Readelf Command
The readelf command is a powerful utility for examining
the contents of ELF (Executable and Linkable Format) files. It allows
developers to inspect various sections, symbols, relocation entries,
and other crucial information within object files, executables, and
shared libraries. Understanding ELF file structure is essential for
debugging, reverse engineering, and optimizing software, especially in
Unix-like operating systems.
Analyze Object File Relocations
One common use case for readelf is to verify how an
object file was compiled, particularly checking for the use of
Position-Independent Code (PIC). This is often required for shared
libraries. The following example demonstrates how to use
readelf to check for relocation entries related to Global
Offset Table (GOT) and Procedure Linkage Table (PLT), which are
indicators of PIC compilation.
# How to check that an object file was built with -fPIC
readelf --relocs foo.o | egrep '(GOT|PLT|JU?MP_SLOT)'
Understanding ELF Sections
readelf can list all sections within an ELF file,
providing details about their types, sizes, and memory addresses. This
is fundamental for understanding how different parts of a program are
organized.
Inspecting Symbol Tables
The symbol table contains information about functions and variables
defined or referenced in the object file. readelf allows
you to view both the dynamic and static symbol tables, which is
invaluable for linking and debugging.
Dynamic Linking Information
For dynamically linked executables and shared libraries,
readelf can display information about the dynamic linker,
required libraries, and exported symbols, crucial for understanding
runtime dependencies.