Flags in Objdump Output of Object File

Flags in objdump output of object file

What you see is the interpretation of the combination of ELF segment flags, section type and section flags for each section in the object file.

  • LOAD means that the section resides in a loadable segment, i.e. its content could be read from the file into memory when a process is created

Section flags are well documented in the Chapter 4 of the System V Application Binary Interface, although under slightly different names from what objdump shows.

  • CODE means that the section contains executable code; it is indicated by the SHF_EXECINSTR flag in the section header
  • DATA means that the section is not executable but is writable, indicated by the presence of the SHF_WRITE flag
  • READONLY means that the section is neither executable nor writtable and should be placed in read-only memory pages
  • ALLOC means that the section occupies memory, e.g. memory pages are actually allocated to hold the section content when a process is created, indicated by the SHF_ALLOC flag. Some sections, e.g. those containing debug information, are not read into memory during normal program execution and are not marked as ALLOC to save memory.

Sections of type SHT_PROGBITS have corresponding content in the file and are shown as CONTENTS. Some sections does not have corresponding content in the file, e.g. the .bss section, which is of type SHT_NOBITS.

The .text section contains the program executable code. It is show as CONTENTS since it is of type SHT_PROGBITS. Memory should be reserved for this section since it is ALLOC and its contents should be loaded from the file since it is placed in a LOAD-able segment. Program code is generally non-modifiable and hence the section is placed in read-only memory. It contains instructions that are to be executed and hence the CODE flag.

Initialised variables with static storage class go into the .data section. Their initial values are stored in the file and read from there as the process is created. In C/C++ these are global variables, static local variables and C++ static member variables that are initialised appropriately, e.g. static int a = 10;. Fortran places initialised SAVE-d variables and COMMON blocks, which are given intiial value with a block DATA statement there.

The .bss section (historic name, abbreviation from Block Started by Symbol) is the most simple one. It holds uninitialised variables with static storage class. It is a section of type SHT_NOBITS and takes no space in the file. Memory is ALLOC-ated for it but nothing is read from the file to prepopulate the memory - it just stays all zeroes as delivered by the kernel memory allocator.

Constants usually go into the .rodata section (not present in your example), which looks like .data but is not marked as writable and is thus shown as READONLY.

objdump - head ELF - Meaning of flags?

They are BFD-specific bitmasks. In the binutils source tree, see bfd/bfd-in2.h:

  /* BFD contains relocation entries.  */
#define HAS_RELOC      0x01

  /* BFD is directly executable.  */
#define EXEC_P         0x02
...
  /* BFD has symbols.  */
#define HAS_SYMS       0x10
...
  /* BFD is dynamically paged (this is like an a.out ZMAGIC file) (the
     linker sets this by default, but clears it for -r or -n or -N).  */
#define D_PAGED        0x100

These flag values won't appear in your object file; they are simply an in-memory representation that libbfd uses.

pyelftools: retrieve section flags like objdump does for an elf32-littlearm binary

Actually they both agree. As Notlikethat already pointed out, the ELF spec points 0x1 (0b00000001) to be SHF_WRITE, so all the sections but .text are marked writable.

Since objdump is not ELF specific (like readelf would be), the flags don't match 1:1, and instead it reports READONLY when 0x01 is missing.

How to view symbols in object files?

Instead of nm, you can use the powerful objdump. See the man page for details. Try objdump -t myfile or objdump -T myfile. With the -C flag you can also demangle C++ names, like nm does.

objdump -t columns meaning

You talk about nm, thus you talk about ELF files. Continue reading the manual:

The other common output format, usually seen with ELF based files, looks like this:

00000000 l    d  .bss   00000000 .bss
00000000 g       .text  00000000 fred

The symbol is a local (l), global (g), unique global (u), neither global nor local (a space) or both global and local (!).

Before asking a question, I suggest that you practices the command invocations and compare command outputs with examples in the manual parts that you are reading.


Related Topics

What Length Can a Network Interface Name Have

Can't Source Script in a Current Directory

Pstack a Process on Osx 10.9

How to Import Environment Settings into My Perl Program

Remove a Specific Line from a File Without Using Sed or Awk

Best Way to Make Linux Web Services

Bash Scripting - Iterating Through "Variable" Variable Names for a List of Associative Arrays

How Many Instructions Does Linux Kernel Need in Order to Handle an Interrupt on an Arm Cortex A9

Kubernetes Can't Start Due to Too Many Open Files in System

Nasm Print One Character at a Time

Linux How to Add a File to a Specific Folder Within a Zip File

Bash Not Trapping Interrupts During Rsync/Subshell Exec Statements

How to Cd into a Directory Using Perl

C Calling Conventions and Passed Arguments

Comma Separated Values to Single Inverted Quote and Comma Separated Values

How to Determine If Pipe Can Be Written

What Does Grep -Po '...\K...' Do? How Else Can That Effect Be Achieved

How to Avoid Stdin Input That Does Not Fit in Buffer Be Sent to the Shell in Linux 64-Bit Intel (X86-64) Assembly


Leave a reply



Submit