Linux内核无法以区的概念来识别可执行文件。内核使用包括连续页的VMA(virtual memory area)来识别进程。
在每个VMA中可能映射了一个或多个区。每个VMA代表一个ELF文件的段。
那么,内核如何知道哪个区属于某个VMA(段)?映射关系保存在Program Header Table(PHT)中readelf -S test
There are 30 section headers, starting at offset 0xa88:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .interp PROGBITS 0000000000400200 00000200
000000000000001c 0000000000000000 A 0 0 1
[ 2] .note.ABI-tag NOTE 000000000040021c 0000021c
0000000000000020 0000000000000000 A 0 0 4
[ 3] .note.gnu.build-i NOTE 000000000040023c 0000023c
0000000000000024 0000000000000000 A 0 0 4
[ 4] .gnu.hash GNU_HASH 0000000000400260 00000260
000000000000001c 0000000000000000 A 5 0 8
[ 5] .dynsym DYNSYM 0000000000400280 00000280
0000000000000078 0000000000000018 A 6 1 8
[ 6] .dynstr STRTAB 00000000004002f8 000002f8
0000000000000044 0000000000000000 A 0 0 1
[ 7] .gnu.version VERSYM 000000000040033c 0000033c
000000000000000a 0000000000000002 A 5 0 2
[ 8] .gnu.version_r VERNEED 0000000000400348 00000348
0000000000000020 0000000000000000 A 6 1 8
[ 9] .rela.dyn RELA 0000000000400368 00000368
0000000000000018 0000000000000018 A 5 0 8
[10] .rela.plt RELA 0000000000400380 00000380
0000000000000048 0000000000000018 A 5 12 8
[11] .init PROGBITS 00000000004003c8 000003c8
0000000000000018 0000000000000000 AX 0 0 4
[12] .plt PROGBITS 00000000004003e0 000003e0
0000000000000040 0000000000000010 AX 0 0 4
[13] .text PROGBITS 0000000000400420 00000420
0000000000000238 0000000000000000 AX 0 0 16
[14] .fini PROGBITS 0000000000400658 00000658
000000000000000e 0000000000000000 AX 0 0 4
[15] .rodata PROGBITS 0000000000400668 00000668
0000000000000053 0000000000000000 A 0 0 8
[16] .eh_frame_hdr PROGBITS 00000000004006bc 000006bc
0000000000000024 0000000000000000 A 0 0 4
[17] .eh_frame PROGBITS 00000000004006e0 000006e0
000000000000007c 0000000000000000 A 0 0 8
[18] .ctors PROGBITS 0000000000600760 00000760
0000000000000010 0000000000000000 WA 0 0 8
[19] .dtors PROGBITS 0000000000600770 00000770
0000000000000010 0000000000000000 WA 0 0 8
[20] .jcr PROGBITS 0000000000600780 00000780
0000000000000008 0000000000000000 WA 0 0 8
[21] .dynamic DYNAMIC 0000000000600788 00000788
0000000000000190 0000000000000010 WA 6 0 8
[22] .got PROGBITS 0000000000600918 00000918
0000000000000008 0000000000000008 WA 0 0 8
[23] .got.plt PROGBITS 0000000000600920 00000920
0000000000000030 0000000000000008 WA 0 0 8
[24] .data PROGBITS 0000000000600950 00000950
0000000000000008 0000000000000000 WA 0 0 4
[25] .bss NOBITS 0000000000600958 00000958
0000000000000018 0000000000000000 WA 0 0 8
[26] .comment PROGBITS 0000000000000000 00000958
000000000000002c 0000000000000001 MS 0 0 1
[27] .shstrtab STRTAB 0000000000000000 00000984
00000000000000fe 0000000000000000 0 0 1
[28] .symtab SYMTAB 0000000000000000 00001208
0000000000000648 0000000000000018 29 46 8
[29] .strtab STRTAB 0000000000000000 00001850
000000000000021e 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
.text区存储的是程序的代码(二进制指令),该区的标志为X表示可执行。
如上所示,段有多种类型,下面介绍LOAD类型
LOAD:该段的内容从可执行文件中获取。Offset标识内核从文件读取的位置。FileSiz标识读取多少字节。