How does ELF file format defines the stack?

Question

I'm studying the ELF file format, so I compiled a small program, dumped the section headers and their contents from the resulting executable.

The ELF header contains the entry point address, which points into start of the .text section.

I also found the .data section that contains the static data and .rodata that contains the read only data... I expect there is a section for the stack too, but I can't find that section.

I also expect that at some point ESP is set to the top of some section but I can't find anything like that in the disassembly.

So how does ESP gets its initial value?

Answer 1

The following figure describes the memory map of a typical C ELF executable on x86.

• The process loads the .text and .data sections at the base address.

• The main-stack is located just below and grows downwards.

• Each thread and function-call will have its own-stack / stack-frame.
  This is located located below the main-stack.

• Each stack is separated by a guard page to detect Stack-Overflow.

Hence one does NOT need a dedicated stack section in the ELF file.

---

However within the man pages for ELF, one does find a couple of things in an ELF file that control the stack attributes. Mainly the executable permissions to the stack in memory.

1. PT_GNU_STACK
   GNU extension which is used by the Linux kernel to control the state of the stack via the flags set in the p_flags member.

2. .note.GNU-stack
   This section is used in Linux object files for declaring stack attributes. This section is of type SHT_PROGBITS. The only attribute used is SHF_EXECINSTR. This indicates to the GNU linker that the object file requires an executable stack.