[TriLUG] executable and non-executable libraries
Tim Jowers
timjowers at gmail.com
Tue May 15 16:22:32 EDT 2007
Some other tools are to try objdump to dump the files elf and man elf to see
the sections. And maybe ltrace/strace on the process as a way of seeing what
is called.
Tim
On 5/15/07, Owen Berry <oberry at trilug.org> wrote:
>
> On Tue, May 15, 2007 at 11:17:38AM -0700, Joseph Mack NA3T wrote:
> > On Tue, 15 May 2007, Owen Berry wrote:
> >
> > > I'm wondering if they do something funky in __libc_start_main, which
> is
> > > listed when running strings on the file.
> >
> > no such similar name in ld-x.x.x.so I'm afraid.
>
> True. I did a little more digging and came up with this:
>
>
> http://www.linuxforums.org/misc/understanding_elf_using_readelf_and_objdump.html
>
> According to this article about the ELF format, if you look at the ELF
> headers for the files using 'readelf -h /lib/libc-2.5.so', you'll see a
> hexadecimal address labeled "Entry point address", which is the address
> where the program will start running when executed.
>
> If I run 'readelf -a' (all ELF info) on /lib/ld-2.5.so and look for the
> entry point address in the symbol table, it points to a function called
> _start. However, if I look at /lib/libc-2.5.so I don't find a
> corresponding entry in the symbol table. Not sure if it *has* to be in
> the symbol table, or if it can just start executing at that address.
>
> And looking at other .so files, the entry point address points to some
> arbitrary looking entry in the symbol table, which is maybe why it
> executes but segfaults.
>
> Interesting stuff.
>
> Owen
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
More information about the TriLUG
mailing list