6 01 8b c8 03 |...E3.@.........|
000006a0 c9 0f b7 89 03 01 00 00 ff e1 |..........|