-
-
[原创]LINUX ELF文件动态加载调试
-
发表于: 2013-8-30 17:53
-
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x400620
Start of program headers: 64 (bytes into file)
Start of section headers: 5232 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 9
Size of section headers: 64 (bytes)
Number of section headers: 38
Section header string table index: 35
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .interp PROGBITS 0000000000400238 00000238
000000000000001c 0000000000000000 A 0 0 1
[ 2] .note.ABI-tag NOTE 0000000000400254 00000254
0000000000000020 0000000000000000 A 0 0 4
[ 3] .note.gnu.build-i NOTE 0000000000400274 00000274
0000000000000024 0000000000000000 A 0 0 4
[ 4] .hash HASH 0000000000400298 00000298
0000000000000044 0000000000000004 A 6 0 8
[ 5] .gnu.hash GNU_HASH 00000000004002e0 000002e0
0000000000000038 0000000000000000 A 6 0 8
[ 6] .dynsym DYNSYM 0000000000400318 00000318
0000000000000120 0000000000000018 A 7 1 8
[ 7] .dynstr STRTAB 0000000000400438 00000438
00000000000000c6 0000000000000000 A 0 0 1
[ 8] .gnu.version VERSYM 00000000004004fe 000004fe
0000000000000018 0000000000000002 A 6 0 2
[ 9] .gnu.version_r VERNEED 0000000000400518 00000518
0000000000000020 0000000000000000 A 7 1 8
[10] .rela.dyn RELA 0000000000400538 00000538
0000000000000018 0000000000000018 A 6 0 8
[11] .rela.plt RELA 0000000000400550 00000550
0000000000000060 0000000000000018 A 6 13 8
[12] .init PROGBITS 00000000004005b0 000005b0
0000000000000018 0000000000000000 AX 0 0 4
[13] .plt PROGBITS 00000000004005c8 000005c8
0000000000000050 0000000000000010 AX 0 0 4
[14] .text PROGBITS 0000000000400620 00000620
0000000000000218 0000000000000000 AX 0 0 16
[15] .fini PROGBITS 0000000000400838 00000838
000000000000000e 0000000000000000 AX 0 0 4
[16] .rodata PROGBITS 0000000000400848 00000848
0000000000000019 0000000000000000 A 0 0 4
[17] .eh_frame_hdr PROGBITS 0000000000400864 00000864
0000000000000024 0000000000000000 A 0 0 4
[18] .eh_frame PROGBITS 0000000000400888 00000888
000000000000007c 0000000000000000 A 0 0 8
[19] .ctors PROGBITS 0000000000600dd8 00000dd8
0000000000000010 0000000000000000 WA 0 0 8
[20] .dtors PROGBITS 0000000000600de8 00000de8
0000000000000010 0000000000000000 WA 0 0 8
[21] .jcr PROGBITS 0000000000600df8 00000df8
0000000000000008 0000000000000000 WA 0 0 8
[22] .dynamic DYNAMIC 0000000000600e00 00000e00
00000000000001e0 0000000000000010 WA 7 0 8
[23] .got PROGBITS 0000000000600fe0 00000fe0
0000000000000008 0000000000000008 WA 0 0 8
[24] .got.plt PROGBITS 0000000000600fe8 00000fe8
0000000000000038 0000000000000008 WA 0 0 8
[25] .data PROGBITS 0000000000601020 00001020
0000000000000010 0000000000000000 WA 0 0 8
[26] .bss NOBITS 0000000000601030 00001030
0000000000000010 0000000000000000 WA 0 0 8
[27] .comment PROGBITS 0000000000000000 00001030
0000000000000025 0000000000000001 MS 0 0 1
[28] .debug_aranges PROGBITS 0000000000000000 00001055
0000000000000030 0000000000000000 0 0 1
[29] .debug_pubnames PROGBITS 0000000000000000 00001085
000000000000001b 0000000000000000 0 0 1
[30] .debug_info PROGBITS 0000000000000000 000010a0
00000000000000ad 0000000000000000 0 0 1
[31] .debug_abbrev PROGBITS 0000000000000000 0000114d
0000000000000057 0000000000000000 0 0 1
[32] .debug_line PROGBITS 0000000000000000 000011a4
000000000000006a 0000000000000000 0 0 1
[33] .debug_str PROGBITS 0000000000000000 0000120e
00000000000000bc 0000000000000001 MS 0 0 1
[34] .debug_loc PROGBITS 0000000000000000 000012ca
000000000000004c 0000000000000000 0 0 1
[35] .shstrtab STRTAB 0000000000000000 00001316
0000000000000159 0000000000000000 0 0 1
[36] .symtab SYMTAB 0000000000000000 00001df0
00000000000006f0 0000000000000018 37 54 8
[37] .strtab STRTAB 0000000000000000 000024e0
000000000000020d 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no section groups in this file.
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040
0x00000000000001f8 0x00000000000001f8 R E 8
INTERP 0x0000000000000238 0x0000000000400238 0x0000000000400238
0x000000000000001c 0x000000000000001c R 1
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
0x0000000000000904 0x0000000000000904 R E 200000
LOAD 0x0000000000000dd8 0x0000000000600dd8 0x0000000000600dd8
0x0000000000000258 0x0000000000000268 RW 200000
DYNAMIC 0x0000000000000e00 0x0000000000600e00 0x0000000000600e00
0x00000000000001e0 0x00000000000001e0 RW 8
NOTE 0x0000000000000254 0x0000000000400254 0x0000000000400254
0x0000000000000044 0x0000000000000044 R 4
GNU_EH_FRAME 0x0000000000000864 0x0000000000400864 0x0000000000400864
0x0000000000000024 0x0000000000000024 R 4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 8
GNU_RELRO 0x0000000000000dd8 0x0000000000600dd8 0x0000000000600dd8
0x0000000000000228 0x0000000000000228 R 1
Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .note.gnu.build-id .hash .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
04 .dynamic
05 .note.ABI-tag .note.gnu.build-id
06 .eh_frame_hdr
07
08 .ctors .dtors .jcr .dynamic .got
Dynamic section at offset 0xe00 contains 25 entries:
Tag Type Name/Value
0x0000000000000001 (NEEDED) Shared library: [./so_test.so]
0x0000000000000001 (NEEDED) Shared library: [libstdc++.so.6]
0x0000000000000001 (NEEDED) Shared library: [libm.so.6]
0x0000000000000001 (NEEDED) Shared library: [libgcc_s.so.1]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
0x000000000000000c (INIT) 0x4005b0
0x000000000000000d (FINI) 0x400838
0x0000000000000004 (HASH) 0x400298
0x000000006ffffef5 (GNU_HASH) 0x4002e0
0x0000000000000005 (STRTAB) 0x400438
0x0000000000000006 (SYMTAB) 0x400318
0x000000000000000a (STRSZ) 198 (bytes)
0x000000000000000b (SYMENT) 24 (bytes)
0x0000000000000015 (DEBUG) 0x0
0x0000000000000003 (PLTGOT) 0x600fe8
0x0000000000000002 (PLTRELSZ) 96 (bytes)
0x0000000000000014 (PLTREL) RELA
0x0000000000000017 (JMPREL) 0x400550
0x0000000000000007 (RELA) 0x400538 <-----此元素包含重定位表的地址 Elf32/64_Rela
0x0000000000000008 (RELASZ) 24 (bytes)
0x0000000000000009 (RELAENT) 24 (bytes)
0x000000006ffffffe (VERNEED) 0x400518
0x000000006fffffff (VERNEEDNUM) 1
0x000000006ffffff0 (VERSYM) 0x4004fe
0x0000000000000000 (NULL) 0x0
Relocation section '.rela.dyn' at offset 0x538 contains 1 entries:
Offset Info Type Sym. Value Sym. Name + Addend
000000600fe0 000200000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0
Relocation section '.rela.plt' at offset 0x550 contains 4 entries:
Offset Info Type Sym. Value Sym. Name + Addend
000000601000 000100000007 R_X86_64_JUMP_SLO 0000000000000000 printf + 0
000000601008 000400000007 R_X86_64_JUMP_SLO 0000000000000000 __libc_start_main + 0
000000601010 000500000007 R_X86_64_JUMP_SLO 0000000000000000 test_so_call2 + 0 <--------------
000000601018 000600000007 R_X86_64_JUMP_SLO 0000000000000000 test_so_call + 0 <--------------
There are no unwind sections in this file.
Symbol table '.dynsym' contains 12 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.2.5 (2)
2: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
3: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
4: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.2.5 (2)
5: 0000000000000000 0 FUNC GLOBAL DEFAULT UND test_so_call2
6: 0000000000000000 0 FUNC GLOBAL DEFAULT UND test_so_call <----------------
7: 0000000000601040 0 NOTYPE GLOBAL DEFAULT ABS _end
8: 0000000000601030 0 NOTYPE GLOBAL DEFAULT ABS _edata
9: 0000000000601030 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
10: 00000000004005b0 0 FUNC GLOBAL DEFAULT 12 _init
11: 0000000000400838 0 FUNC GLOBAL DEFAULT 15 _fini
Symbol table '.symtab' contains 74 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000400238 0 SECTION LOCAL DEFAULT 1
2: 0000000000400254 0 SECTION LOCAL DEFAULT 2
3: 0000000000400274 0 SECTION LOCAL DEFAULT 3
4: 0000000000400298 0 SECTION LOCAL DEFAULT 4
5: 00000000004002e0 0 SECTION LOCAL DEFAULT 5
6: 0000000000400318 0 SECTION LOCAL DEFAULT 6
7: 0000000000400438 0 SECTION LOCAL DEFAULT 7
8: 00000000004004fe 0 SECTION LOCAL DEFAULT 8
9: 0000000000400518 0 SECTION LOCAL DEFAULT 9
10: 0000000000400538 0 SECTION LOCAL DEFAULT 10
11: 0000000000400550 0 SECTION LOCAL DEFAULT 11
12: 00000000004005b0 0 SECTION LOCAL DEFAULT 12
13: 00000000004005c8 0 SECTION LOCAL DEFAULT 13
14: 0000000000400620 0 SECTION LOCAL DEFAULT 14
15: 0000000000400838 0 SECTION LOCAL DEFAULT 15
16: 0000000000400848 0 SECTION LOCAL DEFAULT 16
17: 0000000000400864 0 SECTION LOCAL DEFAULT 17
18: 0000000000400888 0 SECTION LOCAL DEFAULT 18
19: 0000000000600dd8 0 SECTION LOCAL DEFAULT 19
20: 0000000000600de8 0 SECTION LOCAL DEFAULT 20
21: 0000000000600df8 0 SECTION LOCAL DEFAULT 21
22: 0000000000600e00 0 SECTION LOCAL DEFAULT 22
23: 0000000000600fe0 0 SECTION LOCAL DEFAULT 23
24: 0000000000600fe8 0 SECTION LOCAL DEFAULT 24
25: 0000000000601020 0 SECTION LOCAL DEFAULT 25
26: 0000000000601030 0 SECTION LOCAL DEFAULT 26
27: 0000000000000000 0 SECTION LOCAL DEFAULT 27
28: 0000000000000000 0 SECTION LOCAL DEFAULT 28
29: 0000000000000000 0 SECTION LOCAL DEFAULT 29
30: 0000000000000000 0 SECTION LOCAL DEFAULT 30
31: 0000000000000000 0 SECTION LOCAL DEFAULT 31
32: 0000000000000000 0 SECTION LOCAL DEFAULT 32
33: 0000000000000000 0 SECTION LOCAL DEFAULT 33
34: 0000000000000000 0 SECTION LOCAL DEFAULT 34
35: 000000000040064c 0 FUNC LOCAL DEFAULT 14 call_gmon_start
36: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
37: 0000000000600dd8 0 OBJECT LOCAL DEFAULT 19 __CTOR_LIST__
38: 0000000000600de8 0 OBJECT LOCAL DEFAULT 20 __DTOR_LIST__
39: 0000000000600df8 0 OBJECT LOCAL DEFAULT 21 __JCR_LIST__
40: 0000000000400670 0 FUNC LOCAL DEFAULT 14 __do_global_dtors_aux
41: 0000000000601030 1 OBJECT LOCAL DEFAULT 26 completed.7382
42: 0000000000601038 8 OBJECT LOCAL DEFAULT 26 dtor_idx.7384
43: 00000000004006e0 0 FUNC LOCAL DEFAULT 14 frame_dummy
44: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
45: 0000000000600de0 0 OBJECT LOCAL DEFAULT 19 __CTOR_END__
46: 0000000000400900 0 OBJECT LOCAL DEFAULT 18 __FRAME_END__
47: 0000000000600df8 0 OBJECT LOCAL DEFAULT 21 __JCR_END__
48: 0000000000400800 0 FUNC LOCAL DEFAULT 14 __do_global_ctors_aux
49: 0000000000000000 0 FILE LOCAL DEFAULT ABS main.c
50: 0000000000600fe8 0 OBJECT LOCAL HIDDEN 24 _GLOBAL_OFFSET_TABLE_
51: 0000000000600dd4 0 NOTYPE LOCAL HIDDEN 19 __init_array_end
52: 0000000000600dd4 0 NOTYPE LOCAL HIDDEN 19 __init_array_start
53: 0000000000600e00 0 OBJECT LOCAL HIDDEN 22 _DYNAMIC
54: 0000000000601020 0 NOTYPE WEAK DEFAULT 25 data_start
55: 0000000000000000 0 FUNC GLOBAL DEFAULT UND printf@@GLIBC_2.2.5
56: 0000000000400760 2 FUNC GLOBAL DEFAULT 14 __libc_csu_fini
57: 0000000000400620 0 FUNC GLOBAL DEFAULT 14 _start
58: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
59: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
60: 0000000000400838 0 FUNC GLOBAL DEFAULT 15 _fini
61: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_
62: 0000000000400848 4 OBJECT GLOBAL DEFAULT 16 _IO_stdin_used
63: 0000000000000000 0 FUNC GLOBAL DEFAULT UND test_so_call2 <--------------
64: 0000000000601020 0 NOTYPE GLOBAL DEFAULT 25 __data_start
65: 0000000000601028 0 OBJECT GLOBAL HIDDEN 25 __dso_handle
66: 0000000000600df0 0 OBJECT GLOBAL HIDDEN 20 __DTOR_END__
67: 0000000000400770 137 FUNC GLOBAL DEFAULT 14 __libc_csu_init
68: 0000000000601030 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
69: 0000000000000000 0 FUNC GLOBAL DEFAULT UND test_so_call <--------------
70: 0000000000601040 0 NOTYPE GLOBAL DEFAULT ABS _end
71: 0000000000601030 0 NOTYPE GLOBAL DEFAULT ABS _edata
72: 0000000000400704 84 FUNC GLOBAL DEFAULT 14 main
73: 00000000004005b0 0 FUNC GLOBAL DEFAULT 12 _init
-------------------------------实际调试执行情况----------------------------------------------
0x40070c mov esi,0x2
0x400711 mov edi,0x1
0x400716 mov eax,0x0
0x40071b call 0x400608 <test_so_call@plt>
x/10i 0x400608
0x400608 <test_so_call@plt>: jmp QWORD PTR [rip+0x200a0a] # 0x601018 <_GLOBAL_OFFSET_TABLE_+48>
0x40060e <test_so_call@plt+6>: push 0x3 <---GOT表第一次指向位置
0x400613 <test_so_call@plt+11>: jmp 0x4005c8
0x601018: 0e 06 40 00 00 00 00 00|00 00 00 00 00 00 00 00 -> 0x40060e
0x4005c8 = elf .plt section
0x4005c8: push QWORD PTR [rip+0x200a22] # 0x600ff0 <_GLOBAL_OFFSET_TABLE_+8> 0x7ffff7ffe128
0x4005ce: jmp QWORD PTR [rip+0x200a24] # 0x600ff8 <_GLOBAL_OFFSET_TABLE_+16> 0x7ffff7df2330
伪码如下:
PUSH GOT[1]
JMP GOT[2] -> rtld function
//.plt过程链接表
//GOT[0 1 2]
http://s.eresi-project.org/inc/articles/elf-rtld.txt
Q) I dont understand this Global Offset Table design !
Hehe, here it is :
- the first entry is the address of the .dynamic section for the object
- the second entry is the link_map pointer structure associated with the
actual ELF object .
- the third is the address of the runtime mapping function in LD.SO .
GOT[0]= the address of the .dynamic section
GOT[1]= struct link_map * 枚举模块基地址!!!
GOT[2]= LD.SO 动态加载函数 _dl_runtime_resolve
0x600ff0: 28 e1 ff f7 ff 7f 00 00 | 30 23 df f7 ff 7f 00 00
GOT[1]=0x7ffff7ffe128 GOT[2]=0x7ffff7df2330 = _dl_runtime_resolve
反汇编 0x7ffff7df2330 -->
0x7ffff7df2330: sub rsp,0x38
0x7ffff7df2334: mov QWORD PTR [rsp],rax
0x7ffff7df2338: mov QWORD PTR [rsp+0x8],rcx
0x7ffff7df233d: mov QWORD PTR [rsp+0x10],rdx
0x7ffff7df2342: mov QWORD PTR [rsp+0x18],rsi
0x7ffff7df2347: mov QWORD PTR [rsp+0x20],rdi
0x7ffff7df234c: mov QWORD PTR [rsp+0x28],r8
0x7ffff7df2351: mov QWORD PTR [rsp+0x30],r9
0x7ffff7df2356: mov rsi,QWORD PTR [rsp+0x40]
0x7ffff7df235b: mov rdi,QWORD PTR [rsp+0x38]
0x7ffff7df2360: call 0x7ffff7deb6e0
0x7ffff7df2365: mov r11,rax
0x7ffff7df2368: mov r9,QWORD PTR [rsp+0x30]
0x7ffff7df236d: mov r8,QWORD PTR [rsp+0x28]
0x7ffff7df2372: mov rdi,QWORD PTR [rsp+0x20]
0x7ffff7df2377: mov rsi,QWORD PTR [rsp+0x18]
0x7ffff7df237c: mov rdx,QWORD PTR [rsp+0x10]
0x7ffff7df2381: mov rcx,QWORD PTR [rsp+0x8]
0x7ffff7df2386: mov rax,QWORD PTR [rsp]
0x7ffff7df238a: add rsp,0x48
0x7ffff7df2330: sub rsp,0x38
0x7ffff7df2334: mov QWORD PTR [rsp],rax
0x7ffff7df2338: mov QWORD PTR [rsp+0x8],rcx
0x7ffff7df233d: mov QWORD PTR [rsp+0x10],rdx
0x7ffff7df2342: mov QWORD PTR [rsp+0x18],rsi
0x7ffff7df2347: mov QWORD PTR [rsp+0x20],rdi
0x7ffff7df234c: mov QWORD PTR [rsp+0x28],r8
0x7ffff7df2351: mov QWORD PTR [rsp+0x30],r9
0x7ffff7df2356: mov rsi,QWORD PTR [rsp+0x40]
0x7ffff7df235b: mov rdi,QWORD PTR [rsp+0x38]
0x7ffff7df2360: call 0x7ffff7deb6e0
0x7ffff7df2365: mov r11,rax
0x7ffff7df2368: mov r9,QWORD PTR [rsp+0x30]
0x7ffff7df236d: mov r8,QWORD PTR [rsp+0x28]
0x7ffff7df2372: mov rdi,QWORD PTR [rsp+0x20]
0x7ffff7df2377: mov rsi,QWORD PTR [rsp+0x18]
0x7ffff7df237c: mov rdx,QWORD PTR [rsp+0x10]
0x7ffff7df2381: mov rcx,QWORD PTR [rsp+0x8]
0x7ffff7df2386: mov rax,QWORD PTR [rsp]
0x7ffff7df238a: add rsp,0x48
0x7ffff7df238e: jmp r11
IDA64静态分析结果如下:
.text:0000000000400704 push rbp
.text:0000000000400705 mov rbp, rsp
.text:0000000000400708 sub rsp, 10h
.text:000000000040070C mov esi, 2
.text:0000000000400711 mov edi, 1
.text:0000000000400716 mov eax, 0
.text:000000000040071B call _test_so_call
.plt:00000000004005F8 _test_so_call2 proc near ; CODE XREF: main+45
.plt:00000000004005F8 jmp cs:off_601010
.plt:00000000004005F8 _test_so_call2 endp
.plt:00000000004005F8
.plt:00000000004005F8 ; ---------------------------------------------------------------------------
.plt:00000000004005FE dw ? 运行时 push 0x2 -> .rela.plt 符号表偏移
.plt:0000000000400600 dq ? jmp 0x4005c8
.plt:0000000000400608
.plt:0000000000400608 ; =============== S U B R O U T I N E =======================================
.plt:0000000000400608
.plt:0000000000400608 ; Attributes: thunk
.plt:0000000000400608
.plt:0000000000400608 _test_so_call proc near ; CODE XREF: main+17
.plt:0000000000400608 jmp cs:off_601018
.plt:0000000000400608 _test_so_call endp
.plt:0000000000400608
.plt:0000000000400608 ; ---------------------------------------------------------------------------
.plt:000000000040060E dw ? 运行时 push 0x3 -> .rela.plt 符号表偏移
.plt:0000000000400610 dq ? jmp 0x4005c8
.plt:0000000000400610 _plt ends
GOT = 0x600fe8
.got.plt:0000000000600FE8 _GLOBAL_OFFSET_TABLE_ db ? ; 保留0x18 = 24 = 8*3 GOT[0-2] 保留
.got.plt:0000000000600FE9 db ? ;
.got.plt:0000000000600FEA db ? ;
.got.plt:0000000000600FEB db ? ;
.got.plt:0000000000600FEC db ? ;
.got.plt:0000000000600FED db ? ;
.got.plt:0000000000600FEE db ? ;
.got.plt:0000000000600FEF db ? ;
.got.plt:0000000000600FF0 db ? ;
.got.plt:0000000000600FF1 db ? ;
.got.plt:0000000000600FF2 db ? ;
.got.plt:0000000000600FF3 db ? ;
.got.plt:0000000000600FF4 align 10h
.got.plt:0000000000601000 off_601000 dq offset printf ; DATA XREF: _printf
.got.plt:0000000000601008 off_601008 dq 601054h ; DATA XREF: .plt:___libc_start_main
.got.plt:0000000000601010 off_601010 dq 601048h ; DATA XREF: .plt:_test_so_call2
.got.plt:0000000000601018 off_601018 dq 60104Ch ; DATA XREF: .plt:_test_so_call
linux LAZY加载机制,一旦执行一次后,GOT地址指向实际函数地址
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
