CODEWITHSUNDEEP
elf
TheThirdOne
TheThirdOne

Reputation: 427

Format of 64 bit symbol table entry in ELF

So I am trying to learn about the ELF by taking a close look how everything relates and can't understand why the symbol table entries are the size they are.

When I run readelf -W -S tiny.o I get:

    Section Headers:
      [Nr] Name              Type            Address          Off    Size   ES Flg Lk Inf Al
      [ 0]                   NULL            0000000000000000 000000 000000 00      0   0  0
      [ 1] .bss              NOBITS          0000000000000000 000200 000001 00  WA  0   0  4
      [ 2] .text             PROGBITS        0000000000000000 000200 00002a 00  AX  0   0 16
      [ 3] .shstrtab         STRTAB          0000000000000000 000230 000031 00      0   0  1
      [ 4] .symtab           SYMTAB          0000000000000000 000270 000090 18      5   5  4
      [ 5] .strtab           STRTAB          0000000000000000 000300 000015 00      0   0  1
      [ 6] .rela.text        RELA            0000000000000000 000320 000030 18      4   2  4

Which shows the symbol table having 0x18 or 24 bytes per entry and a total size of (0x300-0x270) or 0x90 giving us 6 entries.

This matches with what readelf -W -s tiny.o says:

    Symbol table '.symtab' contains 6 entries:
       Num:    Value          Size Type    Bind   Vis      Ndx Name
         0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND 
         1: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS tiny.asm
         2: 0000000000000000     0 SECTION LOCAL  DEFAULT    1 
         3: 0000000000000000     0 SECTION LOCAL  DEFAULT    2 
         4: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT    1 str
         5: 0000000000000000     0 NOTYPE  GLOBAL DEFAULT    2 _start

So clearly the 24 bytes size is correct, but that would correspond to a 32 bit table entry as decribed in this 32 bit spec.

32 bit symbol entry

Given that I am on a 64 bit system and the ELF file is 64 bit I would expect the entry to be as decribed in this 64 bit spec.

64 bit symbol entry

Upon looking at a hex dump of the file, I found that the layout of the fields in the file seems to be according to this 64 bit pattern.

So then why is the ELF file seemingly using undersized symbol table entries despite using the 64 bit layout and being a 64 bit file?

Upvotes: 0

Views: 1118

Answers (1)

Employed Russian
Employed Russian

Reputation: 213799

So then why is the ELF file seemingly using undersized symbol table entries

What makes you believe they are undersized?

In Elf64_Sym, we have:

int    st_name
char   st_info
char   st_other
short  st_shndx
                <--- 8 bytes
long   st_value
                <--- 8 bytes
long   st_size
                <--- 8 bytes.

That's 24 bytes total, exactly as you'd expect.

To convince yourself that everything is in order, compile this program:

#include <elf.h>
#include <stdio.h>

int main()
{
  Elf64_Sym s64;
  Elf32_Sym s32;
  printf("%zu %zu\n", sizeof(s32), sizeof(s64));
  return 0;
}

Running it produces 16 24. You can also run it under GDB, and look at offsets of various fields, e.g.

(gdb) p (char*)&s64.st_value - (char*)&s64
$1 = 8
(gdb) p (char*)&s64.st_size - (char*)&s64
$2 = 16

Upvotes: 1

Related Questions